Caught red-handed
Can we hack the hackers?
The motives behind today's most technological threats. Why they do it and how they do it.
The other day, while trying to overcome the boredom of a typical weeknight at home, I was scrolling through my Facebook feed and I stumbled upon an article that listed some of the funniest cyber-attacks of all time. Well, to be precise, the article described 11 of the funniest hacks in history, in a list compiled by K. Thor Jensen for the website GEEK.COM (I know, what a cliché). The thing about this article is that it immediately led me to ponder on how the hackers’ creativity is really something else, and despite most hackers only being interested in hacking a system for their own advantage, there are those who decided to simply put their creativity to the test and play jokes or pranks on their hacks.
But talking about a hacker’s creativity, it is obvious that not only do they use such skill to show what they have been able to accomplish but also to employ different techniques and methods to ultimately achieve their goal. I mean, think about it: even though we, as companies, now have better protection mechanisms than we did in the past, thus making the task of a hacker incredibly difficult, cyber-attacks are now more frequent and complex than ever before. It somehow seems that we can continue to implement security mechanisms, one on top of another, that, in the end, all that work will be useless because hackers will always find a way to get into our systems. So, my question is: is the success of a cyber-attack really just associated with a hacker’s creativity? Is creativity really the only reason why hackers are typically successful in their activities? No, it is not… TIME and MOTIVATION are, in my opinion, key factors for such success.
TIME
When hackers define a target, you can be sure that they will spend every single minute of their time trying to defeat the target’s protection mechanisms. They are cautious and thorough and tend to spend hours, days, weeks or even months doing their homework on a target: gathering information, studying it and finding the easiest possible way to get in. Because don’t be mistaken… Even though hackers truly love a good challenge, that does not mean that they will not find the easiest way to hack into a target’s system. They will always look for that one opportunity that has been afforded to them by organisations, the so called "weakest link" in the chain. At this point, they just want to reach their goal: get access to the target’s systems, no matter what and how.
MOTIVATION
There are mainly two reasons why hackers do what they do:
- It is profitable - If a hacker’s “job” was not as profitable as it is, I guess that there wouldn’t be so many of them. The profits surely compensate the risk of getting caught and facing long jail time, especially considering that the laws on cyber-criminal activity are becoming more and more restrictive every year;
- They enjoy it - We know that most people are somewhat drawn to danger and with hackers, it is no different. The thrill of a challenge and the intoxication of feeling powerful and invincible is what drives them to perform such activities… and once they start, they will not stop until they have reached their goal and gained access to the target’s systems.
Understanding a hacker’s motivation and methods is key for predicting how they are likely to operate. Keep in mind that today’s hacking is not like in the past: the lone wolf wearing a hood sweater and sitting in a dark room is now a wolf pack sitting in a highly sophisticated technology room. The amount of resources and manpower that today’s hackers have is truly scary, and to deal with such power and aggressiveness we have, on the other side, the cybersecurity practitioners, who must deal with every single threat posed by these hackers while, at the same time, ensuring that the organisation’s operations are all running smoothly as expected.
This is not a fair fight, as you see. However, there is always something that we can do. Knowing your enemy is truly important, and we have already talked about that… But better than knowing your enemy is knowing ourselves. Like Sun Tzu said, in his book The Art of War, “if you know your enemy and know yourself, you need not fear the results of hundred battles”. We need to constantly be looking for new vulnerabilities and new ways to disrupt our operations, so that we can mitigate these issues before hackers can exploit them. Our cybersecurity strategy needs to be proactive and it must consider the hacker’s point of view. This is the art of cyberwar. Nonetheless, such approach can only be successful if we all assume our roles and understand our responsibilities. That being said, I ask you the following: CAN WE HACK THE HACKERS?
How Anonymous Hackers Changed the World