I am pleased to get futured at the Global CIO Forum web site with my articles.
Here is my ATTACKER MINDSET article
There has been an accelerated growth of cybercrime over the last decade. Costs related to cybersecurity and cyber attacks have also burgeoned, with organizations having to pay more to keep their infrastructure secure. McAfee, a leading cybersecurity company, reported that the cost of cybercrime in 2017 was $600 billion. Individual attacks were estimated to have cost $5 million in the same year with $2.75 million having been lost to downtime and productivity loss. The cost of securing organizations was estimated to be $81 billion in 2016. Since the cost of cybersecurity solutions has also increased, the total cost of securing organizations has also been going up. Therefore, the world economy is losing a lot of money to cybercrime. This money could have been put to more productive use, but it is either ending up in the hands of cybercriminals or being spent on cybersecurity solutions.
Therefore, it is imperative to view hackers from a psychological perspective in order to understand what drives them, thereby contemplating what can be done to stop them. This article will explore the category and traits of hackers, as well as their way of thinking.
To best understand why there are so many cases of cybercrime, and why they will possibly keep on rising, it is important to understand the psychology of the perpetrators. Cybercriminals have the technical know-how to penetrate systems and networks to steal data, money, or compromise the integrity of the systems. The following are the main categories of hackers
- Black hats: These are malicious hackers that purposefully penetrate systems and networks for financial or self-gain
- White hats: They are vigilante hackers that try and find vulnerabilities that can be used by black hats to attack systems so that mitigation measures can be taken
- Grey hats: They are black hats that have reformed and become security consultants
- Hacktivists: These are groups of hackers that join hands in hacking exercises, often to make a political statement aimed at pushing for social change, such as freedom of speech
- Cyber terrorists: These are hackers that use their skills for hacks targeted at the loss of life, damage to critical infrastructure, significant bodily harm, and spreading intimidation to groups of people
It can be assumed that grey and white hats will not use their skills to carry out cyber attacks, and, if they do, the attacks will be designed to help the victim learn more about vulnerabilities and how they can be mitigated. Black hats will target individuals and organizations if they believe that there are financial gains that they can make from the attack. Hacktivists can target government agencies or corporate that have huge societal influence, and will do so to pass a message. Cyber terrorists will attack critical infrastructure such as nuclear energy facilities.
To understand the psychology that drives hackers to carry out crimes that are almost impossible to pull off, it is important to understand their traits. The traits observed with the majority of them appear similar; however, this should not be a cause of complacency. Organizations must be invested in exploring new use cases and finding out if there are more. The common traits observed in most cybercriminals are listed in the following sections.
THEY ARE PATIENT
Hacking is a process, not just a one-off act. Hackers have been known to take their time to first study their targets. They do observations of how the system they are targeting operates, how secure it is, the humans that use it, and the times that it is active. Once they have done reconnaissance, they scan the system and identify its technical specifications, as well as the vulnerabilities it may be having. Only when sure of the vulnerabilities, will the hackers try to breach the system to steal data and money, or to compromise it. These stages can be replicated on other targets, such as networks or users. It is evident that each stage takes time, and this is why hackers have to be patient. If they attack without knowing the security systems in place, the attack could flop and the organization could be triggered to secure the system even more. In addition to this, hackers are also patient when learning how to hack. Veteran hackers have studied programming languages in order to be able to read code or reverse engineer programs to find out where vulnerabilities exist. To become such an expert that you can analyze code written in different languages, one definitely has to spend a lot of time learning how to code. Hackers invest their time in this to prepare for their cybercrime activities.
THEY ARE DETERMINED
At the moment, cybercrime is a catch-up game, whereby cybercriminals seem to always have an upper hand. Many old hacking techniques and tools will not work today due to the sophistication of cybersecurity tools. Systems that could have been exploited a few years ago through vulnerabilities such as SQL injection, have also been patched and are fully secure. However, hacking is still on the rise, which means that hackers are constantly coming up with new techniques and tools that cybersecurity companies are not aware of. They are also actively searching for new vulnerabilities to exploit. This just shows how determined hackers are. Hackers have also been targeting large corporations that are expected to have state-of-the-art security. However, this is not enough to stop the hackers, as previous incidences have shown. For instance, Facebook, with a user base of 2 billion people, was hacked in 2018 and data belonging to 50 million users stolen. To many people, it could be assumed that Facebook has so many security features that it would just be time wastage to try and hack it. However, hackers have proven just how determined they are to bring down any target they aim at.
THEY ARE INSENSITIVE
Hackers engage in crime and do not care about the victims. For instance, the 2016 WannaCry attack led to many deaths in hospitals after computers supporting crucial processes and services were encrypted. To the hackers, this was not a concern and, despite WannaCry having a kill-switch, they decided to let the ransomware keep on encrypting more computers even if they were used for life-support purposes. Another set of hackers have been targeting the elderly through vishing, where they call them and:
- Claim to be grandchildren in urgent need of money
- Claim to be law enforcement officers and inform the elderly that they are wanted for a crime, then threaten to arrest them if they do not pay some money as a fine
- Claim to be from their banks requesting credentials such as ATM PIN numbers
- Claim to be from the IRS and demand some payments
In all these incidents, the elderly are forced to comply and send money to the hackers. The way in which a hacker can call just to steal from vulnerable and elderly people, just shows how insensitive they are. Hackers often do not show mercy to their targets until they get what they want.
THEY ARE RISK-TAKERS
The fight against cybercrime has intensified and hackers risk many years behind bars if caught. However, hacking is still going on. Some of the cybercriminals are known by their pseudo names and will often leave their signatures wherever they have hacked. A good example is a hacker known as Higinio Ochoa who was caught in 2012 by the FBI after leaving a clumsy message after his hack. As was the norm after every attack, Ochoa left a signature via a message taped on his girlfriend\’s stomach and uploaded it on Twitter. However, Ochoa had forgotten to remove meta information from the image that the FBI used to track and arrest him. Ochoa had stolen data from the FBI, yet had the guts to try and taunt the agency, which is known for tracking down all types of criminals with a high success rate. This incidence shows how risk-taking hackers are. They are not afraid of breaking laws and informing law enforcement officers that they are the ones responsible.
A growing trend in cybercrime is social engineering, where users have been tricked into handing sensitive details, or even transferring money to hackers. With the increasing cybersecurity budgets for organizations to buy more effective tools and security services, the channels for attacking systems and networks directly are reducing. However, hackers are exploiting other avenues to hack into highly secured organizations, and they are doing this through social engineering. There have been multiple hacks where it has been reported that the hackers simply coerced users into sending them money or giving them passwords. An increasingly common technique is business email compromise, where hackers are spoofing emails of executive employees and instructing junior employees to send money or passwords to certain accounts or emails. The use of coercion is working so effectively because hackers are exploiting flaws in the communication channels used by organizations. It has become normal for executives to order around junior employees and even to break protocol. Therefore, if the junior employees are asked by a spoofed email to send money to an overseas account, they will yield, simply because that is what the real executive does. Hackers have perfected their coercion skills as well, to a point that it is hard for the targets to say no. Hackers will refine the stories they will tell the users they target before sending them. If it is a call they are making, they will know what to say, depending on how the targets respond. Some social engineers even make physical appearances before targets to gain their trust. Therefore, coercion is simply one of the many essential tricks that hackers possess. They are coercive.
THEY ARE CAREFUL
The traces of a cybercriminal are hardly ever recovered. They are also hardly ever arrested or convicted. Cybercrime networks are hardly ever broken. All this is because cybercriminals employ a lot of caution in their malicious activities. From the planning phase of an attack, cybercriminals will start exercising caution, and use communication tools and techniques that make it hard for the messages to be traceable. Encryption, self-destructing emails, spoofed emails, and dark web communication tools are commonly used. During an attack, hackers will also cover their trails. They will use IP addresses from VPNs or proxies routed through other VPNs and proxies. The flow of data will be such that it is hard to trace where hackers came from and where stolen data was routed to. Additionally, hackers will operate systematically, where each of them knows what to do and when. Funds stolen directly from targets are not directly cashed into the hacker\’s banks since this would make it easy for them to be tracked. Instead, ghost accounts opened in overseas banks that do not have as many restrictions are used. Alternatively, money obtained from cybercrime passes through money laundering schemes till it cannot be traced back to the cybercrime incident. With the advent of cryptocurrencies that come with privacy controls aimed at anonymizing transacting parties, it is even easier for hackers to cleanse their money by converting it to cryptocurrencies and then withdrawing it or buying assets using the cryptocurrencies and liquidating them later on.
The FBI has been successful in apprehending some cybercriminals, but it is just a small number of them that get caught in unfortunate circumstances. For instance, the FBI has been said to list its own fake malware on such sites only to arrest those that buy the malware. In response to this, both buyers and sellers in the market become extra-cautious when transacting. Even when a hacker is arrested, it is hard for the enforcement agencies to arrest another because they do not operate using real names, and will quickly cut off communication if they are suspicious. At the moment, cybercrime is operating as an underground economy that is thriving, and the appropriate steps have been taken by players in the economy to protect its existence. Therefore, cybercriminals will keep on acting with a great deal of caution to protect themselves and others. Hacking networks are hard to break, due to the high levels of secrecy employed by hackers. For instance, it is known that there are dark web sites where one can purchase highly effective malware. However, not just anyone can buy. Most of these markets use invitation-only systems and, even then, none of the hackers in the market dare to divulge any information that could be used to bust any of the hackers.
THEY ARE DEVIANT
Cybercriminals participate in anti-social behaviors which break the law and cause suffering to other people. For example, stealing all the retirement savings that an elderly person has made, by simply getting access to the credentials of their bank accounts and withdrawing all the money found. No society expects its own to do such things. Cybercriminals also defy laws. They will engage in fraud, theft, destruction of resources, and identity theft, among other crimes. In any case, cybercriminals are not typical people. They are hardened to steal without mercy and break rules without fearing any consequences. Therefore, hackers will tend to be divergent from the norm, and will be ready to engage in malicious acts despite knowing that it is wrong to do so.
From the discussions above, hacking can be better understood by looking at it from a psychological perspective. The traits of hackers, as presented, show that maintaining healthy social lives can help reduce cybercrime. People that lack social lives or like to lead isolated lives could be checked up on to make sure that they do not fall into cybercrime. It has been said that hackers are both patient and determined. These two traits have far-reaching implications for cybersecurity approaches in organizations. Since hackers will not relent easily, and will also take their time to find a vulnerability in the organization, it is prudent for organizations to adopt cyber resilience rather than cyber defense. Unlike cyber defense, cyber resilience ensures that an organization is protected from attackers, and, in the event that an attack happens, business processes will not be adversely affected. It has also been discussed that hackers are coercive. This, therefore, means that employees can easily fall prey. Organizations must, consequently, invest in programs to train their employees on how to protect themselves from hackers. Alongside this, organizations must set up clear procedures on how credentials can be shared, and also how a transfer of funds can be authorized. Hackers have been said to be careful in their attacks and this affects how organizations should monitor their systems and networks. Minor observations of abnormal activities on networks should not be ignored as hackers might be making a move. Additionally, organizations should invest in intrusion prevention systems to prevent some activities, such as network scanning, that might be used by attackers. Based on how attackers think, it can be learned that the main motivator for them is money, thus all resources that they can steal and make money from should be highly secured. Organizations that store personal data should employ extra security measures, such as encrypting their databases. Additionally, since some hacking events are politically motivated, governments in other countries have to take the initiative to follow up with the attackers and seek diplomatic resolutions.
- Erdal Ozkaya is a leading Cybersecurity Professional with business development, management, and Academic skills who focuses on securing the Cyber Space & sharing his real-life skills as a Security Advisor, Speaker, Lecturer, and Author.Erdal is known to be passionate about reaching communities, creating cyber aware campaigns, leveraging new and innovative approaches and technologies to holistically address the information security and privacy needs for every person and organization in the world.He is an award-winning technical expert & speaker: His recent awards are: Cyber Security Professional of the year MEA , Hall of Fame by CISO Magazine , Cybersecurity Influencer of the year (2019) ,Microsoft Circle of Excellence Platinum Club (2017), NATO Center of Excellence (2016) Security Professional of the year by MEA Channel Magazine (2015), Professional of the year Sydney (2014) and many speaker of the year awards in conferences.
He also holds Global Instructor of the year awards from EC Council & Microsoft. Erdal is also a part-time lecturer at Australian Charles Sturt University
Erdal has co-authored many cybersecurity books as well as security certification courseware and exams for different vendors.
Erdal has the following qualifications: Doctor of Philosophy in Cybersecurity, Master of Computing Research, Master of Information Systems Security, Bachelor of Information Technology, Microsoft Certified Trainer, Microsoft Certified Learning Consultant, ISO27001 Auditor & Implementer, Certified Ethical Hacker (CEH), Certified Ethical Instructor & Licensed Penetration Tester.
Erdal\’s Twitter : https://twitter.com/Erdal_Ozkaya