Cyber Crime:  A look into the mind of a Hacker

| << List all articles


Share it now!

 

It used to be that several months would go by without you hearing about a website being hacked.  Unfortunately today, it seems to be a weekly…sometimes even daily event.  More disconcerting is the fact that these nefarious actions have definitely begun to affect us here in Jamaica.

Who are these people and why are we being targeted?

In the early days hacking was typically the mischievous activities of a couple of guys working late into the night trying to break into vulnerable sites.  If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.  Today however things are a lot different.  Roger Grimes of Info World puts it like this.

When describing a typical hacking scenario, these days you must begin … with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, and cyber warfare gone amok.

Typically Hackers fall into two groups – (1) Hacktivists who are about promoting a social or political cause, and (2) hackers with a singular and malicious intent of stealing data for personal financial gain.

Hacktivists are operating all over the world, typically in many of the world’s conflict areas.   Some Hacktivists are even state sponsored.  It has been suggested that China-based hackers caused the demise of the once-huge Canadian company Nortel, which lost a large number of its corporate secrets through hacking emanating from China.  Another example of some notoriety, is the LulzSec Hacktivist group who some years ago successfully penetrated the US Senate website and released some “secure” information; they also brought down the CIA site for over two hours.  Bringing into more recent times, even the terrorist group ISIS has been under attack by the highly active Hacktivist group called  ‘Anonymous’, as a form of protest supporting freedom of speech in the wake of the Charlie Hebdo attack by ISIS in Paris.

On our home ground, you may have read where several Jamaica government websites were hacked last year and sites were defaced. But why would anyone want to attack the Jamaican government?  The truth is that the Jamaican government was a mere casualty in this spate of attacks; the offensive being a broad political statement against all governments.  The hackers simply targeted all domain names with .GOV ending.  There was no intention to steal data, but rather just to say “I did it”.

Other more sinister hackers, out for financial gain, are often heavily funded by organised crime.  With huge resources at their disposal, they are on the hunt for credit card information and often are involved in ransomware – i.e. where they encrypt your files and demand payment to release them.

A typical small business doesn’t have the time or resource to combat these attacks on their own, but do not be disheartened, you can win this fight! There are ways to protect your website or online business.  Just follow these 3 simple rules.

  • Don’t try to do it all yourself. The level of cyber-crime is increasing every day, and the truth is that you just can’t keep your fingers on everything.  Employ the services of a company with dedicated resources for this.
  • Get the best Layers of Security. With a robust backup and recovery system in place, even if your site is compromised, chances are that they will not be able to get to sensitive areas prior to alerts going off.  Enabling you to stop the intruders before they do too much harm.  Please don’t compromise on these layers of security:  
    • Tripe Firewall protection
    • 24/7 monitoring
    • Ongoing malware detection for newly discovered threats missed by anti-viruses
    • Blacklist and reputation monitoring
    • Daily backups for added protection
    • Periodic snapshots of your system files, so that you can easily pinpoint the breach, making it easier to fix
    • Visitor and threat Analytics

Update your site periodically. Contrary to what many believe, building a website is not an event, and as with the opening of any business channel should be maintained and updated periodically.  The reality is that like any other computer system, as time passes more ways to compromise the system will be discovered by those who are looking.  So you have to be as proactive as an attacker in order to be safe.

Do not wait.  Put these layers of security in place before it is too late.  If you need further guidance as to the best way to secure your site, one of our team members can be made available to you to guide you through the process.  It’s a lot easier than you think.

 

Sources:

“Hacktivism: good or evil?” by Dai Davis, ComputerWeekly.com, March 2014
“Anonymous ‘hacktivists’ attack ISIS – strike down terrorist propaganda and recruitment sites”, Olivia Solon, Mirror.co.uk, Feb 9, 2015.
“’Hacktivist’ group Anonymous says it will avenge Charlie Hebdo attacks by shutting down jihadist websites”, Keely Lockhart, The Telegraph (www.telegraph.co.uk), April 30, 2015.

Share it now!