Joseph Steinberg - Cybersecurity For Dummies

Furthermore, in some countries, it is difficult, if not impossible, to distinguish between nation or state hacking and commercial espionage. Consider countries in which major companies are owned and operated by the government, for example. Are hackers from such companies nation or state hackers? Are such companies legitimate government targets, or is hacking them an example of corporate espionage?

Of course, nations and states that hack may also be seeking to impact public sentiment, policy decisions, and elections in other nations. Discussions of this topic have been aired via major media outlets on a regular basis since the 2016 presidential election. In fact, since then, accusations of foreign meddling in U.S. elections through the use of both cyber misinformation campaigns and hacking, only continue to grow.

In May 2014, United States federal prosecutors charged five members of the People’s Liberation Army (PLA) of China with hacking four U.S. businesses and one labor union as part of their service in Unit 61398, China’s cyber-warrior unit. The allegedly hacked parties included Alcoa, Allegheny Technologies, SolarWorld, and Westinghouse, all of which are major suppliers of goods to utilities, and the United Steel Workers labor union.

While the full extent of the damage to American businesses caused by the hacking remains unknown to this day, SolarWorld claimed that as a result of confidential information stolen by the hackers, a Chinese competitor appeared to have gained access to SolarWorld’s proprietary technology for making solar cells more efficient. This particular case illustrates the blurred lines between nation and state and corporate espionage when it comes to Communist nations and also highlights the difficulty in bringing hackers who participate in such attacks to justice; none of the indicted parties were ever tried, because none have left China to any jurisdiction that would extradite them to the United States.

Unscrupulous companies sometimes utilize hacking as a way to gain competitive advantages or steal valuable intellectual property. The United States government, for example, has repetitively accused Chinese corporations of stealing the intellectual property of American businesses, costing Americans billions of dollars per year. Sometimes the process of stealing intellectual property involves hacking the home computers of employees at targeted companies with the hope that those employees will use their personal devices to connect to their employers’ networks.

Criminals have numerous reasons for launching various forms of cyberattacks:

Stealing money directly: Attacking to gain access to someone’s online banking account and issue a wire transfer of money to themselves.

Stealing credit card numbers, software, video, music files, and other goods: Attacking to purchase goods or add bogus shipping instructions into a corporate system leading to products being shipped without payment ever being received by the shipper, and so on.

Stealing corporate and individual data: Attacking to obtain information that criminals can monetize in multiple ways (see the section “ It’s All About the Money: How Cybercriminals Monetize Their Actions,” later in this chapter).

Over the years, the type of criminals who commit online crimes has evolved from being strictly solo actors to a mix of amateurs and organized crime.

Hacktivists are activists who use hacking to spread the message of their “cause” and to deliver justice to parties whom they feel aren’t being otherwise punished for infractions that the activists view as crimes. Hacktivists include terrorists and rogue insiders.

Terrorists may hack for various purposes, including to

Directly inflict damage (for example, by hacking a utility and shutting off power)

Obtain information to use in plotting terrorist attacks (for example, hacking to find out when weapons are being transported between facilities and can be stolen)

Finance terrorist operations (see the earlier section on criminals)

Build credibility and invigorate supporters by demonstrating cyberattack prowess.

Disgruntled employees, rogue contractors, and employees who have been financially incentivized by an unscrupulous party pose serious threats to businesses and their employees alike.

Insiders intent on stealing data or inflicting harm are normally considered to be the most dangerous group of cyberattackers. They typically know far more than do any outsiders about what data and computer systems a company possesses, where those systems are located, how they are protected, and other information pertinent to the target systems and their potential vulnerabilities. Rogue insiders may target a businesses for one or more reasons:

They may seek to disrupt operations in order to lighten their own personal workloads or to help a competitor.

They may seek revenge for not receiving a promotion or bonus.

They may want to make another employee, or team of employees, look bad.

They may want to cause their employer financial harm.

They may plan on leaving and want to steal data that will be valuable in their next job or in their future endeavors.

Cyberattackers are typically grouped based on their goals:

Black hat hackers have evil intent and hack in order to steal, manipulate, and/or destroy. When typical people think of a hacker, they are thinking of a black hat hacker.

White hat hackers are ethical hackers who hack in order to test, repair, and enhance the security of systems and networks. These folks are typically computer security experts who specialize in penetration testing, and who are hired by businesses and governments to find vulnerabilities in their IT systems. Hackers are considered to be white hat hackers only if they have explicit permission to hack from the owner of the systems that they are hacking.

Grey hat hackers are hackers who do not have the malicious intent of black hat hackers, but who, at least at times, act unethically or otherwise violate anti-hacking laws. Hackers who attempt to find vulnerabilities in a system without the permission of the system’s owner and who report their findings to the owner without inflicting any damage to any systems that they scan are acting as grey hat hackers. Grey hat hackers sometimes act as such to make money. For example, when they report vulnerabilities to system owners, they may offer to fix the problems if the owner pays them some consulting fees. Some of the hackers who many people consider to be black hat hackers are actually grey hats.

Green hat hackers are novices who seek to become experts. Where green hats fall within the white-grey-black spectrum may evolve over time, as does their level of experience.

Blue hat hackers are paid to test software for exploitable bugs before the software is released into the market.

For the purposes of this book, black and gray hat hackers are the hackers that should primarily concern you as you seek to cyberprotect yourself and your loved ones.

Many, but not all, cyberattackers seek to profit financially from their crimes. Cyberattackers can make money through cyberattacks in several ways:

Direct financial fraud

Indirect financial fraud