Skip to main content

Cybercrime as a Pastime

Dan received the CompTIA IT Operations Specialist (cert.) in 2010 and worked in the computer repair/networking industry for several years.

a-cybercriminals-pastime

Cybercriminals are a tech-savvy bunch who exploit security holes in computers for various reasons. Sometimes it’s just for fun and status gain among peers, but as is evident on the news, it can get ugly. Other motives can be data theft leading to monetary gain or dirt on political opponents.

Case Studies

During the 2016 U.S. presidential election season, Hillary Clinton's associate John Podesta fell victim to a common type of attack  —  ultimately resulting in the disclosure of stolen e-Mails through Wikileaks. Hackers have various ways of stealing data but in this instance, it was done via a phishing attack — a technique used to trick computer users into believing they are communicating with honest entities.

The use of ransomware is another example of a technique used for data theft. Once installed, the malicious software targets certain files and encrypts them, in which they are rendered unusable — a ransom is demanded to unlock the files. The first discovered instance of ransomware, called the AIDS Trojan, occurred in the late 1980s. Since then, cybercriminals exploiting the lucrative market of data theft have increasingly used ransomware.

On May 7, 2021, Colonial, which owns and maintains a gasoline transport pipeline, reported that a ransomware attack against their computer infrastructure caused the pipeline to shut down — rendering a major gasoline shortage on the East coast of the United States. Hundreds of drivers were affected and began panic-buying gasoline.

Hacker Methods

Ransomware typically gets installed inadvertently by internet users who download free programs, often from websites controlled by cybercriminals. The programs include but are not limited to  games, word-processing software, facial cosmetic apps, and computer maintenance software. The latter is often used by cybercriminals because all computer users want their devices running problem-free. When the programs are installed, malicious software of many sorts is unknowingly installed.

How often do you run across websites where a “warning” message flashes on screen prompting the download of an antivirus program? Ironically, the prompt has a hidden virus attached to it. Drive-by-downloads are similar although there is no user interaction required to become infected  through them. When visiting compromised or fraudulent websites, computer hackers can by automation install malicious software onto devices via security vulnerabilities on those devices.

Programs free of charge are generally appealing, although there is no rule that ransomware gets installed only by downloading and installing programs. Disgruntled employees who are computer-savvy and have direct access to their employers’ computers have been known to compromise systems in various ways.

Scroll to Continue

Embrace a Broader Understanding of Computer Security

Data security encompasses a wide range of computing concepts. Many computer users erroneously believe that installing an antivirus suite onto their device and turning on its notification settings is sufficient for security.

Integrating common sense into the day-to-day usage of computers is important. If something seems fishy, it's not far-fetched that there's foul play at work  —  and there are plenty of articles related to safe internet surfing where tips can be gained regarding this.

Physical security is often an overlooked facet that results in stolen computers, especially laptops and smartphones. Folks love working and hanging out at cafes. Occasionally when customers step away for a restroom break or get distracted, devices can be stolen. Always keep devices as close as possible and out of sight if left in the car.

Businesses keeping their computer servers on-site should place them in dedicated rooms with door locks, as a best practice. Alarms and security cameras are a bonus if the budget allows for them. In addition, access restrictions and other rules should be implemented in a security policy. The least-privilege practice is when employees have only the access required to do their jobs. This means that restricting permissions and access to folders used on computers — as well as room access should be implemented.

What happens when it’s time to get rid of devices that are broken or outdated? Device discarding should be implemented in a secured way. There are various ways to retrieve data stored on computing devices  —  this is true even if they are damaged or the data stored inside has been deleted — merely deleting files does not necessarily render data unreadable.

There are recommended and professional ways to render data unreadable on used computing devices. Professionally built hard drive destroyers are a proficient way of accomplishing this, especially for businesses managing hard drive discarding on a large scale. Using free software to “zero” the devices works, but for the less tech-savvy user, devices can generally be dismantled or smashed to the point that they're virtually impossible to put back together.

Getting Secured

Unsecured data exists all over the world. Computer hackers know this, so it’s just a matter of time before they conjure up plans to steal it. On the bright side, there are also effective and efficient ways to mitigate the risks of data theft.

Education, careful software vetting, physical security, and carefully-planned employee security policies should be part of computer security risk mitigation.

This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional.

© 2022 Dan Martino

Related Articles