Hacking and identity theft

| March 20, 2018

Everyone’s heard of hacking and a hacker but what exactly do they mean? There are lots of types of hacking such as:

Growth hacking – the process of rapid experimentation across marketing channels, product development, sales segments, and other areas of the business to identify the most efficient ways to grow a business.

Life hacks – a strategy or technique adopted in order to manage one’s time and daily activities in a more efficient way.

Media hacking – the usage of various electronic media in an innovative or otherwise abnormal fashion for the purpose of conveying a message to as large a number of people as possible

Computer hacking – using the properties of computers and networks and using them in new and unexpected ways to accomplish a variety of goals.

Patriotic hacking – a type of computer hacking or system cracking in which citizens or supporters of a country, traditionally industrialised Western countries but increasingly developing countries, attempt to perpetrate attacks on, or block attacks by, perceived enemies of the state.

One commonality we all these types of hacking is they all use creative problem solving. Would you believe me if I were to tell you that at some point in your life you’ve been a hacker? Whether you realized it or not, hacking by social engineering is something we’ve all probably done.

Social engineering is the art of psychological manipulation to gain access to buildings, data, or systems rather than by breaking in or using technical hacking techniques.

Let me tell you two different stories illustrating social engineering. Both stories are true stories.

I flew to Auckland to chair a morning forum on a range of topics including one on cybercrime. The forum was to start at 8.30am so I turned up just before 8am to find that the lifts didn’t operate without an access card until 8am. I was dressed in a suit and tie and looked like an employee of the firm hosting the seminar. I patiently waited and when someone got in the lift I followed them.

They swiped their access card and pushed the floor button and I pushed the button to the floor I was going to. Bingo – I was at the floor I wanted to be at. The second story is of a Walmart employee that was fired for stealing money. This ex-employee put his uniform back on and went to a number of other Walmart stores pretending to be a general manager from another store.

He was in uniform, had a name tag, knew the processes and the talk, and no one suspected anything. He claimed to be there to carry out an inventory inspection, but he really ended up stealing bundles of cash from the cash rooms.

Both these stories while quite different share two common aspects – confidence and plausibility. If you don’t seem to be a bad person people generally assume you’re not. If someone was at the door to your office with a tray of takeaway coffees and gesturing to get in you would probably open the door for them.

Their hands were full, and they couldn’t get their swipe card to open the door. But why would you open the door – well because the situation explains itself or is plausible and the person with the tray of coffee is confident.

In a cyber scenario the aspects of confidence and plausibility are exactly the same and cybercrime is the use of computers to access and exploit people’s confidence and trust.

So, is there a stereotypical cyber hacker? As a generality, hackers are creative types of people that are drawn to hacking out of intellectual curiosity. The excitement for them is to understand how a system works and then exploit that knowledge they have gained.

There are ‘black hats’ hackers who attempt to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons.

There are also white hat hackers who use their skills to improve security by exposing vulnerabilities before black hat hackers can detect and exploit them.

There are also another group known as gray hat hackers that operate is a moral gray area such as stealing information to expose corruption.

In my next article in the series on cybercrime I’ll discuss some common social engineering techniques -after all forewarned is forearmed.