It seems every week there is another data leak or major security breach on the news. Who are these hackers responsible for these data leaks and why are they causing all these problems? In this article, we will attempt to define the different types of hackers that have evolved and demystify the reasons behind their motivations.
What is a Hacker?
When we hear the word hacker, and we immediately think of a lonesome character in a dark room typing code, surrounded by monitors as they attempt to compromise a website or business. But that is not the full picture of what hacking truly is. Some hackers do work alone, sequestered away in some dark basement. But there are also well funded, highly organized groups who exploit security weaknesses in computer systems and networks to gain unauthorized access, steal data, or cause damage.
So, not all hackers are the same. Let’s explore the different types that exist, including the good ones. Yes, there are good hackers out there!
Black Hat Hackers
Hacking for personal gain.
The most notorious type of hacker is known as a Black Hat. They are malicious folk who break into computer systems and networks with the intent to gain control of systems, steal data, or commit cybercrimes. They often use advanced hacking techniques and tools to carry out their attacks. Black hat hackers can intentionally cause serious harm to individuals, businesses, and governments. Their actions are illegal and punishable by law.
It’s important to note that online scammers typically are not hackers, although they do prey on unsuspecting users to try and steal their money or personal data.
White Hat Hackers
The good guys, keeping us secure.
Also known as ethical hackers, these individuals use their hacking skills for good. These are the good guys! They work for companies or governments to find vulnerabilities in systems and networks before malicious hackers can exploit them. White hat hackers use the same techniques and tools black hat hackers but with the goal of improving cybersecurity and preventing cyberattacks.
Some white hat hackers begin their journey as black hat hackers. At some point, they switch over to creating solutions instead of causing problems. Sometimes they are caught during their black hat days and recruited after some reform has taken place. Some companies pay big bucks to identify and eliminate bugs in their software, which can be a big draw for people with a hacking skill set.
Grey Hat Hackers
Hackers for hire.
These hackers don’t have a specific agenda, and they often operate in a gray area between black and white hat hacking. They may use their skills to identify vulnerabilities in computer systems and networks and then alert the owners of these systems. However, they may also demand payment or other benefits in exchange for their services, which may be illegal.
In it for the thrill!
These hackers are often young and inexperienced, and they use pre-written scripts or tools to carry out their attacks. By using prewritten scripts, they are essentially training themselves to conduct more complicated attacks. Typically, they do not have a specific agenda, and their attacks are often random and aimless. However, they can still cause damage to computer systems and networks, and their actions are illegal.
In it for the cause!
Hacktivists are political or social activists who use hacking to promote their causes. They may target government websites, corporate websites, or other high-profile targets to raise awareness about their issues. Hacktivists can sometimes use illegal methods to achieve their goals, and their actions can have serious consequences. Hacktivists always have a specific purpose behind their actions, and usually do not intentionally harm the average user.
Purveyors of digital espionage and wagers of cyber warfare.
These are hackers who are sponsored by governments to carry out cyber espionage or cyber warfare. They are typically highly organized and well-funded, conducting their business on behalf of their country or sponsoring organization. Their attacks can be highly sophisticated and can target critical infrastructure, businesses, or other countries. State-sponsored hackers can cause significant damage, and their actions can lead to diplomatic tensions, and even military conflicts. State-Sponsored hackers typically do not target the average user, although they might incidentally cause harm to users with their efforts.
Understanding cybersecurity includes understanding the different types of hackers and how their actions affect us individuals and our businesses. As discussed, there are many different types of hackers, and their motivations and actions vary widely between them. While some hackers use their skills for malicious purposes, others use them for good. Although major attacks do affect us all, unless you are a high-profile person, the chances of a targeted hack against you are pretty rare. Hackers are more likely to go after bigger targets, such as companies and corporations, simply because the rewards are larger.
As these kinds of attacks become more prevalent in today’s world, be sure to change your passwords regularly. Use 2 factor authentication and biometric login wherever possible. Don’t store credit card information online and close any online or shopping accounts that you don’t use anymore to reduce your online footprint and potential attack surface.
Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised. If you are unsure if you have been victim of cybercrime, contact us and we can help you understand your options. Call us at (912)-216-4050 if you are interested in using our cybersecurity protection services for your business.
In our continuing series on cybersecurity issues, we discuss the fragility of relying solely on passwords to protect our identity and our data online. We will peel back the curtain and show you some different methods used by hackers. We will also discuss some simple methods you can employ to keep your personal information protected.
How hackers crack passwords
Passwords are used for pretty much every service we use online today. From our bank accounts to our Facebook profiles, passwords are just a first step in securing your data. Hackers can use a variety of methods to “crack” or obtain passwords. Once they have your login credentials, they can quickly do damage to your finances, impersonate you online, or simply sell those passwords on the Dark Web. Knowing how these hackers obtain passwords will help you defend against their malicious attacks, keeping your online identity safer.
Brute Force Attack: This method uses computers to try every possible combination of letters, numbers and symbols against a login system. From 000000 to zzzzzz and beyond, trying this method will eventually yield a working password. However, it may take a long time to find the password. The longer the password, the longer it takes to crack. This graphic from BitWarden illustrates the time it takes to crack a password nicely. As we can see from the graphic, a 7-character password takes mere minutes to crack, while a 15-character password can take centuries to crack:
Dictionary Attack: This type of attack is similar to a Brute Force Attack, except instead of constantly generating passwords, it tries a list of words in a dictionary. That dictionary can be a standard dictionary or it can be customized list of words to increase efficiency.
Rainbow Attack: This attack uses precomputed tables of hashed passwords to speed up the cracking process.
Malware Retrieval: This type of attack infects the user’s device with malicious software designed to steal password data from a computer or network and send it somewhere the hacker can retrieve it later.
Social Engineering: Although we tend to think of hackers sitting in some dark room in front of a computer, hackers can be out in public looking for opportunities to gain access to secure areas. They may study a target for weeks or months, developing solid strategies while learning people’s schedules. Once they successfully enter the secure area, they look for obvious places where people write down and store passwords, such as notebooks stored in desk drawers, and sticky notes stuck to the back of user’s keyboards.
Phishing Phone Calls: In this method, the hacker calls the user or has the user call a phone number. Posing as a technician or agent from a legitimate business, they try to trick the person into giving them their password, payment info or other identifying information. Sometimes this is teamed up with a malicious browser popup claiming that the computer is infected and needs to be fixed by a computer technician on standby at a supplied phone number.
Email Phishing Attacks: In this method, specially crafted emails are sent to hundreds of people. These emails can be quite deceptive, looking like legitimate emails from well-known companies such as Microsoft, Apple, Google, Facebook, Paypal and even major banks.
Guessing: Yes, hackers can sometimes get lucky and guess a password. This may be an educated guess, such as knowing the name of a person’s pet or favorite sports team. Or they could just be guessing popularly overused passwords such as Password123 or abc123.
How to protect yourself from hackers
To keep your identity and account data protected, follow these tips and suggestions to keep your online accounts secure.
Use long, complex passwords that contain upper and lower case letters, numbers and symbols. The longer the password, the harder it is to crack with brute force methods.
Don’t use easily guessable passwords like Password123.
Don’t use a single word as a password! This will prevent successful dictionary attacks. If you do want to use a single word, incorporate numbers and symbols. Sometimes you can use numbers and symbols in place of letters. For example, use 3 for E, ! instead of i, @ for A, etc.
Don’t use words or names that can be easily traced back to you. For example, don’t incorporate your name or the names of your loved ones into your passwords. Don’t use easily guessable pet names, sports teams or city names that people can easily associate with you. You would be surprised how much of your data is readily available online, especially if you use social media.
If you think words are an easy way to remember your password, consider using a passphrase. A passphrase is a password made up of 3 or 4 words, separated by a hyphen. This typically yields a password is many characters long. For example, Coastal-Green-Turtle would be considered a strong password. Because of its length and complexity, a brute force attack would take centuries to crack a typical passphrase.
Consider using a randomly generated password. There are several tools online for free, but make sure it is hosted or sponsored by a reputable source.
Don’t use the same password for different accounts. If one account gets compromised, potentially they all could be compromised if the passwords are the same.
For accounts that support it, Turn on Two-Factor Authentication whenever possible. Alternatively, you can use biometrics to secure your data, such as using the fingerprint reader or FaceID on your phone.
If you have a problem remembering passwords, consider using a password manager, like LastPass. Password managers will typically automatically fill in your login information to sites and applications, after it authenticates you as the primary user.
Don’t write passwords down on paper. And don’t store passwords online in a non-secure location or method.
If you do need to write down passwords, make sure you keep them locked up in a drawer or cabinet.
For online accounts:
Keep online accounts to a minimum. The less accounts you have, the less likely you will be targeted.
Only use services from trusted businesses.
For social media accounts, limit the kind of personally identifiable information that you post.
Change the privacy settings on your social media accounts. This will also help limit what hackers can learn about you online.
Dedicate one credit card for online purchases. Make sure that credit card offers online theft protection. In case your identity is stolen, and fraudulent charges are made, you won’t be personally responsible for those unauthorized charges.
Don’t accept a friend request from someone who is already your friend on the service. It is most likely a fake account created to fool you. Check with the actual person first before accepting these kinds of friend requests.
Concerning Computers and Email:
When you receive a suspicious email, carefully check the sender’s email address. If you get an email from a large company, but the sender’s email address is Gmail, it is most likely a scam.
Hover over all links in the browser before clicking on them. Make sure the URL is actually going to the place it says it is going to.
Never open or download attachments from suspicious emails.
Have separate email addresses for different activities. For example, you could have an email address dedicated to financial accounts, one dedicated to job searches, an email address dedicated to online purchases. You can even have an email address dedicated to services you only intend to use for a short time.
Install and use malware protection software from a trusted company.
Lock or shut down computers in public or work environments when they are not in use. A computer cannot get infected when it is off!
On the Phone:
As spam callers and spambots are making record number of bogus phone calls, only answer calls for people you know.
Don’t volunteer personal information or credit card information on any phone calls you did not initiate.
If you get a popup saying your computer is infected with a virus, don’t call any phone number that it provides. Rather, take it to a trusted computer repair shop or friend that works on computers to help you clear the malware.
Out in Public:
Don’t discuss personal or financial information in public areas.
Don’t give strangers any personal information.
Stay vigilant when in a new area. Pay attention to those that are paying attention to you.
At your place of business, don’t hold open any doors to secure areas for anyone.
Don’t let people enter secure areas with your credentials.
Keep an eye out for unfamiliar people in your work area.
By following some of the suggestions listed above, you will decrease your chances of getting your data stolen or your accounts compromised. If you are concerned that you may have been the victim of identity theft, you can have a dark web scan performed on your behalf.
Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised. Contact us if you are interested in using our cybersecurity protection services for your business.