What the general public doesn’t understand about hacking is a lot! We clearly haven’t received accurate depictions of any IT or Computer Science from Hollywood. Google announced a contest the other day challenging writers to depict accurate portrayals and storylines relating to computer science. Think about the cliches, nerdy guy or gal sits down at any computer and taps loudly on the keyboard. Suddenly non-standard interfaces start animating across the screen. They can tap into traffic cameras, building security and bypass the big bad corporation’s network security. Then there is also the little girl in Jurassic Park, “this is a UNIX system!” With that discovery she knew just what to do to reset the park’s systems.
So let’s get real and throw out the cliches. Who are hackers and what do they want? What do they look like? I’m just a little person with one humble website and computer among millions. Why should I fear them?
History of Hacking and Mountain Climbers
Historically, hacking was not much more than mischief among computer users. You did it because it was there. Much the same reason why, when asked, mountain climbers give for why they do what they do.
The more innocent hackers could also claim bragging rights. They could produce data on how broadly their virus spread. They created colorful, ominous screens that would take over your interface.
Later, hacking grew more destructive. Files would be damaged by a virus. Nervous people would run to the computer store and buy anti-virus software to see what could be repaired. Fingers-crossed that their term paper is not among the lost or corrupted files.
What are they up to today?
In this article, Wordfence shares the results of nearly 900 blog or site owners’ response to a survey. The results share a good snapshot of the range of things that the new “bad guy” hackers are likely to be attempting and why. Some are destructive, most are self-serving for political of monetary gain rather than just being the traditional mischief.
At the top of the chart is the desire to deface a site or take the site down. Sometimes, like a graffiti “artist” who tags a building, they are putting their message on a space that doesn’t belong to them in an effort to get noticed. Taking the site down could be done in an attempt to damage a company’s business for mischief, competitive reasons or for what they may believe are moral reasons.
Spam is another way that your web presence can be exploited for the benefit of others. In that article referenced earlier, almost 20% of compromised WordPress sites are used to send Spam. When people start getting crude or at least suspicious emails from your domain, it hurts your reputation. It can also cause your company’s domain to get blocked, thus shutting down your ability to send messages using your company’s identity.
Spam is not just limited to email. If an attacker can post content to your website, they can create links to their sites and boost their site’s rankings in search engines. This SEO Spam is essentially taking your site’s reputation and content and using it to add value to theirs, without your permission. Some of these attacks are not trying to appeal to human readers, but to exploit the automated web crawlers and search algorithms,
Corporate espionage is in the news often and is kind of a big deal. Many companies handle financial information of many people. Cracking through those targets can be very profitable for the dishonest. It can also be very damaging for the companies that they penetrate. In the ever increasing competition between businesses it is important to remember these lessons that Microsoft shared to their Developer Network.
- You do have professional adversaries.
- You are on their target list.
- You will be attacked some day.
- You cannot afford to be complacent.
These are just a few examples
Just like Harry Potter, Mad-Eye Moody or Professor Snape describing the dark arts, hacking is a constantly changing threat that requires constant vigilance. As more commerce and attention is tied to the web, more opportunities to exploit are discovered.
There is also a reason why it is valuable to think about the ways of the criminal. Most of the best security experts became so by putting their mindset in the point-of-view of the criminals. The memorable book and movie Catch Me If You Can is an example of a person, Frank Abagnale who began as a mischievous loophole exploiter, became a criminal and for years has served as one of the government’s valuable consultants.
The threats will continue to change. The Internet of Things (IoT) is the recent trend of making many more tools, appliances and even simple objects available, trackable or interactive using embedded chips and internet connectivity. This new frontier is full of potential exploits. Imagine a large, heavy physical safe with a USB port on it. Designers realized they could add a new feature but didn’t consider the many paths that this addition created.
What do they want?
They want lots of things: money, notoriety, advantage, knowledge and power. Many don’t believe their actions will ever be traced back to them. 86% Don’t believe they’ll ever be caught. So this alone, even if it isn’t true, emboldens people all around the world to keep trying. No lock is ever perfect. But following best practices and thinking like the bad guys, you and your work will be far less likely to be the weak link.