How a Hacker thinks and what he’s doing to get your data

Black Hat Hacker

Hackers come in all shapes, ages, races and nationalities. Each one is looking for something from you, but they are not all looking for the same thing.

-Some are looking for your company secrets (product code, mixture recipes, etc.)Black Hat Hacker

-Some are looking for your employees’ personal information (called a targeted attack)

-Some are looking for information on your customers or clients (called a third party attack)

What are the benefits to the hacker of these attacks? Let’s briefly take a look at each one.

The obvious answer of corporate espionage and trade secret infringement is first on the list.  Companies all over the world are looking to take your new products and duplicate it to flood the market with cheap copies.  Even governments of some countries sanction theft of secrets by hackers.  The more sinister attacks fall in the second two categories of targeted and third party attacks.  We’ll call these sinister because individuals who often do not have the knowledge or resources to protect themselves, or even know they’ve been compromised are the ones who may fall victim to these breeches of security.

The benefit to a targeted attack is as wide as it is varied.  Simple identity theft is at the top of the list, but more in depth schemes have also been uncovered.  Finding compromising photos or information hidden in your email or texts would allow a hacker to blackmail someone into doing something they normally would not.  It has also been documented where a CEO was targeted directly to get him to make certain corporate policy changes to influence and allow others to financially gain.

A third party attack is what you hear about more and more these days.  Financial andonline companies having to disclose their customer’s credit card information was accessed, or that other sensitive information was accessed illegally are all too common.  Besides the obvious, the not-so-obvious are things like healthcare fraud where a hacker steals your health insurance information and sells it to others to gain access to medical services.  Then when you go to the doctor, you’re all of a sudden being treated for something you don’t have, but your records indicate you do.

So how do you protect yourself, your company and your data from these attacks?  Vigilance and education are the primary two factors.  Making sure your data is in the places it should be, which is on servers and data storage networks that are up to date on security and anti-virus patches.  Being sure your data is encrypted when it is out of your network (like on a thumb drive or laptop hard drive) in case it is lost or stolen.  Taking the time (and leaving enough in the budget) to ensure your physical security is adequate (are your servers in an area where a disgruntled employee could easily destroy, damage or access the system directly?) and making sure the IT people keeping your network up to snuff are actually qualified and competent in doing so.  Stop using simple passwords and use 10 character minimum passwords utilizing case sensitivity, numbers, symbols and spaces (the new 2012 and Windows 7 and 8 products support this).

Social Engineering, Hacker, HackHackers use many methods to gain access to your information.  They’ll sometimes simply call your staff members, identify themselves as IT, and present a disaster type of scenario that you can help resolve by letting them reset your password.  What would you like it to be?  What was your old one?  Now they have it too (this is called Social Engineering).  Hackers will also plan a time consuming, methodical “fingerprint” of your network using software and other compromised computer systems to start looking for open ports and holes in your network and to start running password attacks called dictionary attacks or brute force attacks.  They might even find out what other companies you work with and attempt to compromise them in order to gain access to you through weak VPN setups or other methods, making you the primary target and a third party target as well.

While this article doesn’t encompass even 10% of what could happen, it gives you some idea to the breadth and depth of how your data and other sensitive information can be compromised.  Taking shortcuts, eliminating appropriate funding to support your infrastructure are all pieces of what a hacker is looking for in a company to target. Don’t make it easier than it already is to attack your computers and data.

Leave a Reply

Skip to toolbar