Dan earned his CompTIA (CIOS) certification in 2010 and worked in the computer repair/networking industry for several years.
Hackers are skilled, manipulative people who use computers to illegally access data. Their motives vary—obtaining political information about opponents, blackmail, protesting, vandalism, and monetary gain is a few.
We're used to hearing computer security terms like data-breach, firewall, malware, browser-exploit, and ransomware, and it seems to require intricate knowledge of computers in order to pull off a computer crime. While many hackers often look for ways to improve their technical expertise, sometimes relatively little technical knowledge is necessary for them to succeed.
Initiating a Cybercrime
Perpetrators will begin a crime with the collection of data—technical details about the system being hacked, and potential methods for carrying out the attack. Cybersecurity analysts refer to the data and potential techniques used—against organizations—as threat intelligence.
Any information that can be gathered about the target system will help an attacker before using a computer for technical aspects of the crime. Various public sources can be queried, and when the opportunity is there, private sources—without sophisticated knowledge of computers.
Obtaining merely an e-Mail address and some personal-type information from a social media profile is all that's needed. For example, a person discusses an unsatisfactory experience with a credit card company on their public social media profile. This person also has an e-Mail address, shown on their public profile.
Exploiting the Data
Using the collected information, a phony e-Mail can be sent representing the credit card company, offering some type of compensation for the unsatisfactory experience. The e-Mail could include a malware-laden attachment with details, written by the hacker, on how to claim the compensation.
The chances are that the target recipient will open the attachment releasing malicious software onto their device—opening back-door access or delivering any other type of payload—the intended end goal of the perpetrator.
The twist here, however, is that the malicious software or virus, secretly attached in the e-Mail, doesn't have to be designed by the perpetrator using it. Malicious software can be obtained via underground venues where the buyer can even retain a degree of support from the designer. All the perpetrator needs is some useful information about the target that can be gathered from the public domain—hacking can be easy for criminals.
As discussed previously, cybercriminals do not necessarily require intricate technical knowledge of the inner workings of computers. All they need is some relatively basic information—potentially gleaned from the public domain—and some manipulation skills.
If the less-savvy types of hackers require malicious software to reach their goal, it can be obtained via underground markets as products or even subscription-based services. Just as Software-as-a-Service providers can provide software subscriptions via the internet, computer programmers can provide malware-as-a-service.
On September 16, 2021, an Illinois man was convicted by a federal jury for running services that enabled DDoS distributed denial of service attacks. Paying users could flood a targeted range of computers with so many requests that disruption of internet service would occur on the targeted systems—the purpose of using this type of attack can vary. The convicted man's sentencing is set for January 2022, and faces and a maximum penalty of 35 years in prison.
Using Computers Wisely
Digital devices including desktops, laptops, tablets, smartphones, and data stored within, are the targets of a wide range of tech-savvy criminals. In addition to becoming familiar with computer security fundamentals—accessible via books and online sources—abiding by a minimum set of security criteria and taking care of what information faces the public should be taken into consideration.
Don't display phone numbers or e-Mail addresses where the purpose thereof is generally unnecessary. Do not discuss plans on leaving your house—if hackers could gain physical access to a computer, and steal it, that would be easier than hacking into it from across the internet. Lastly, avoid disclosing personal details where possible—hackers could use the information to imitate somebody you know and attempt a phishing attack, to say the least.
Following or connecting with cybersecurity sites on social media can also help. They are frequently posting about trends in computer crime, as well as computer crime incidents.
© 2021 Dan Martino