Everything you need to know about hackers but were too afraid to ask

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.utsa.edu/today/2015/07/hackingexpertise.html

> From your personal laptop to Target’s databases, it seems that since the
digital age dawned cyber terrorists have been lurking just around the
corner. But who are these people? What are their methods? Why do they do
it? Nicole Beebe, the Melvin Lachman Distinguished Professor in
Entrepreneurship and associate professor of information systems and
cybersecurity in the UTSA College of Business, says it comes down to the
hard truth that information is power.

“Everything is digital,” Beebe said. “If you can get into people’s computer
systems, you have the keys to the kingdom.”

But just who are these people? According to Beebe, there are hacktivists,
essentially people committing civil disobedience to make a statement. Then
there are cyber terrorists, which are more closely defined as people
committing cyber crime as part of a political statement. Some hackers are
also participating in cyber warfare, which is cyber crime committed by one
nation against another.

“The biggest element is just good old fashioned criminals after money and
power,” Beebe said. “Criminals aren’t all dumb. Some of them are very
smart. Some criminals are quite smart, and when coupled with greed and
technical skill they can be quite a force to be reckoned with.”

Some hackers are extremely skilled, and can be traditionally educated or
self-taught. They can be working on their own account or they can be hired
by a larger entity.

“I like to think the folks who are educated have some kind of ethics
component and don’t use their powers for evil,” Beebe said.

Some cyber criminals aren’t particularly skilled in hacking at all and are
using exploitation tools acquired online that allow people to hack systems
by just pointing and clicking. Other tools require significant cyber
training. But either way, Beebe said, these tools are also useful to people
who aren’t committing cybercrime, and are just managing their computer
systems.

“It’s just like when you lock yourself out of your car,” Beebe said. “You
want the guy or gal who can come by and mechanically open the lock. That’s
a tool that can be used by good people or bad people to break into your
car. Should we regulate those tools out of existence? No. You punish the
behavior.”

The problem with prosecuting cyber crime in many cases is that in some
countries hacking isn’t illegal. Cyber investigators often times will
follow a digital trail and run into a country with no laws against hacking,
making it difficult to pursue the criminal’s trail. The solution, according
to Beebe, is greater cooperation between countries and the strengthening of
international laws against cyber crime.

“Cyber crimes, even when the trail starts and stops in the same country,
often result in digital crime scenes that span the globe. It has to be an
international effort, which is a huge challenge,” said the UTSA professor.
“We need to keep laws relevant and current, but often times by the time
they get through the legislative system the technology has changed. So you
have to have laws that are very broad. It’s very hard, but it can be done.”

Companies, in the meantime, have the challenge of protecting themselves
against cyber crime by keeping their operating systems up to date, running
virus scans and keeping employees aware of digital security risks.

An out-of-date operating system, like Window XP, is a huge risk as
Microsoft no longer issues security patches for it.

“It’s like leaving your front door open,” Beebe said.

Employees can unwittingly help hackers find a point of entry into their
company’s system by clicking on phishing links and unleashing malware,
usually as a result of lack of knowledge of what Beebe calls “good cyber
hygiene.”

“You’re only as strong as your weakest link,” she said. “It just takes one
user to click the wrong link.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!