Presented by Adam Tyler, chief innovation officer at CS Identity (and who looked like he got off the set of the Mr. Robot TV show)
The young generation is becoming more and more involved in hacking, cyber-crime, and fraud. The increase of access is breeding a new generation of hackers, who start off as mostly curious, rather than malicious.
Today, cyber-crime accounts for over 50% of all crime reported in England. This is fulled by a huge change in the cyber-crime market, which is copying the cloud companies and providing Crime as a Service. DDOS (Distributed Denial of Service - the ability to bombard someone's network resource until it can't cope with requests), Ransomware (software that encrypts your data and then ransoms you for the decryption key), malware, and spam engines all come as "platform as a service" nowadays. You can set up your criminal endeavor on the cloud, and the platform providers take 25% of the revenue.
The young demographic values digital life and digital assets more than money. Data is the core piece of the digital life; its distribution is what the internet was created for.
Adam challenged us to guess the age of the hackers behind these hacks:
- Xbox/Playstation hack - a DDOS attack that shut down 160 million users, knocking them offline. The purpose of the attack was advertising - after the attack the hackers sold the tools they used, so they did the attack as an ad to how good their software is. Age of attackers: 18
- JP Morgan Chase hack - $100 million stolen from banks. Age of attacker: 36
- TalkTalk hack - SQL injection attack, which cost the cellular company 100,000 customers and $73 million. Age of attacker: 16
- Target attack - 2-3 million credit cards stolen and successfully sold on black market. Age of attackers: 25
There is a large range of ages for hackers, although the age is trending downwards.
Common thinking is that becoming a hacker is hard - it's something you need to devote many years of intensive study for. This is no longer true in our days.
There are three basic hacker types:
- Type 1: Script kiddies.
- Motivation - Glory among their peers. In the internet they hold power which they may not hold in their real life.
- Communication: open web forums
- Attack methods: techniques learned from gaming and gaming related forums
- Targets: other gamers
- How do they get introduced to hacking? Simple, via Google. Adam gave a live example, and googled "how to kick off other players". This leads to a gaming forum (not a hacking forum!), with lots of free tools and techniques for kicking off other players from whatever online games you like. While you're at the forum, you're also exposed to other things - exploits, social engineering tricks and so on. He followed an ad for selling stolen identities to a whole host of services and showed how easy it was to get a stolen Netflix, Xbox Gold, Hulu, Spottify, or whatever account.
- Type 2: Enthusiasts
- Motivation: financial gain
- Communication method: dark web forums
- Attack methods: phishing emails, exploit kits
- Targets: Individuals, small businesses
- How do they get introduced to the dark web? Once again, Google. In the past it used to be relatively difficult to get on the dark web; you would have to use special browsers and know what to look for. However, when Google created its own DNS service, then suddenly any dark web site someone would access through it would automatically get indexed and start showing up in searches. As for the sites that require TOR browsers (special anonymizing browsers used to surf without exposing your identity), peoploe built TOR proxies for them, which are doorways that allow people to access the site for someone who has a regular browsers; and thus they would be indexed by Google as well. So now with simple searches on Google you can access any corner of the dark web.
- Type 3: Professionals
- Motivation: massive financial gains
- Communication: highly private communication methods
- Attack methods: zero day exploits, malware
- Targets: large corporate entities, financial institutions
Type 3 hackers are rare; what's driving the explosion in hacking are type 1 and 2s.
How does one protect himself? This wasn't part of the presentation but someone asked the question, and as usual, there is very little to be done. You should update software frequently - make sure you have all security updates; you should never reuse passwords, and you should understand the world of hacking - be aware of the techniques employed by hackers so you are less likely to fall for them: phishing, clicking on dubious links, what ransomware is and how to protect from it, etc.
No comments:
Post a Comment