More and more hackers are targeting large companies that seem to be secure on the outside. Read about the motives behind these hackers and what companies are doing to protect themselves.
If you follow the news, you will have noticed that the amount of malicious online activity is at an all time high. Just in the last month, we’ve seen two massive attacks. One was on Sony and is still being investigated to determine exactly who did it and what their intentions were. Allegations have been made that this was an inside job, but the source is still unclear.
Xbox Live and PSN were also hacked over the holidays, sending an uproar of frustration to all those who received new online video games for Christmas. It makes us wonder how dominant companies like Microsoft and Sony could possibly be hacked.
The attack on Sony a few weeks ago is still a mystery. There have been speculations of who did it and why, but there is still no hard evidence. Read more about the hack against Sony here.
More recently was the Xbox Live and Sony’s PlayStation Network attack. On December 24th, these two online gaming services were disrupted due to a DDoS attack, or distributed denial-of-service attack. A DDoS attack basically renders a machine or network completely unavailable to its users. This was obviously a huge concern for the 150 million users on PSN and Xbox Live.
The brains behind this online attack are thought to be a group of hackers called Lizard Squad. In fact, they were happy to take credit for the massive attack that spoiled Christmas for millions of gamers. Now they are using this worldwide publicity to market their product which is actually a service that can help people launch DDoS attacks of their own. The service is called ‘Lizard Stresser’ and is exactly what they used to disrupt Xbox Live and Playstation Network. Lizard Squad is claiming that their service should be used as a tool for people to test their dedicated servers for security, and not to hack other people’s private servers.
These attacks raise many questions. I went through and attempted to answer two of the most daunting questions we may have about hackers:
What drives a hacker?
- Make some cash. This seems to be the most obvious reason behind hacking. Many hackers, or “crackers” if they’re criminal hackers, target credit card companies and large corporations to make some easy money for themselves. They may ruin your credit, steal credit card numbers or hijack important passwords. Internet fraud is obviously illegal and can range up to a 5 year prison sentence. We probably all remember the attacks on Target last December that stole credit and debit card data from 40 million accounts.
- Hijack your computer or server. Some hackers have the intent of hacking your computer or server to be able to store their illegal information. They don’t want illegal content to be traced back to them, so they hack your server and send everything there. A hacker can actually install malicious software onto your computer and take total control.
- Hacking for fun. Let’s face it, many of us techie junkies are curious people. We want to know how everything works and we want to see what we’re capable of. Many hackers are interested in seeing if they could hack a highly secure network. They receive a sense of accomplishment and a rush if they can hack an intricate system. These hackers generally have no intention of stealing or destroying anything; they just want it known that they could hack you.
- Competition. Hackers gather from all over the world for computer hacking competitions. The University of California Santa Barbara held a hacking contest that involved more than 1,300 students from 40 different countries. Students spent several days playing “cyber capture the flag”. Teams developed weapons of their own while finding ways to block cyber attacks from opposing teams. Pwn2Own is one of the largest annual hacking competitions. It began in 2007 as a way to prove that Apple’s Mac OS X wasn’t necessarily more secure than the competition. The contest has continued annually with new challenges coming every year. In 2014, a French security firm called VUPEN took home $400,000 after winning the competition. They successfully exploited Internet Explorer 11, Adobe Reader XI, Google Chrome, Adobe Flash and Mozilla Firefox, all on a 64-bit version of Windows 8.1.
- Working as a hacker. Recently, many companies have hired hackers to improve the security of their own systems. These ethical hackers are called “white hat hackers”. White hat hackers are generally very experienced and find a thrill in hacking. They commonly work in teams to find weaknesses in information systems, then work on improving these flaws. Christian Rioux, an IT professional for Veracode, said “You could say they are the good guys. You need to think like the attacker if you are ever going to outsmart them.” Apple is just one of many large companies that hires white hat hackers to improve the security of their systems.
What are companies doing to protect themselves from hackers?
- Stand alone systems. Companies are implementing stand alone systems for sensitive data. A stand alone system runs local applications and does not need a connection to a wide area network (WAN) or local area network (LAN). This offers the most protection against remote intrusion and can even protect against local intrusion if the adequate security is set up.
- Security software. Large companies are taking the same precautions you are with online security, only at a much higher level. Just as you should have current antivirus software and firewall setup on your computer, most major companies run a very high level of security on all their systems. It is important to keep all of this software up to date, checking it at least quarterly.
- IT professionals. Although high security software is essential, systems can still be exploited by hackers. Most large businesses have a group of IT professionals that work on keeping everything safe and secure. Many companies even hire white hat hackers, as I mentioned earlier. Smaller businesses may not be able to afford employing an entire branch of IT. However, small business owners must keep in mind that they are still at high risk of attacks. Hiring an IT professional just to come in and verify all secure software is a must for any business, no matter how small.
- Keep away ex-employees. This is especially a threat in large techie companies. If an employee leaves for whatever reason, companies must take precautions to make sure they don’t have access to any of the company’s files, passwords, etc. This can be done by updating security systems frequently and changing passwords. Ex-employees may know the infrastructure of a system, leaving the company very vulnerable. Lizard Squad is actually thought to have at least one Sony ex-employee on board.
- Act quickly. Sometimes hackers are going to find a way in no matter what. No one would expect Sony to be hacked with all of the IT support they have on board, but it has happened multiple times. When these cyber attacks happen, companies have to be ready to fix whatever is damaged. Every second counts when a system is down. Just imagine how much money Microsoft and Sony lost when their online gaming systems went down on Christmas. The faster an attack is resolved, the less information will be hijacked and corrupted.
The truth is, hackers are not going to stop anytime soon. FBI Director James Comey said, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.” Cyber attacks are a concern for small and large businesses, technology based corporations, and anyone that uses a computer. That basically sums it up as… everyone.
If you’re a hacker, we hope you’re striving to improve online security, rather than destroy it. Follow our blog as we’ll be posting more security related articles about hacking.
Now that you have some of your answers about hacking, check out how you can become a reseller of domains and web hosting at Resell.biz.