Sponsored

The truth about hacking

Hackers aren’t what you see in the movies. Find out who they are, how they work and how you can stop them.

We've all seen hackers on TV and in the movies. Often misanthropic loners or members of teenage gangs, they use their elite skills to break into the systems of banks, governments or sinister organisations, using cool, visual tools to crack security systems and passwords. They might face some tough opposition, but they'll tackle every obstacle thrown in their way by, well, typing really fast. At the end of the mission, they'll retire to their secretive lairs in crumbling tenement blocks, munching pizza and drinking energy drinks from behind a bank of monitors, waiting for their next attack.

Advertisement - Article continues below

Needless to say, this isn't representative of who hackers are or what they do. A hacker can be anyone from a teenage kid hacking from a bedroom to a sixty-something coder who's been hacking since the mainframe days. Some hackers are loners or misanthropes, but others may be married or have a family and hold down steady jobs. They're not using slick 3D tools or clicking buttons with skulls on them, either, but working with the tools and environments that look very similar to those used by system administrators and developers every day. So, who are the hackers, and how do they actually work?

Advertisement
Advertisement - Article continues below

First of all, there are many different types of hackers. For one thing, a huge number of people who would call themselves hackers don't actually do anything negative. They like to analyse systems, devices and applications, trying to work out what makes them tick and whether they could be made to work better. They sometimes come up with great ideas. Others simply want to match their wits against a system or network's security and probe for vulnerabilities, often passing on what they find to the company responsible, either for free or for financial reward. Some companies even employ these white hat' hackers full-time, and a number have turned their skills into a successful penetration testing business.

The more malicious hackers - the ones who most of us think of when we think of hackers - are more correctly known as crackers', and even here there's plenty of variety. At the lowest level you have the script kiddies, using accessible tools and ready-made scripts to attack their targets, often just to vandalise a website or steal and disseminate information for fun. Beyond them you have the more skilled hackers, who may spend months or years penetrating a government or corporate network to steal sensitive or valuable data, or put their time into developing exploits, kits and malware that other hackers can use.

Advertisement - Article continues below

Some create or spread malware to attack as many computers or devices as possible, as noisily as possible to cause an attention-grabbing stink. The more dangerous ones take their time to infiltrate specific targets, looking to steal data over a period of years or disrupt an organisation's business at the worst possible time. Hackers might be motivated by financial interests, anti-corporate rage or political activism, while some just do it for the lulz' for laughs and bragging rights. Overall, though, there's a definite move to hacking as a way to earn cash. As the white hack hacker, Billy Rios, told CNBC in July 2016, "The means have always been there, but the motivations have changed, There's so much more data that people can take advantage of and monetise." 

Advertisement
Advertisement - Article continues below

What tends to bind them together is the way they communicate and organise. Hackers can and do congregate in public, at information security or hacking conventions such as the annual BlackHat conference, but they tend to get together through Internet groups and forums like the infamous 4Chan, with the more subversive or criminal element using IRC channels and forums on the Dark Web; the private, anonymous, underground Internet you won't find through a regular Google search.

Advertisement - Article continues below

Here hackers buy and sell tools and services, or associate in loose-knit collectives, ranging from small criminal gangs to anarchist collectives with thousands of members. The most famous of these collectives, like the politically-motivated Anonymous, will have some members who know little more than how to use a simple Distributed Denial of Service (DDoS) tool, and others capable of complex systems analysis and coding tools from scratch. Some collectives will have a defined leadership, while others will have little structure, though in practice the more expert and experienced hackers will define targets and approaches for the less expert and experienced to prioritise.

What, then, do all these hackers do? Well, the most basic hackers use terminal clients and pre-written scripts and tools, and tend to do the most damage when spreading malware or working en-masse. The serious hackers, however, tend to work in a more deliberate, highly-focused way. They'll have expertise in network, systems and application architecture and design. They'll know Bash scripting for Unix and Linux and PowerShell scripting for Windows machines. They may have skills in major application coding languages like C and Python, not to mention the languages Perl, PHP, Ruby and JavaScript used on the Web. They may also have in-depth knowledge of database management and database architecture, specifically SQL and MySQL.

Advertisement - Article continues below

Their tools terminal clients, network scanners, development environments won't look much different to those used by software developers or system administrators, while you can forget about all that frenzied typing; a lot of the tools used are fire and forget', bringing back reports on open ports and potential vulnerabilities, sometimes while the hacker pops out for lunch.

Advertisement
Advertisement - Article continues below

It's more how a hacker uses these tools that matters. Sometimes they'll start with a newly discovered vulnerability, scanning the Internet or trying to mass-penetrate corporate networks to find out if anyone's susceptible, and if they're worth attacking. In an increasing number of cases, though, they have a specific target in mind. Here the hacker might spend weeks or months analysing their target and their systems, probing for a weakness sloppy code, an unpatched server-side application, an open port that might give them a way in.

As part of this process, they may search for or use software to snoop out possible user credentials. While they can use brute force techniques to crack a password, they're more likely to use social engineering techniques and specifically email phishing to get what they need to get in. Last year's embarrassing, election-influencing hacks on the Democrat party machinery in the US involved exactly this kind of thing.

Advertisement - Article continues below

Sending malware through email or spreading it via an app or an infected USB stick can also be an option, enabling the hacker to log keypresses or capture screengrabs, or even audio and video from a webcam. Malware can also compromise core applications or infect devices at the firmware level, turning a PC, a server or a printer into a gateway onto the network. Last year's attack on the Bangladesh Bank and the crucial SWIFT transaction system involved a custom attack toolkit designed to hit the databases and applications used by SWIFT.

Once in, the hacker might just vandalise your systems or steal whatever data they can find, but the ones you really need to worry about are those that create a backdoor into your system they can exploit over the long term, eavesdropping on communications, sneakily transferring all your files. Compromised applications may be adding fraudulent transactions to real ones, or otherwise transferring money to a hacker-owned account. And these serious hackers aren't dumb; they're covering their tracks. These are the hackers who cause the security breaches their targets only find out about when a third-party often a customer points to some irregularity or concern. By that point, it's already much too late. 

Advertisement - Article continues below

Can organisations do anything to foil these hackers? In the past, the best approach focused on perimeter control, restricting access and effectively building walls high enough and moats wide enough to keep the hackers at bay. This approach no longer works, and in an era of cloud computing and agile working practices, might not even be desirable. Instead, we need to focus more on protecting our endpoints including all devices from printers to smartphones to PCs and on making our systems as resilient as possible, so that if they are attacked, they detect the attack quickly and shrug it off. It's this thinking that's behind HP's crucial advances in security, from SureStart firmware protection to solutions that secure authentication through tokens, biometric measures and smartphone apps.

The cold, hard truth? If a serious hacker wants into your network and has the required resources, it's very hard to keep them out, but you can control how much damage they can do and how quickly you can recover. And the more you make yourself a tougher target, the more likely it is that they'll go off in search of easier prey.

Find out how to keep hackers like The Wolf away from your data...

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/business-strategy/mergers-and-acquisitions/355117/hp-uses-cover-of-covid-19-to-shut-the-door-on
mergers and acquisitions

HP claims Xerox takeover would be "disastrous" during coronavirus crisis

26 Mar 2020
Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020