INSIDE A HACKER’S BRAIN
The standard hacker profile of a thrill-seeker who is drawn by the challenge of trying to get into closed systems no longer fits with reality. There’s a huge amount to gain these days from cyber criminality – and hackers can be anyone from bored teenagers, to criminal organizations… or entire nations that are directly or indirectly attacking other nations.
To understand the mindset of a hacker, you must first understand why they carry out their attacks. Often the reasons are obvious – the hacker is out to steal data or destroy a system. But sometimes it’s more complicated than that. For example, an attack against an organization may just be part of an overall strategy targeting another organization. Then there are the ideologically motivated hackers who are engaged in a kind of digital warfare aimed at those who don’t share their views.
Typically, hackers opt for the easiest route into a system – all it takes is for the attacker to detect a fault in the system or its connected environment. And if it’s a professional hacker we’re dealing with, they’ll most likely have both the time and the resources to find a way in.
Areas where the system receives data from outside, such as websites where users register, are the perfect weak spot for a hacker. The same applies to functions and services that are rarely used. Then there are, for example, alarms, heating and ventilation systems and other connected systems with user interfaces where security is low, because we’re barely aware of their existence.
So when you think about it, a hacker doesn’t really need to be all that clever when it comes to technology. Most of what you need to launch an attack can be found online. For example, Darknet, which is basically the internet’s black market.
Many hackers have homed in on social engineering, which is a method that exploits psychological factors in the people in an organization to get hold of the information required. Hacking people instead of computers at companies is often far simpler, because people like to be helpful.
But why would anyone want to hack you as an individual? Partly because it’s easy to make a quick buck if the attacker gets hold of your bank details. But ransomware is also quite common. This involves planting a programme in the victim’s computer, for example using a USB stick or by tricking the victim into clicking on a link in an email. The programme locks the computer and the attacker then demands a sum of money from the victim in order to unlock the computer.
Nowadays, DDoS attacks are also common, in which the attacker takes control of several computers, often standard home computers, and uses them to attack the real target, such as a website.
Another reason may be that they want to use your computer or mobile to attack your employer. Accessing an employee’s computer and then subsequently a company’s entire network is often much simpler than attacking the organization directly.
Feel free to add your thoughts on this subject in the comments field. Cyber threats can come in many different guises, which is partly why cyber security is so challenging and fascinating.