You’ve heard of hackers, but did you know that there are lots of different kinds? On the cybercriminal scale, some are more dangerous and malicious than others. If you’re not an expert on hackers and what they do, here’s a quick guide so you can move beyond the stereotype. Knowing what hackers do (and why) will help you to recognize the threats that they may pose to your business.
Let’s start with the hackers that are relatively small players and don’t pose a huge threat, and move on to the cybercriminals that cause a great deal of havoc.
Not all hackers are evil tech geniuses. Some are highly qualified cybersecurity experts, who are trained to think like cybercriminals and are employed by businesses to test the security of their computer systems.
Some hackers don’t deliberately set out to infiltrate other people’s computer networks. Everyone makes mistakes and sometimes people stumble across a website’s code or security. A curious person might want to check it out further and see where their discovery takes them. This may sound unlikely but it’s not as uncommon as it sounds. There’s been a lot of debate in the cybersecurity industry about whether this type of hacker should be prosecuted, if they report the vulnerability they’ve uncovered to the company concerned.
The unintentional hacker, who often isn’t setting out to cause harm, can unwittingly provide a service. If someone can get into a website, or a business network, without really trying too hard, that should be a major cybersecurity wakeup call. You might want to take legal action, but consider also that discovering a gap in security is actually a bonus for a business owner.
People get their thrills in different ways. For some people, hacking into a network is what gets them excited. The reward may only be bragging rights (even if the hacker can only brag about it to himself). There used to be a lot more hacking motivated by the thrill of it, but it has diminished now that people are aware of the potential legal consequences. Many people who’ve got the hacking bug have opted for legal options, such as modifying hardware over software, using kits like the Raspberry Pi to satisfy their curiosity.
This category of hacker is a mixed bag. The spammer uses adware, which is software that will ‘hijack’ your browsing and send you to another website, usually in the hope of getting you to buy something. It can be little more than an annoyance. Some well-known, respectable business have been known to use adware in their marketing, even though they can get fined by regulators if they’re caught.
Unfortunately, adware spamming isn’t always largely harmless. The tactics are the same as those used to launch ransomware and other malware cyberattacks. If you develop an adware problem it could mean that you’re vulnerable to other cyberthreats as well.
Some cybercrime isn’t directed at you and your business specifically. Botnets work by covertly utilizing your computing resources so they can be used to spread malware and commit cybercrimes. Specialized malware means that hackers can take over large numbers of otherwise unconnected computers and use them for other purposes. A well-known example of the botnet threat was exposed a few years ago, when this scam was used to interrupt the services of Dyn (a DNS provider), temporarily bringing down big sites like Facebook and Twitter.
Though botnet recruiters aren’t targeting you in a malicious attack, you’re still a victim, because your computing efficiency will be compromised and your productivity and security are at risk. There are ways you can protect yourself, including making sure that you have all the necessary security patches (and that they’re up-to-date) and that login credentials are changed regularly.
Political activism can be for noble ends, but what hacktivists do can be ignoble instead. Hacktivists have been known to use sabotage and blackmail in the service of their particular cause, and have managed to do serious harm to companies. Even if the intentions are good, hacktivism is not okay, and the law doesn’t excuse people on the grounds that their motives are purer than common online thieves.
There’s been a boom in the use of cryptocurrencies in recent years, and that has seen a parallel rise in allied hacking activities. Mining (which is not itself illegal, in most countries) is a way of earning cryptocurrency, such as Bitcoin, without actually buying it. (Technically, it means carrying out multiple transactions that are added to the blockchain.)
The thing about mining is that it required considerable computer power to operate on a rewarding scale. We’ve already mentioned botnets, where your computer resources are controlled for some external criminal purpose. Miners can do something similar to earn currency without having the considerable expense (hardware and utility costs) that mining requires. By infecting systems with the appropriate malware, your computer can work for them, so they can hash more cryptocurrency.
A lot of people tend to dismiss video games as a minor leisure activity but in fact it’s a multi-billion dollar industry, with a massive hardware infrastructure and many millions of devotees worldwide. No wonder some hackers have decided that it’s an industry worth targeting. They can steal in-game currency from other players or try to cause trouble for their rivals with their own DDoS (distributed denial of service) attacks. These work by flooding a site or server with internet traffic so that it’s overwhelmed and unable to function.
The internet has created an online gig economy. Whatever kind of professional you need, an internet search will usually find you someone who can help, whether it’s to tidy your garden, fix your car or look after your children. The same applies in the world of cybercrime.
Who needs a pro-cybercriminal? Customers are diverse. They might be a government agency looking for a hacker to get hold of sensitive intel or a business trying to interfere with the business operations of a rival. These cyber-mercenaries may use malware they’ve developed themselves, or stolen from elsewhere, to accomplish the task that the client wants. These are professional cybercriminals who know what they’re doing and therefore usually pose a very significant threat.
A great deal of cybercrime is just the old types of crime carried out in cyberspace. That includes common theft. Plain old robbery has found a new home on the internet. Instead of a highwayman stopping the stagecoach brandishing a gun and shouting ‘Stand and deliver’, there’s ransomware. Add in dating scams, data theft and a whole lot of other dishonesty and it’s the old criminal landscape restyled for online. The common denominator is that old reason for crime: simply using illegal means to get money or goods for nothing.
We mentioned above that professional hackers can be hired, and one of the things they can do is target a rival business. Corporate spying is a version of this. A hacker will target a business with a view to extracting anything that can assist their competitors. It’s not always commissioned by the rival companies themselves – corporate spies will steal whatever data and info they can and then offer it to businesses they think might be willing to pay for it. One small feel-good item to take away from this is that some businesses have been honourable enough to report these thefts instead of taking advantage.
You might be surprised at this, but hackers employed by governments to undermine other nations are perhaps the biggest threat of all. Apart from gathering intel, these hackers may actively work to weaken other nations and position themselves advantageously. You may remember the 2014 comedy, ‘The Interview’. Sony was hacked by objectors to the movie’s politics, presumably by the nation in question.
So ditch any stereotype of a hacker you may have and be aware of how diverse they are, so you can fine-tune your cybersecurity preparedness. Quikteks is here to help with cybersecurity issues and prevention of cybercrime that could cripple your business Contact our professionals at (973) 882-4644 if you’re looking for advice.