Sunday, May 17, 2020

Hazerdous Hacker Hacking

Welcome back ready, this is another CYBR 650 post.  This post comes a few weeks after we talked about cloud capabilities.  The two prior posts talked about hackers using the COVID-19 pandemic as a subject for phishing attempts as well as attacking video teleconferencing software.  These posts got me thinking, do you know why hackers hack?

tl:dr

This blog has been all about protecting your computer system from hackers.  But why are we worried about hackers?  Why do hackers hack?

What is a hacker?

Most famous hackers in history - Panda Security Mediacenter
According to dictionary.com, a computer hacker is simply someone that uses computers to gain unauthorized access to data.  That data could be anything from business information or personal documents on your hard drive.  Hackers wear one of three different colored hats, black, white, or grey.  Regardless of the type of hacker, their motivations vary based on the goals of the hack are.

Hacker Types

Hackers wear one of three different colored hats defining the initial motives behind their actions; black, white, or grey.  A black hat hacker is the kind we generally think of when we think of hackers, the bad guys.  Black hat hackers break into networks to steal, manipulate, or destroy data.  Thankfully, a balance exists in white hat hackers.  These hackers are also known as "ethical hackers."  The goal of the white hat hacker is to discover security vulnerabilities to strengthen a network.  In between the black and white hats are grey hat hackers.  These hackers begin with good intentions like white hats, but perform their actions without permission.  Once a vulnerability is found, they report it to the system owner with a demand for compensation.  If they don't get what they ask for, a grey hat hacker may exploit the vulnerability or sell the exploit to black hat hackers.(https://www.appknox.com/blog/why-do-hackers-hack)

Why Hackers Hack

Office Space What Would You Say You Do Here GIFs | Tenor

Even within the different categories, motivations can differ greatly based on the type of hacker.  For the most part, we are going to assume that these motivations are connected to the black hat hacker.

Criminals

Criminals are motivated by financial gain, fame (or infamy), revenge, or increasing their professional portfolio.  The targets of these motivations are numerous and all depend on the goal at the time.  The methods used include theft or denial of service.

Hacktivists

Hacktivists are motivated by an ideology.  Hacktivists feel that they have something to prove in relation to a political or social issue.  The actions they take are designed to persuade the hearts and minds of whomever sees their message.  The methods for hacktivism must be seen to be effective, so they generally include defacement of websites. 

Nation States

Nation states can use hacking to enhance their state of national security or to gain information as a means of control.  Nation states target other nations or dissidents that oppose the official national policy.  Nation states use teams with a variety of abilities categorized in groups called advanced persistent threats, or APTs.  More information of known APTs can be found here: https://attack.mitre.org/groups/

Terrorists

Terrorists use hacking techniques to instill fear in their targets.  To increase their audience, they usually choose high visibility targets.  Similar to hactivists, terrorists can use defacement tactics or destruction of their targets.

Insider Threats

Insider threats have a variety of motivations ranging from monetary gain, revenge, ideology, or stroking their own ego.  The target is usually their employer, but could be an organization that does business with their employer.  Methods can include theft or destruction of data.

Now that you know the different types of hackers and what motivates them, you should have a greater understanding of the potential threat.  This information doesn't necessarily help you to defend against hackers, but it does put you in their minds.  The understanding does help you look at your network differently and hopefully change tactics for defense.

No comments:

Post a Comment