By E.J. Hilbert II, Managing Director Kroll Cyber EMEA
You slip into your favorite coffee shop to escape the afternoon weather, enjoy some java goodness and use the free Wi-Fi to catch up on the latest gossip site, sports page or conduct a little online shopping. To your dismay, you are not the only person sharing that thought and the place is packed. Young and old, professionals and hipsters, the place is heaving and everyone is on their computer, iPad or mobile device and connected to the web. Just as you find a place to sit, plug in and surf the web, the police come rushing in and arrest four of the patrons. All four are different – young, old, male, female, professional and casual. And all are hackers.
Nowadays, any person who uses a computer to commit a crime such as stalking, stealing personal data, launching a computer virus or reading someone else’s emails is labeled a “hacker”.
The term “hacker” was once used solely to describe individuals who could gain entry into a computer system to either alter the system or remove data from it. A hacker was technically savvy, driven by the challenge of gaining entry. Any theft was primarily to prove their exploit, a souvenir if you will. Hackers generally hack for 5 reasons:
- Curiosity or ‘just because’- let’s take it apart and see how it works
- Reputation – to prove to others they can do it
- To steal something of value- for profit or to build their reputation, or both
- To steal services – hack company A to then hack Company B and cover their tracks
- It’s their job – they are paid to be a Thief, Bug Finder, Penetration Tester, Cyber Warrior or Cyber Spy
In the late 90’s as e-commerce developed, the financially motivated “hacker” also emerged. Most financial crimes, up until then, involved being physically involved in the theft of money, or credit cards, etc. Suddenly, they could steal money online by taking credit card data, making online purchases, scheduling deliveries and then selling the goods back online.
The financially motivated “hackers” are thieves and fraudsters committing the same crimes they have always carried out, but now the data comes from a computer rather than a filing cabinet or a desk or a purse/wallet. In many cases, the person who steals the data is not the main perpetrator running the fraud scheme. Instead, they are selling the data or are part of an organized team of criminals involved in converting the data into cash or covering their tracks.
As for “hackers” who attack corporations to obtain confidential information and cause reputational damage, be they insiders or external, the key is gaining entry. Once inside, they can do as they please. Sometimes the “hack” is simply being given an account with more access than they need, like giving them a key that opens every office and filing cabinet in the building.
More appropriate terms for “hackers” might be cyber criminals or cyber spies or even cyber warriors, but the term “hackers” sounds dramatic and scary, therefore all criminals who use computers are called “hackers.”
Now putting semantics aside, how do you spot and stop hackers?
Put simply, you apply the same methods as you would when spotting and stopping “ordinary” thieves.
Hackers, no matter what their motivation, need one thing to fulfill their mission. They need access to their victims’ computers and data. They get access by tricking people into providing information via various means such as sending intriguing emails to entice employees into installing password stealing software on their computers.
Once the criminals gain access, their aim is to get what they want and get out without anyone noticing.
Companies need to know what information they have on their systems, who has access to it, who is accessing it and for what purpose. The concepts are data visibility, access control, monitoring and data lock-down.
Just as a company has security guards monitoring the parameter of a building, checking ID’s, logging who enters and leaves the building and watching security monitors, the same precautions should be taken for data.
If Mary Jane is logged in from her work computer and the same credentials are used to log in from an external location, a red flag should immediately appear.
If Joe Smith is uploading or downloading a large amount of data for the first time, those responsible for data security should be alerted.
When an issue is discovered, an effective response plan needs to be activated to minimize the damage.
Unfortunately “hackers” are very adept at blending in to their surroundings and are therefore extremely difficult to spot. The solution to the growing problem of cyber-crime is to have a robust detection and response plan in place so you’re always one step ahead.