The hackers that people don’t write about
As I’m surfing blogs and other security related Websites these days, I’m seeing a lot of good advice on how people can protect themselves from hackers. Everyone advises people to use anti-virus/spyware software, use a firewall, update everything as required, and to be careful when opening email and browsing Websites. There is also good advice about what to do in the event someone gets hit with malware that makes its presence know by causing all types of errant computer behavior. But what many bloggers and Websites don’t seem to be writing about, are hackers that can circumvent these and other types of security measures, including network intrusion detection systems.
Professional and Top Tier Hackers
There are hackers out there that are much smarter than the type of hackers you hear about in the media. They don’t go after every computer, they don’t try to obtain millions of credit card number or Facebook passwords, and they are not out to cause chaos and mayhem. These hackers target specific organizations and individuals for specific information. They spend a lot of time doing reconnaissance on their targets to determine what type of computing and security infrastructure is in place, how users act to specific stimuli (i.e. email, free removable media delivered via postal mail, etc.), and how fast people react to certain types of detectable malware. To these hackers, what we refer to as “security” is nothing more than technical obstacles that can be overcome by careful research and planning. Avoiding detection by anti-virus/spyware and network intrusion detection systems is simply a matter of testing tools against everything out there and making modifications to avoid known signatures and heuristic algorithms. These are the type of hackers that develop zero-day exploits and take advantage of other zero-day exploits as soon as they are announced.
If you’re a home user and only have the basics (firewall + anti-virus/spyware), you don’t stand a chance against a more sophisticated hacker. Your anti-virus/spyware software won’t detect their presence and you won’t see any errant computer behavior. The hacker is going to do all kinds of things to your computer that you won’t even be aware of, including but not limited to: making configuration changes; swapping out legitimate programs and utilities; disabling certain security features; and taking anything and everything of possible interest. After he’s obtained what he’s looking for, he’ll erase every trace of his activities and tools from your computer and disappear.
At the office
If you’re in an office environment, depending on your organization’s security, a more sophisticated hacker is going to be a lot more careful about what he does to your computer, but he will go after any information on your computer, shared drives and internal Websites that he can access using your credentials. There are many other things a hacker may do on your computer, depending on what his objectives are and what he knows he can get away with without being detected. Because he’s done his homework, his activities are less likely to draw the attention of system administrators and security personnel. He also knows that lingering too long on a computer will increase his chances of being detected, so as soon as he has accomplished his objectives, he’ll cleanup after himself and leave.
So what can you do?
You can reduce your chances of being a victim of these types of hackers by implementing additional security measures and following best practices. Notice that I said reduce, not eliminate. Also keep in mind that you have to weigh the risk versus cost and your ability to use and manage more advanced security measures.
For home, here are some things you should consider:
- Purchase an Internet Security Suite. This does much more than just anti-virus/spyware software. Not all products offer the same features, so you’ll have to do some research. If you already have an Internet Security Suite, you may want to compare it with more current offerings from other companies.
- If you shop online or manage your finances online, purchase credit monitoring and identity theft protection. Check monthly statements for unusual or unauthorized transactions.
- Use a separate computer just for managing your finances online.
- Buy your kids a separate computer. They really don’t know better when it comes to computer security, so you’re more at risk if you share the same computer.
- If you use PayPal, open a separate bank account just for PayPal transactions.
- Don’t copy documents containing confidential or propriety information from work onto a internet connected home computer. This includes sending yourself documents via email. These are exactly the type of documents a hacker is looking for and expecting to find on your home computer.
- Use a virtual environment (virtual machine) for browsing Websites, like VMware Player or something like it.
- Use a Hotmail, GMail or Yahoo email account instead of your ISP email account to register for Websites and download software. If your ISP allows you to create more than one email account, use a separate email account just for financial institutions.
If you own or manage a business and have concerns that your organization may not have adequate protection against more sophisticated hackers, you need to speak to your security team about these types of issues. If you don’t have someone in-house, contact a computer security firm. A computer security firm can do a security and risk assessment, and provide you with a variety of options that meet your needs and budget. The most important assessment you can do yourself, is determining what information is of value to global competitors and how providing competitors with that information can negatively impact your business. This includes customer information as well.
Are you fascinated by all of this? Want to learn more? Want to know what questions to ask your security team to determine if they are prepared to deal with more sophisticated hackers? Read my book!