Not all hackers have evil intentions of course, but those who do are growing ever more powerful. And don’t think you’re too unimportant
CYBERHACKS made big headlines in 2016, from attacking the US Democratic National Committee to Yahoo revealing that a million user accounts had been hacked into, and reports in Cyprus of local electronic shops being hacked and held to ransom.
With more and more of us in more danger than ever of having our devices hacked this year, it doesn’t hurt to learn more about the different type of hackers and how the process works.
Actually, according to Cypriot ethical hacker Aris Savva the word for the attackers is not cyberhacks, but cyber criminals.
“A hacker is someone who is passionate about programming,” he said. “It is because of the media misconception that people think that a hacker is someone bad. Media has linked hackers with a bad image when in fact a hacker is passionate about hacking. The correct term for someone who penetrates a system for malicious purposes is ‘cracker’.”
There is also a grey area, as there are black, white and grey hacks.
The black-hat hacks or crackers are the bad guys. A common attack uses system disruption, the purpose of which is to make a system or service unavailable. Black hacks try to take advantage of vulnerabilities in systems to gain access, then use the access for personal gain.
White-hat hackers like Savva, 27, who studied ethical hacking in the UK, try and secure networks or systems so they cannot be exploited. Usually they work to defend systems against the black hacks. However, because cybercrime is cheap, profitable and offers anonymity crackers by far outnumber those protecting systems.
A person who is not afraid to break the law when necessary is labelled a grey hacker. These hackers, according to Savva, don’t break the law for their own benefit but are ethical hackers who have a good purpose in mind and are not guided by malicious intentions.
There are applications for gaining unauthorised access to systems usually used by beginners.
“Advanced hackers don’t use applications to perform their attacks, they create them,” Savva explained. “That is because it is safer and you have more control over what’s happening.”
They rely on technology, but also on social engineering, initially using social skills and psychological manipulation of people causing them to divulge confidential information in order to gather as much information as possible. This scanning of the target is not a straightforward task and is usually achieved using a combination of social engineering and technical tools.
With the information gathered, attackers can guess passwords or credentials of users which will enable them to gain access to a network or devices.
The initial phase where the criminal gathers information is called reconnaissance in computer circles.
“It is one of the most important phases because based on this info they will prepare the attack,” Savva noted, “they will try to find out what operating system the target has, how updated the system is, what application it is running, what ports are open, if there is a firewall behind and so on.”
The next phase which is also the core phase in the hacking process is gaining access. There are nowadays many predefined tools to do this with the help of the information which has been gathered.
Having accessed the device, the attacker now needs to maintain it. A software is used to keep a ‘hole’ open in the system to guarantee the attacker will always be able to enter.
Crackers will remove evidence of their entry and use a back door or a Trojan to gain repeat access. And this is where it is not only scary, but actually causes damage.
They will use Trojan horses which in computer terms are a type of malware often disguised as legitimate software to transfer user names, passwords, and even credit card information stored on the system.
And if they cover their tracks, an easy thing for a good hacker to do, all this can be done without the risk of being detected.
Many people are not aware of how vulnerable they are and thus lay themselves open to attacks, for example by using obvious passwords like their dates of birth and others which are simply too short. With foresight, much can be done to protect a system starting with choosing a password which, Savva recommends “should have a mixture of lower and upper case characters, digits and starts with an unusual character. The length must be over 16 digits.”
Antivirus and firewalls are some help, as is updating the system, and refraining from uploading movies from the internet and opening attachments from emails without verifying where they come from.
Those who want to find out more about how to protect themselves from malicious hackers have plenty of advice to choose from which can be found on the internet, plus new ways to deter hackers are constantly being developed. A thing to watch for in 2017 is an increased use of biometric authentication, where heart rate is checked and eyes or fingerprints are scanned.
But those who want to find out more about how to hack into other people’s computers also have more tools at their disposal than ever. To start with, there is a plethora of free video courses on ‘how to’ for both beginners and experts online.
Should the average person be worried? People frequently argue that as they don’t have that much money in the bank, hacking criminals will not bother to target them and there is no need to be especially vigilant.
Unfortunately, in a world where hacking gets easier every day, this is the equivalent of leaving one’s wallet with money and credit cards on the kitchen table, along with an ID card and all personal and professional details, and then leaving the door of your house on a busy street wide open.