Editor’s note: Wired for Safety is a weekly column on cybersecurity and tech. Duane Dunston is an assistant professor of Cybersecurity and Networking at Champlain College. From 2001 to 2011, he worked in cybersecurity for NOAA. He holds BS and MS degrees from Pfeiffer College and is a first-year doctoral student at Northeastern University.
[W]hy do people hack?
What does someone want with my information?
So what someone can get to my email account or my bank account?
I don’t have anything on my computer that someone would want.
These are statements we hear all the time. But what does the term hacking actually mean? For the purposes of this discussion, the term “hacker” will be used to describe someone who is trying to do something malicious online.
Once you understand what motivates hackers, it is easier to accept why you need to protect your computer system — for the sake of the rest of the internet community — and why you should care if someone hacks your bank account, even if you have “nothing in there.” The short answer is: If hackers have information about you, they can transfer your money somewhere else — in your name.
Why does someone hack?
First two quick definitions:
Vulnerability
This is a weakness in a computer system or software program that allows someone to gain more access than they should or perform some action(s) that they weren’t authorized to perform. For example, if you leave your car door unlocked at night and you leave quarters in the side of the door, the unlocked door is the vulnerability.
Exploit
This is a method used to take advantage of a vulnerability. In the case of the unlocked door, someone can take advantage of that vulnerability by pulling the door handle to see if the door opens. Then they are free to rummage around your car.
People hack into computer systems for a few reasons:
Fun
Hacking is fun to some people. They want to try to gain access to someone’s computer just to see how “hacking” works. They may have learned about a vulnerability in a computer system or software program and test to see how the exploit works. Why? They are just curious and won’t do any damage to the system — though the exploit may cause damage, but that is not their intention. They may never do anything with data they are able to access or download and probably won’t do anything malicious. They accomplished their mission and they are out of the system and may never return.
Make a Point (aka Hacktivism)
Hacktivists have a social cause such as human rights violations or issues that they deem to be egregious and no one may be paying attention to their respective cause. They use hacking into systems or attempt to prevent access to a given website(s) in order to get their message across to as many people as possible. The most famous hacktivist these days is the group Anonymous and it has a long list of targets.
Malicious
This could encompass many possible motives. A hacker could have a vendetta against a friend, family member or organization and do something malicious such as log into an email account and delete email messages, send threatening email messages to someone else from the user’s account, hack into their bank account information, delete files and data from someone’s computer, etc. Malicious could also be a hacker that hacks into a banking system and threaten to contact the bank’s customers if they don’t give them money — virtual blackmail. A foreign government could try to hack into another government’s computer system to steal information (nation state attackers). If a hacker is being paid by a well-funded group or foreign government, more than likely, their methodology will be highly sophisticated and meticulous. These types of hackers will be experts in computer technologies and able to write code and new exploits on the fly, whereas someone who wants to hijack your email account does not need to have a strong cybersecurity background.
Opportunity
This is the big one. Hackers will gain access to a computer because of the opportunity it gives them, namely large amount of storage space and high-speed internet access. Think about this, between the hours of 8 a.m. and 5 p.m., where are a lot of people in the United States? School or work, right? That, or only a few people at home. In some foreign country, 8 a.m. in the United States is 8 p.m. in the evening for them. That’s plenty of time to play around with the high-speed internet of someone who will be at work for eight hours or more. Also, fast internet speeds allows multiple people to stream videos and movies, for example. That fast internet speed could allow the activities mentioned below to go unnoticed. Computers these days come with a large amount of storage and mostly goes unused. They can use that unused space to store illegal material on your computer. Opportunism is a major reason for the attacks mentioned below.
Host illegal software
Here it may be for personal use or for them to share with other hackers via IRC (Internet Relay Channel aka “chat channels”) and newsgroups. Not just hackers make use of this software; people who want software that they can’t afford also do. Programs like Adobe Photoshop that you’d normally have to pay for could be hosted on your computer systems.
Host exploit software
In this case an attacker will use a computer to host exploit software that can be automatically downloaded by other hackers to access if they hack into another computer system.
Basically, hackers will have a suite of tools for their dirty work. They may hack a dozen computers and leave that suite of tools on another hacked computer. Then, when they hack a computer, they download those tools to that computer. Why? They may want to gain further access into the computer they just hacked and they want to ensure their tools are always available. Storing those tools on multiple computers provides backup and redundancy for their nefarious activity.
Host adult or child pornography
Again, this could be for personal use or to allow others to have access to the images or movies.
Attack other computer systems
Another opportunistic attack. Hackers don’t want to get caught hacking. It could mean jail or prison time or fines. Hackers will often “daisy chain” or hack into multiple computers before getting to their target. By doing this, it is possible that their trails will be lost in one of the computers they hacked into. A hacker may daisy chain using computers around the world. An attacker could hack into a computer in South Africa, then Taiwan, then Iceland, and then gain access to a high-valued target computer system or network.
It is hoped, by the attacker, that some admin won’t know how to check the computer system to determine how the hacker got in or that someone didn’t even know they were in their computer system. One of the countries involved in the attack may choose not to participate in an investigation or simply reinstall the operating system.
Distributed Denial-of-Service (DDoS)
These attacks are performed by using hacked computer systems. A hacker will hack into hundreds of computer systems and upload zombie software. When the master gives the command, it will connect to each zombie and have it send a little bit of data to one or more servers. This may seem like it wouldn’t do anything, but when you have hundreds or thousands of computers trying to contact one site at a time, it could cause a DoS which is an availability attack. The “master” can be one computer and the zombies (the malicious code) are installed on a few dozen, few hundred, or a few thousand computer systems. Why do they do this? It is usually used to prevent legitimate people from gaining access to a website. For example, a DDoS could have a major financial impact on Amazon.com if it was attacked by a DDoS attack (which happened several years ago and made these attacks famous).
The above are some reasons why people hack and what they could do when their hacking is successful. Do you want your organization to be hosting child pornography or illegal software? How about your home computer? How about your grandma’s computer? What is outlined above are just examples of what someone could do. What is possible is only limited by the intentions of the attacker.
Who can be a hacker?
A hacker can be anyone. It could be a friend, family member, employee, angry customer, curious teenager, curious adult, a competitor, or someone from a rival company. Just as the enemy could be anyone, the method to attack or get at your information or assets is unlimited.
This can be done via publicly available services, paying an insider, pretending to be an employee or reporter, or chatting it up with a salesperson who will divulge information, or any other vector.
Terrorist groups, governments, organized crime groups and hate groups are also potential adversaries. These types of attackers and groups are funded to hire the best hackers and are more likely to not get caught.
Computer crime is not much different than other crimes. It is an easier and faster method to attack a target than trying to confront the target face to face. In general, a criminal that commits an armed robbery doesn’t want to get caught any more than a criminal who blackmails a bank out of $10 million or an identity theft that ruins one person’s credit or criminal history.
Understanding the motives behind hacking helps you to understand the types of attacks that are possible and it provides you with a potential “profile” of attackers targeting your computer systems. That way you can ensure you have the appropriate security controls in place to minimize the likelihood of hackers compromising your information assets.
