The 6 Different Types of Hackers

The 6 Different Types of Hackers

It seems every week there is another data leak or major security breach on the news.  Who are these hackers responsible for these data leaks and why are they causing all these problems?  In this article, we will attempt to define the different types of hackers that have evolved and demystify the reasons behind their motivations.

What is a Hacker?

When we hear the word hacker, and we immediately think of a lonesome character in a dark room typing code, surrounded by monitors as they attempt to compromise a website or business. But that is not the full picture of what hacking truly is.  Some hackers do work alone, sequestered away in some dark basement.  But there are also well funded, highly organized groups who exploit security weaknesses in computer systems and networks to gain unauthorized access, steal data, or cause damage.

So, not all hackers are the same. Let’s explore the different types that exist, including the good ones.  Yes, there are good hackers out there!

Black Hat Hackers

Hacking for personal gain.

The most notorious type of hacker is known as a Black Hat.  They are malicious folk who break into computer systems and networks with the intent to gain control of systems, steal data, or commit cybercrimes. They often use advanced hacking techniques and tools to carry out their attacks. Black hat hackers can intentionally cause serious harm to individuals, businesses, and governments.  Their actions are illegal and punishable by law.

It’s important to note that online scammers typically are not hackers, although they do prey on unsuspecting users to try and steal their money or personal data.

White Hat Hackers

The good guys, keeping us secure.

Also known as ethical hackers, these individuals use their hacking skills for good. These are the good guys!  They work for companies or governments to find vulnerabilities in systems and networks before malicious hackers can exploit them. White hat hackers use the same techniques and tools black hat hackers but with the goal of improving cybersecurity and preventing cyberattacks.

Some white hat hackers begin their journey as black hat hackers.  At some point, they switch over to creating solutions instead of causing problems. Sometimes they are caught during their black hat days and recruited after some reform has taken place.  Some companies pay big bucks to identify and eliminate bugs in their software, which can be a big draw for people with a hacking skill set.

Grey Hat Hackers

Hackers for hire.

These hackers don’t have a specific agenda, and they often operate in a gray area between black and white hat hacking. They may use their skills to identify vulnerabilities in computer systems and networks and then alert the owners of these systems. However, they may also demand payment or other benefits in exchange for their services, which may be illegal.

Script Kiddies

In it for the thrill!

These hackers are often young and inexperienced, and they use pre-written scripts or tools to carry out their attacks. By using prewritten scripts, they are essentially training themselves to conduct more complicated attacks.  Typically, they do not have a specific agenda, and their attacks are often random and aimless. However, they can still cause damage to computer systems and networks, and their actions are illegal.

Hacktivists

In it for the cause!

Hacktivists are political or social activists who use hacking to promote their causes. They may target government websites, corporate websites, or other high-profile targets to raise awareness about their issues. Hacktivists can sometimes use illegal methods to achieve their goals, and their actions can have serious consequences.  Hacktivists always have a specific purpose behind their actions, and usually do not intentionally harm the average user.

State-Sponsored Hackers

Purveyors of digital espionage and wagers of cyber warfare.

These are hackers who are sponsored by governments to carry out cyber espionage or cyber warfare. They are typically highly organized and well-funded, conducting their business on behalf of their country or sponsoring organization.  Their attacks can be highly sophisticated and can target critical infrastructure, businesses, or other countries. State-sponsored hackers can cause significant damage, and their actions can lead to diplomatic tensions, and even military conflicts.  State-Sponsored hackers typically do not target the average user, although they might incidentally cause harm to users with their efforts.

In conclusion

Understanding cybersecurity includes understanding the different types of hackers and how their actions affect us individuals and our businesses.  As discussed, there are many different types of hackers, and their motivations and actions vary widely between them. While some hackers use their skills for malicious purposes, others use them for good.  Although major attacks do affect us all, unless you are a high-profile person, the chances of a targeted hack against you are pretty rare.  Hackers are more likely to go after bigger targets, such as companies and corporations, simply because the rewards are larger.

As these kinds of attacks become more prevalent in today’s world, be sure to change your passwords regularly.  Use 2 factor authentication and biometric login wherever possible.  Don’t store credit card information online and close any online or shopping accounts that you don’t use anymore to reduce your online footprint and potential attack surface.

Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised.  If you are unsure if you have been victim of cybercrime, contact us and we can help you understand your options.  Call us at (912)-216-4050 if you are interested in using our cybersecurity protection services for your business.

 

 

The Troubles of Delayed Maintenance – An I.T. Horror Story

The Troubles of Delayed Maintenance – An I.T. Horror Story

We are celebrating spooky season with a horror story of IT done wrong, a cautionary tale warning about the perils involved when a company does not consider their IT infrastructure a priority.  Hear the tale of a company that decided to do business without a Managed IT Service Plan in place.

It is no secret that Allegiance Technology Solutions is a Managed IT Service Provider.  For those unfamiliar with that term, Managed IT Service refers to outsourcing your IT support and maintenance, rather than hiring internal IT employees.  Depending on the size of your business, Managed IT Service plans provide a cost-efficient technology support system that makes sense from a financial standpoint.  With a good Managed IT Service Provider, you can have peace of mind that the technology your employees rely on will be supported and maintained, so you can focus on growing your business.

However, there are companies out there that can’t justify the monthly overhead costs associated with a Managed Service Plan.  They believe they can’t afford the monthly cost, or they don’t see the value or benefits of having a Managed Service Plan in place.  So they put off such things as required maintenance or scheduled updates.  Although a company can ride for some time without proper maintenance, eventually their luck will catch up with them, and problems occur.  A mission critical application crashes, or hardware starts to fail.  Eventually, something is going to fail.  And it usually happens at the worst time possible, right when you need it to work the most!

The Case of the Reluctant Accountant

Case in point: XYZ Accounting Services, a fictitious name for a real Certified Public Accountant company, recently experienced such a problem.  XYZ prepares taxes for many clients, and heavily relies on a specific application to process, record and file tax documentation on behalf of their clients.  The application was running on a very old server running Microsoft Windows Server 2012.

Yeah, the Windows Server version that was based on the horrid, unbeloved Microsoft Windows 8.  Shivers!

Microsoft Windows Server 2012 without a Managed IT Service Plan

Remember this interface?  The one that Microsoft wants us to forget?

XYZ had contracted our services many times over the years to fix one-off technical problems, choosing to pay our emergency support rate rather than agree to a monthly contract.  Despite several conversations about the benefits of a Managed IT Service contract, XYZ stubbornly refused our monthly service, thinking it was cheaper to pay the emergency fee on an as needed basis.

On a recent emergency support call, it was discovered that the hard drives in their aging server were starting to fail.  After several hours of work, we set up a band-aid solution for them so they could continue to work.  We warned the head of XYZ Accounting Services that their server was beginning to fail, data might become corrupted, and the hardware needed to be replaced ASAP.  He asked for a quote to replace the server.

After receiving the quote, XYZ decided the cost was going to be too much to handle.  And the aging server continued to limp along.  Until one day, a few months later, it could limp no more.

Again, Allegiance Technology Solutions was called upon to provide emergency support.  But the server had served its last record.  It had computed its last calculation.  It was time to release that old server to the great junkyard in the sky.

The server had to be replaced, there was no band-aid solution that was going to work this time.  After lengthy discussions, and a quick turnaround from our support team, a new server was being built while the data from the old server was being recovered.  And a new Managed IT Service contract with Allegiance Technology Solutions was born.

Finally, the new server was in place.  The application was installed and the data had been restored.  But after working for a few days, XYZ employees realized that not all of the data they were expecting to see was there.

Duh! Duh Duhhhhh!

Gasp!  Our horrors were confirmed!  The data was corrupted!

Our team went back to work, doing a deep scan of the failing hard drives.  We were able to use advanced data recovery tools on a Linux computer to recover more data, which was eventually restored to the new server.  XYZ was finally back up and running!  And they will be able to run for many years with a new maintenance agreement in place.

If Only…

If only XYZ Accounting Services had chosen to use us as their Managed IT Service Provider BEFORE there was a problem.  We would have had daily backups ready to restore their data.  We would have performed proactive hardware and software maintenance, increasing the reliability and longevity of the system.  We would have been able to advise XYZ about upcoming hardware replacements way before there was a failure.  And their emergency and weeks of downtime would have been completely avoided.

Life After Death

We are happy to say that XYZ is now a Managed IT Service client.  XYZ has learned a valuable lesson in technology maintenance, that it is something that should not be ignored.  Now their emergencies are no longer emergencies, as they have the service and expertise of Allegiance Technology Solutions just a phone call away.

Now, XYZ’s computers are protected by world-class antivirus software.  Server data is now being backed up daily.  We have remote access tools installed in case their staff needs quick access to tech support.  We have 24-hour security monitoring in place to alert us of security issues and real-time server health.    And now they have a proper network with professionally installed Ethernet cabling, enterprise class wi-fi access points, and internet protected by industry standard firewalls.

What About Your Business?

If you own a business and are interested in protecting your technology assets, increasing security, or just want to avoid a catastrophe like the one above, contact us today and we can discuss a Managed Service Plan that fits your business needs.  Until then, stay safe out there!

 

 

 

How to Avoid Wrong Number Scams

How to Avoid Wrong Number Scams

“Hi!”

Have you received random text messages from numbers that you don’t know?  Sometimes, they just say “Hi”, or they appear to be for someone else and mistakenly sent to you.  Either way, they look like the come from real phone numbers.  Is it safe to respond to these messages, or are these a scam?

Most likely these text messages are a scam, not just a chatty Kathy trying to make friends.  Sometimes these messages just start out with a mysterious “Hi”.  The scammer is hoping the person on the other end will be intrigued enough to respond.  If they get a response, they now know they have reached a working number, and will likely call or text you more in the future.

Identifying potential scams

Some scammers use messages that seem like they are intended for someone else.  They might say something like, “Hi, Mike. I had a great time at dinner last night”, or “Hi Susan, I really enjoyed our lunch meeting yesterday”.

Many people respond out of kindness, letting the person know that they have the wrong number.  What they don’t realize is that is exactly what the scammer wants.  At first, they may sound friendly or apologetic, maybe even try to start up a conversation.  But eventually the scammer will send a link to a malicious website or ask for money as part of a bigger con.

If you are unsure whether a wrong number message is a scam, proceed with caution.  The scammer may send messages for days or weeks before doing anything suspicious, or they may use seemingly harmless techniques, such as sending a link to a cool product to check out.  However, this could be a link to a malicious website or to their landing page.  If this is the case, any personal information or credit card numbers entered on the website will be available to the scammer.

How to avoid wrong number scams

Here are some best practices to avoid falling for text message scams like this one.

  • Avoid responding to unsolicited text messages from unknown numbers, even if they seem harmless.
  • Don’t click on links sent in text messages, even if the person seems friendly or has been messaging you for weeks.
  • Type in any links to a site directly into your browser instead of clicking provided links in text messages or emails.  Links can be made to appear to go to one site, while routing you to another site.  They may even go so far as to create a fake site that looks like the real site.
  • Always double-check site URLs before attempting to log in or enter in personal information.
  • Check what options your mobile phone has for blocking and reporting suspicious senders.  Here are some instructions for iPhone (iOS) and Android.

It is important not to let your guard down, as these are tactics commonly used by scammers.  Remember, these scammers can be tricky.  If you find yourself unsure about the legitimacy of a text message, it is best not to respond.​

If you are ever unsure if you have been the target of a scam, you can talk to one of our technicians at our storefront in Pembroke, GA.  We are open from 8am to 5pm, Monday through Friday, closed for holidays.  We normally service Savannah, GA and the surrounding areas, such as Skidaway IslandTybee IslandStatesboroPoolerRichmond Hill and Hilton Head SC.  If you are located outside of the Greater Savannah area, we are always open to working with clients from in any area if the partnership makes sense.  if you are concerned about the security of your online information, we offer a service to scan the Dark Web for our business clients.

 

 

How Does the Dark Web Impact Small Businesses?

How Does the Dark Web Impact Small Businesses?

Identity theft is an unfortunate occurrence that is all too familiar with most business owners, but do those individuals know where the compromised data will end up? Often, these business owners are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the “Dark Web”.  An article on Lexology explores what the Dark Web is, what information is available for purchase there and how it impacts small businesses.

What is the Dark Web?

The Dark Web, which is not accessible through traditional search engines is often associated with a place used for illegal criminal activity. While cybercriminals tend to use the Dark Web as a place to buy and sell stolen information, there are also sites within it that do not engage in criminal activity. For many, the most appealing aspect of the Dark Web is its anonymity.  Our previous article, Shining Light on the Dark Web describes this little-known section of the internet in greater detail.

What is for sale on the Dark Web?

Information sold on the Dark Web varies, and includes items such as stolen credit cards, stolen account information from financial institutions, forged real-estate documents, stolen credentials and compromised medical records. Even more alarming, the Dark Web contains subcategories allowing a criminal to search for a specific brand of credit card as well a specific location associated with that card. Not only can these criminals find individual stolen items on the Dark Web, but in some cases, entire “wallets” of compromised information are available for purchase, containing items such as a driver’s license, social security number, birth certificate and credit card information.

What is stolen personal information used for?

When stolen information is obtained by criminals, it can be used for countless activities like securing credit, mortgages, loans and tax refunds. It is also possible that a criminal could create a “synthetic identity” using stolen information and combining it with fictitious information, thus creating a new, difficult to discover identity.

Why are stolen credentials so valuable?

Stolen user names and passwords are becoming increasing popular among cybercriminals, but why? Identity thieves will often hire “account checkers” who take stolen credentials and attempt to break into various accounts across the web using those user names and passwords. The idea here is that many individuals have poor password practices and are using the same user name and password across various accounts, including business account such as banking and eCommerce. If the “account checker” is successful, the identity thief suddenly has access to multiple accounts, in some cases allowing them the opportunity to open additional accounts across financial and other services. 

Why should small businesses be concerned about the Dark Web?

Since the Dark Web is a marketplace for stolen data, most personal information stolen from small businesses will end up there, creating major cause for concern. With the media so often publicizing large-scale corporate data breaches, small businesses often think they are not a target for cybercriminals, however that is not the case. Cybercriminals are far less concerned about the size of a business than they are with how vulnerable their target is. Small businesses often lack resources to effectively mitigate the risks of a cyberattack, making them a prime target for identity theft as well as other cybercrimes.

At a recent Federal Trade Commission (FTC) conference, privacy specialists noted that information available for purchase on the Dark Web was up to twenty times more likely to come from a company who suffered a data breach that was not reported to the media. The FTC also announced at the conference that the majority of breaches investigated by the U.S. Secret Service involved small businesses rather than large corporations.

How can you reduce the risk for your small business?

To reduce the risks of a cybercriminal gaining access to your company’s information or network, you must ensure you have proper security measures in place. The FTC has a webpage that can assist with security options for businesses of any size.  In addition, it is crucial that your employees are properly trained on security, including appropriate password practices.

Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised.  There is minimal effort needed to protect your business when you partner with us.  We will automatically monitor for your organization’s email domain on the Dark Web. If we find anything floating around out there, you can rest assured that you will be notified, and we will be there to help protect your personal and company data.  When it comes to the security of your company data, we want to provide you peace of mind so you can focus on other areas of your business.

Shining Light on the Dark Web

Shining Light on the Dark Web

What is the Dark Web?

By now, you may have heard of the Dark Web.  Perhaps it was featured on a news broadcast or it came up during a conversation with your techie friends. The Dark Web refers to the infamous private corners of the internet that are only accessible through special software that mask your IP address. On the Dark Web, you can do just about anything, from joining a book club to hiring an assassin. Maybe you want to play a chess match online? Yes, you can do that! Looking to purchase stolen credit card information? You’re in the right place!

 

What makes the Dark Web so… dark? After all, there is much more to it than illegal activity, much like the activities you could engage in on the public internet.

The Dark Web gets its fame for a few good reasons: anonymity and privacy. While innocent activity does occur on the Dark Web, its notoriety comes from the crime that occurs there.

Criminal Activities

Cybercriminals access the Dark Web routinely. In fact, many rely on the Dark Web to obtain the info they require to carry out their crimes. Cybercriminals also come to the Dark Web to sell or exploit the information they have already compromised. Which brings us to the real problem: Cybercriminals are buying and selling stolen data to carry out a plethora of crimes.

For those of us who understand how to protect their identity online, we may feel confident that we’re doing everything properly to prevent our data from ending up in the wrong hands.  But how do we know with certainty that we’re safe? There’s only one true way to find out: A Dark Web scan.

What Is a Dark Web Scan?

Simply put, a Dark Web scan searches for breaches and compromised credentials for your online accounts.  This type of scan can help identify if your email address has been involved in any data breaches and what information was compromised in that breach.

The value of performing a Dark Web scan is undeniable. Uncovering that you’ve been involved in a breach allows you to take steps to ensure that your compromised data isn’t used against you or on your unauthorized behalf. Although it is impossible to recover your stolen data once it hits the Dark Web, there are actions that you can and should perform following the discovery.

If you are interested in seeing if your accounts have been compromised, contact us so that we can perform a one-time Cybersecurity Risk Assessment for your business.  Not only will we perform a Dark Web scan, we will also survey your business environment, compile the data and present you with a report of issues found. Keep in mind that 24-7 Cybersecurity Monitoring services are included in our standard IT Managed Service plans.

Your Data Is found on the Dark Web – Now What?

If you discover that your data is available online, what should you do to protect yourself?  Change your passwords immediately following news of a data breach for any sites and services that you use. Once a breach is identified, changing your password on that account and any other account you may have reused that password on is critical.

Moving forward, passwords should never be reused across accounts. All passwords should be complex, difficult to guess and reasonably long. You may want to consider a few options:

  • Create a passphrase, which many consider best practice.  A passphrase is a series of words that may make no sense as a sentence, but will be harder for cybercriminals to crack due to its length.  Passphrases are much easier to remember than a series of random letters, numbers and symbols.  Here is an example passphrase to help you visualize the idea: Water-Orange-Telephone.
  • Remembering several difficult to guess passwords is no easy feat. A password manager is highly recommended for added security and convenience. This will allow you to store all your passwords in one place, requiring you to remember only one strong, difficult password.
  • Two-factor authentication is also a great added security feature to confirm your identity. 2FA, also known as MFA or Multi-factor authentication, will require a second form of identification aside from your password to gain access to your accounts.  This might come from a code sent as a text message to your phone or email, or in a dedicated authentication app.  If you decide to use an authentication app, use one from a trusted service provider, such as Microsoft Authenticator or Google Authenticator.

A One-Time Scan Will Not Protect You

A Dark Web scan can help you identify current risks and data breaches you have already been involved in, but what happens next? Maybe you were involved in multiple data breaches. You found what data was compromised and you changed your passwords as a follow-up. Does that mean you won’t be involved in another data breach next week? Or perhaps you were already involved in another data breach that has not yet been brought to light. If you don’t continuously search the Dark Web, you are putting yourself at risk of the unknown. The next time your data is compromised, it may go unnoticed or unused for days, months, or even years.  If you aren’t constantly monitoring, you are potentially leaving your data up for grabs for cybercriminals to use at their leisure.

Dark Web Monitoring – The Protection You Need

Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised.  There is minimal effort needed to protect your business when you partner with us.  We will automatically monitor for your organization’s email domain on the Dark Web. If we find anything floating around out there, you can rest assured that you will be notified, and we will be there to help protect your personal and company data.  When it comes to the security of your company data, we want to provide you peace of mind so you can focus on other areas of your business.

Cybercriminals are relentless and show no signs of slowing down. They will continue to wreak havoc on every industry where they can profit. Much like cybercriminals, the Dark Web is not going away either. Remember, after all, it’s a place where you can innocently join a literature club, or you know, steal someone’s entire identity.​