Joseph Steinberg - Cybersecurity For Dummies

Seeing how some “good guys” might become “accidental bad guys”

Discovering how hackers profit from their crimes

Exploring threats from nonmalicious actors

Many centuries ago, the now world-famous Chinese military strategist and philosopher, Sun Tzu, wrote:

If you know the enemy and know yourself,

you need not fear the result of a hundred battles.

If you know yourself but not the enemy,

for every victory gained you will also suffer a defeat.

If you know neither the enemy nor yourself,

you will succumb in every battle.

As has been the case since ancient times, knowing your enemy is necessary in order to ensure that you can properly protect yourself.

Such wisdom remains true in the age of digital security. While Chapter 2covers many of the threats posed by cyber-enemies, this chapter covers the enemies themselves:

Who are they?

Why do they launch attacks?

How do they profit from attacks?

You also find out about nonmalicious attackers — both people and inanimate parties who can inflict serious damage even without any intent to do harm.

Albert Einstein famously said that “everything is relative,” and that concept certainly holds true when it comes to understanding who the “good” guys and “bad” guys are online. As someone seeking to defend yourself against cyberattacks, for example, you may view Russian hackers seeking to compromise your computer in order to use it to hack U.S. government sites as bad guys, but to patriotic Russian citizens, they may be heroes.

If you’re an American enjoying free speech online and make posts promoting atheism, Christianity, Buddhism, or Judaism and an Iranian hacker hacks your computer, you’ll likely consider the hacker to be a bad guy, but various members of the Iranian government and other fundamentalist Islamic groups may consider the hacker’s actions to be a heroic attempt to stop the spread of blasphemous heresy.

In many cases, determining who is good and who is bad may be even more complicated and create deep divides between members of a single culture. For example, how would you view someone who breaks the law and infringes on the free speech of neo-Nazis by launching a crippling cyberattack against a neo-Nazi website that preaches hate? Or someone outside of law enforcement who illegally launches attacks against sites spreading child pornography, malware, or jihadist material that encourages people to kill Americans? Do you think that everyone you know would agree with you? Would U.S. courts agree?

Before answering, please consider that in the 1977 case, National Socialist Party of America v. Village of Skokie, the U.S. Supreme Court ruled that freedom of speech goes so far as to allow Nazis brandishing swastikas to march freely in a neighborhood in which many survivors of the Nazi Holocaust lived. Clearly, in the world of cyber, only the eye of the beholder can measure good and bad — and the eyes of different beholders can be quite different in such regards.

For the purposes of this book, therefore, you need to define who the good and bad guys are, and, as such, you should assume that the language in the book operates from your perspective as you seek to defend yourself digitally. Anyone seeking to harm your interests, for whatever reason, and regardless of what you perceive your interests to be, is, for the purposes of this book, bad.

A group of potential attackers that is likely well-known to most people are the bad guys who are up to no good. This group consists of multiple types of attackers, with a diverse set of motivations and attack capabilities, who share one goal in common: They all seek to benefit themselves at the expense of others, including, potentially, you.

Bad guys up to no good include

Script kiddies

Kids who are not kiddies

Nations and states

Corporate spies

Criminals

Hacktivists

The term script kiddies (sometimes shortened to skids or just kiddies) refers to people — often (but not always) young — who hack, but who are able to do so only because they know how to utilize scripts and/or programs developed by others to attack computer systems. These folks lack the technological sophistication needed in order to create their own tools or to hack without the assistance of others.

While script kiddies are technologically unsophisticated (see preceding section), plenty of other kids are not. For many years, the caricature of a hacker has been a young, nerdy male interested in computers, who hacks from his parents’ home or from a dorm room at college. In fact, the first crop of hackers targeting civilian systems included many technologically sophisticated kids interested in exploring or carrying out various mischievous tasks for bragging rights or due to curiosity.

While such attackers still exist, the percentage of attacks emanating from these attackers has dropped dramatically from a huge portion to a minute fraction of a percentage of all attacks.

Simply put, teenage hackers similar to those depicted in movies from the 1980s and 1990s may have been a significant force in the pre-commercial Internet era, but once hacking could deliver real money, expensive goods, and valuable, monetizable data, criminals seeking to profit joined the fray en masse. Furthermore, as the world grew increasingly reliant on data and more government and industrial systems were connected to the Internet, nation and states began to dramatically increase the resources that they allocated to cyber-operations from both espionage and military standpoints, further diluting the classic teenage hacker to a minute portion of today’s cyberattackers.

To date, terrorist groups and other parties intent on wreaking havoc and inflicting harm on innocent people have focused much of their online activities on brainwashing vulnerable people, recruiting members, and assembling supporters. There is little doubt, however, that such nefarious parties also understand the potential damage that can be inflicted by cyberattacks — and are actively building and seeking to exploit cyberattack capabilities — and that Western nations are beginning to react accordingly. In May 2019, for example, the Israeli military bombed a building in Gaza from which the Hamas terrorist organization — a group then receiving both financial aid and technology know-how from Iran — was allegedly launching cyberattacks against civilian targets.

Hacking by nations and states has received significant press coverage in recent years. The alleged hackings of the Democratic party email systems by Russian agents during the 2016 Presidential election campaign and the Republican party email system during the 2018 midterm elections are high profiles examples of nation state hacking.

That said, most nation and state cyberattacks are not nearly as high profile as those examples, do not receive media coverage, and do not target high profile targets. Often, they’re not even discovered or known to anyone but the attackers!