Tuesday, March 21, 2023
Subscribe to Small Business Monthly
Small Business Monthly on Facebook Small Business Monthly on Twitter Small Business Monthly on LinkedIn

SBM Articles


Hacking: What Should You Really Know (Part 2)

by Scott Lewis

What are hackers looking for when they try to access your system? Most people think that if your system is hacked that bells and alarms will go off, lights will flash or your system will start doing crazy things.  In the case of viruses some of those things may happen like poor system performance, pop ups when you are browsing the Internet, however in most cases good hackers will be very difficult to track and detect because they don’t want you to know they were on your system. A perfect scenario from a hackers perspective is the longer you go without realizing that your data has been stolen the more it is worth to potential buyers on the data black market.

Let’s just assume a hacker gets into your system, what are they after?  In some cases the data seems harmless on the surface, but you have to put the entire puzzle together in order to fully understand how stolen data moves across the Internet. Then an understanding of how that stolen data is now used to facilitate identity theft, bank fraud, credit card fraud, or simple online purchases of goods and services. In some cases hackers are simply looking for email addresses, have you ever gotten an email from yourself, or wondered how you get on so many SPAM email lists?  Online marketers pay for lists of validated emails, they not only pay to have them created to use for themselves, they will then put the lists up for sale and sell the lists to other email marketing companies.

Email addresses are just part of the story, there is more, and yes as you put these individual pieces together you will see how the value of the data continues to grow. If you are an online gamer, hackers could be interested in you because online games typically require a username and password, or the bigger prize may be the license key of the game you are playing. In some cases with some games you have to pay to play, so now you are exchanging currency which could be in the form of a credit card is always a major prize. Let’s back up a little bit, what is the value of the username and password to a gaming system? Habit! Most people use either the same password or username for multiple things or they use some variation of the same password and username so if I can capture your username and password than chances are it will work on more than just your gaming system. Why the licensing key? Gaming has become so popular and it is a multibillion dollar a year industry, so that makes licensing keys very valuable on the black market. Of course the value of credit card information speaks for itself, but let’s take that one off the table for just a second.  If a hacker has targeted you for some reason, if I have your email address, your username and password, with just those things I am a couple of steps closer to becoming….you!

Then there is what we call reputation hacking which again is one of those nuisance things or could it be more than that? Reputation hacking is when someone hacks your Facebook page, LinkedIn page or some other social media site. OK, it’s a pain, but other than sending out a few harmless messages what harm could there really be in that? I’ll change my password and things will be fine.  It is a wonderful connected world, and who do you connect with? Your mother? Who has a brother? His last name is your mother’s maiden name? Ever use your mother’s maiden name as your security passcode? Also there are your kids names, your dog’s names, where you went to high school, your first car, where you work, your birth date, your kids birth date, your anniversary, social media sites are a volume of data about you, and how many of us have used parts or all of these little tidbits of information to create or manage passwords and usernames?

Now that we have some good data on you, what are we really going after? First access of course to your computer or your local area network.  The goals may be different depending on if you personally have been targeted or if the company you work for has been targeted. Corporate networks tend to be a little harder to get to, however the process of information gathering may be similar. As an example maybe your username to your network is some variation to your naming convention in your email address? So let’s start there and see how far I get with that as a username. Then your password statistically is going to be some combination of personal information that you can remember, such as the information that I gathered off your Facebook page. Now, the golden prize that I really want to get to is credit card information, banking information, website logins, mutual funds and 401K accounts, and there are many other prizes out there that feed into Identity theft and other activities all done with your name.

So in the huge scheme of what in the world are hackers really going after?  Right now the biggest thing is identity theft in a recent study by the FBI 54% of incidents are based around Identity theft.  Financial access makes up 17%, account access is about 11% and the surprise is corporate data is only 8%. In the corporate world the biggest threat to your companies data is your employees, however 55% of Identity theft is done by an external threat. This is one study that covers a small percentage of incidents, there are larger studies but the trends seem to follow suit.

Not all hackers are after your data, or you and your business may not be the actual target, the one thing that companies have that most hackers are not going to have is very high computing power. Again, good hackers do not want you to know that your system has been hacked, why? Because they may want to come back and use your servers to launch attacks on other businesses which may have been the original target but they needed your help to execute their plan.  If their hacking efforts create issues on your servers or network, or if the footprint is too big from a business disruption perspective such as slowness than the likelihood that you are going to notice and take countermeasures is much higher. Once a hacker has access to your system there is a lot that can be done without your knowledge, and it is amazing how much can happen without your IT department even knowing it. Hackers have been known to setup web servers and use them to distribute various illegal SPAM or black market information. This activity could and does include phishing websites, malware download sites including Ransomware and Crypto viruses, a piracy server to distribute illegal copies of software, explicit material server, webcam feeder site and traditional SPAM distribution site.

Scott Lewis is the President and CEO of Winning Technologies Group of Companies.  Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with large and small business to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium and small companies and Winning Technologies goal is to work with companies on the selection, implementation, management and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279

Submitted 6 years 299 days ago
Categories: categoryTechnology
Views: 2289