Today, almost all computers are connected to the Internet. This means they’re connected to other computers – which involves risk.
Therefore, it is extremely important that you store your information properly and keep it secure. It’s also important that you protect your PCs from misuse, abuse and data loss. Why? Because there are bad guys out there and you don’t want them getting their hands on your information.
Bad guys? Yes, it’s a term we Internet security people use frequently, but do you fully understand who the bad guys are? Before you can properly arm yourself against a security attack and/or breach by the bad guys, it helps if you know who to watch for so that you can put in place the proper layers of defence.
Technically, a cyber crime is any intentional breach in computer security via the Internet, or some other illegal act facilitated by the Internet. However, as we will see below, there are actually quite a few unique categories of bad guys to look out for.
Hackers, Crackers, and Script Kiddies: mostly harmless, or cause for alarm?
In the early days of computers, hackers were white hat good guys who tried to do no harm and hacker was a benign term.
Hackers illegally accessed computers to learn more about them, or to find security holes in the computer or the network to which it’s attached. They did nothing malicious, used their skills for good purposes and took pride in the quality of hacks that would leave no trace of an intrusion. Today’s white hat hackers are typically computer security experts, who specialise in penetration testing and other security testing methodologies to ensure that a company’s information systems are secure.
During the early 1980s the lay of the land changed and we started to see the rise of crackers. This refers to a person who intentionally accesses a computer, or network of computers, for evil reasons – typically, with the intent of destroying and/or stealing information. Today, these bad guy crackers are sometimes referred to as black hats, or hackers (just to confuse us).
Usually, both hackers and crackers have very advanced computer and networking skills allowing them to develop scripts or programs to help them attack computer systems and networks.
Hacking tools can sometimes fall into the hands of script kiddies, who often use them randomly and with little regard or perhaps even understanding of the potentially harmful consequences. These script kiddies usually have very limited computer skills and can be quite immature, trying to effect large numbers of attacks in order to obtain attention and notoriety.
The Rise of Cyber Criminals
We typically use the term cyber criminals to describe those who use the Internet in illegal ways, or to facilitate illegal or fraudulent activities.
More specifically, cyber criminals are the people trying to put malware onto your system so that they can obtain valuable information such as credit card and bank account details, user names and passwords. This is identity theft and those responsible will either use the information to defraud someone, or sell it on to someone else who will.
Cyber criminals are also scammers and phishers who try to con you into giving them money. They might claim to need your help to transfer large amounts of money, or that you’ve won a prize in a lottery you never entered. Sometimes it’s the promise of an inheritance from a wealthy relative you’ve never heard of.
Some cyber criminals illegally distribute software, music, movies against copyright laws. They might even sell illegal forms of pornography. Typically their activities are entirely profit motivated, though in the cases of cyber bullying and cyber grooming the motivations lie elsewhere.
Not all cyber criminals have sophisticated computer and networking skills. Today, the vast majority of cyber criminals simply use the malicious tools and kits marketed for profit by those creating them.
In effect, most cyber criminals are simply up-to-date script kiddies, but now they’re motivated by profit, not notoriety. For about US$400, almost anyone can buy appropriate scripts and after about four hours of working through the instructions, be fully set up as a cyber criminal. Scary stuff.
More Cyber Bad Guys on the loose
People trying to illegally obtain information about companies or government organisations are known as cyber spies. Typically when the attack is against a business it is profit-driven, while when it’s against government organisations it is espionage.
People who carry out blackmail via the Internet are cyber extortionists. For instance, threatening to release confidential information if an individual or company does not pay a large amount of money. Cyber extortionists may put in place a distributed denial of service attack (DDoS) against the web site or network of a business and demand payment to stop the attack. They might trick you into downloading and installing malware/scareware/scamware, for example rogue anti-virus software, and then demand payment in order for it to be removed.
Relatively new on the scene are cyber activists who use the Internet as a fast and cheap communications tool for their public movements. They may be involved in cause-related fundraising, community building, lobbying and organising public demonstrations. One example is Iranians using Twitter to organise mass protests in 2009.
Of course, one man’s freedom fighter is another man’s terrorist, so we also have cyber terrorists. These are cyber criminals who use the Internet to destroy computers or disrupt Internet-connected services for political reasons. Just like a regular terrorist attack, cyber terrorism typically requires highly skilled individuals, a lot of money to implement, and detailed planning. An example is when hundreds of DDoS attacks in 2007 virtually took down the Internet in Estonia.
Last, and certainly not least, we have cyber warriors. It seems that many countries, including the USA and China, have decided that the Internet is a valid tool to fight a war against their enemies.
While the Internet can be used to greatly enhance military and economic power, it also presents a soft underbelly to present and future adversaries. Thus governments are recruiting and training “cyber warriors” to use the Internet for offensive attacks, and to protect us from such attacks by others. Sad, but true.
How to protect your business – and yourself
By going online, everyone is exposed to all these forms of bad guys. Thus it’s crucial for both businesses and individuals to keep their information secure so that the bad guys can’t gain access to it. Here’s some advice:
- Have up-to-date and properly configured Internet Security software on all the PCs you use.
- Lock down desktop PCs, laptops and servers by limiting user privileges, eliminating unnecessary applications and having strong passwords. Giving up administrator privileges is a simple way to remove 90% of the risk of malware being able to install and run.
- Understand who might be looking to break through your defences and how they might go about doing it.
Think like the bad guys. Knowing who your enemies are will help you to do this.
Lloyd Borrett is self-described Security Evangelist at AVG (AU/NZ), a Melbourne-based distributor of Internet Security products. Learn more at http://www.borrett.id.au.
Image by bfishadow