• Reza Nilofer

What do hackers want?

Who or what are hackers? We know they are people just like us, yet there is an air of enigma around them. Are they connected to one another or independent? What are their motives? Is it all a prank or are they, criminals? Or are these just really bored smart individuals with some time on their hands?

The thing about hacking is, it is happening more often than before. From a simple thing as hacking another person's WIFI to get free internet access to complex attacks on really secure government websites. But one thing they have in common, these are very resourceful and intellectual individuals. Before we get into the more common forms of hacking and it would be helpful to understand that hacking is a very expansive term and can refer to any techniques or workaround required to breach a system.

DDOS or Distributed Denial of Service

So every time you connect to a website, you are technically requesting information from the website to your computer. Websites are hosted on physical servers, which as physical resources go does have its limits. So let's say a website is hosted on a small and affordable server that can handle up to a thousand people making an information request from it. If two thousand people were to log on to the website at the same time, the server hosting it will not be able to cope. It will either crash from the huge amount of traffic or simply refuse any more connections coming to it. This scenario can be recreated via codes and scripts used by hackers. Which they can run from various servers with different IPs. Why do they do this? The answer is pretty simple as you can guess, it is to deny you service or access to this particular website. Attacks such as these are common and are almost always a planned attack. From a simple scenario as a disgruntled individual who is also a hacker or an attack on a government or company website. We are humans after all so the reasons are endless. But the targets in these cases are more or less the same. It is very rare that a personal website is ever targeted in this manner. And in some cases, let's say a ticket agency website selling a highly sought after show ticket can also inadvertently suffer from a DDOS attack, which is not done on purpose but is a result of too many people logging in to buy the tickets at the same time. Quite funny actually.

Social media hacking

Now, this is by far one of the more common forms of hacking. And the reasons behind this are really vague, to say the least. There seems to be a trend that as long as your social media account, especially Facebook, is hacked almost all the time. And it normally correlates with how secure your password is and how long you have not changed it for. This itself is a very suspicious thing, but again it may be anecdotal on our part to assume such a thing. And even for our clients are people that are around us, it is not uncommon for Facebook to temporarily block your access and verify step by step which actions were taken by you and which weren't. So if Facebook already has a policy and procedure for dealing with it, it goes to show how common and rampant this could be. In our case, we have seen suspicious activities like taking over as the admin of a Facebook page for example. Might be a new type of ransomware, take over your Facebook page and make you give money to them to return it to you perhaps? We are just assuming at this stage.

There are other forms of hacking too, from spying on someone to find out what they are doing. There have been spouses known to hire freelance hackers to check the messages in Facebook inboxes and what have you.

Personal Data Hacking

Information is the new crude oil we would say. The properly processed information is the equivalent of gold these days, especially for companies who want to target their marketing to the individuals that will be interested. Let us look at the recent hack of Marriott hotel which resulted in the personal data of 500 million people exposed. So in this case, a purely hypothetical one, of course, let's say a competition of Marriott wants to increase its customer base. Maybe this competitor hires a marketing agency launches a new campaign strategy and part of the campaign is email marketing. These agencies will look for people who sell personal data, prices range depending on how detailed the data. If it is just an email list you are purchasing, the prices average about one hundred to two hundred per thousand emails from reputable providers. So these reputable providers still have to get this information from somewhere and resell them, so the more you dig at the true source, the hazier it gets. There could be layers and layers of middlemen before you possibly end up inside the dark web. You could buy the full personal information available online of anyone for a thousand dollars these days. And if you think that is expensive, we are talking about bank records, government records, social media access and what have you. Of course, this is hypothetical in a possible scenario. But these personal data do end up somewhere. And they are being sold to someone for whichever reason. Or maybe not at all. So far this part is a little bit of a mystery.

Server resource hijacking

This one even we think is very creative. Find a weak and less secure website and put your own application or codes into it. In this case, as opposed to injecting a virus as code, crypto mining codes or application is housed within a website running at the background. Many websites do not do regular security updates and are more susceptible to this type of hijacking. We have personally found lines of codes that mine bitcoin for someone's wallet. Which is an amazing solution really, why buy an entire row of server and pay for electricity and maintenance when you can simply use someone else's resource. So they make the server your website is hosted on work for them. And these also apply to many other things. Russian dating websites we have also seen on a few client's websites. The possibilities in these cases are endless. Some scam somewhere that needs a temporary website and they use your website for their own short term purposes.

Espionage attacks

Espionage, rolls of the tongue nicely does it not? What we mean by this are targeted attacks. Which means you have clearly made an enemy, inadvertently or not. And this person wants to hurt you in some way or form. So they hire a hacker to do a range of things. Crash your hard disk, which is difficult these days with Solid State Drives. Some hackers are able to disable kernel processes, which we mean is very important for your system to run. Like disabling the CPU(central processing unit) cooling fan while allowing your CPU to run. Which simply melts the CPU. But we are entering movie territory now, not that it is impossible. But you must have really annoyed someone to lavish out a lot of money to pull this off. It is not exactly easy. But espionage attack does not stop there. It could be hacking the police servers to remove criminal records or to make new ones. It could be destroying the information or deleting important military or government files. Or even destroying backups. These are what we refer to as a much more direct attack with a clear target. These types of hacks have been happening since as long as anyone can remember.

Personal information hacks

Earlier we did talk about personal data. But that was more of a collection of a huge amount of data. Let's say if we collect all the data of a million people on Facebook, the data is more or less going to be very consistent and similar. Age, picture, name, Instagram, etc. You will only get a few parameters of metadata. But there are worse kinds of hacks. Hacking that can happen to you or if you know the right person, you can get any or all the information you want on a person. Private Investigators, for example, are one of the users of these types of services. And there is very little one can do when you have a group of professional hackers consolidating every information, the footprint of every website you have ever been to and your personal financial details. These hacks can even invade your sensitive medical information from institutions, your educational records, every SMS you have sent that is still stored with your phone company. So this is obviously a dangerous territory.

Crypto wallet hacking

Another new form of hacking. Blockchain has always been touted as a very safe way to transact, yet there is one chink in its armor. It's the wallet itself. Why break the door when you can get the key right? Digitizing currency means money has no physical form. As secure as a blockchain transaction may be, the money still has to be stored somewhere. And as with all types of digital information, anything that is connected is virtually hackable. In fact, the safest form of the wallet is a secure thumb drive really. An encrypted one, with a numeric keypad on it just to unlock it that auto-locks once you remove it. That is where your wallet should be in our opinion. Jeez.

IoT hacking

Last and certainly not least is IoT. Which in our view is a torchlight with wifi capabilities? Of course, you can also have thermostats, light bulbs, refrigerators, fans, television, air conditioning, and even barbecue grills. We are not joking, there are Weber grills out there with Bluetooth connectivity to tell if your steak is rare or medium-rare. IoT gets deeper, you see IOT means internet-of-things. Which could be your fan, lights, and fridge all talking and communicated in the same environment. And the more dangerous side of it is cars. Yes, cars can be hacked. And this is because the car itself is now an IoT device. It connects to an app, which means the mobile phone with the app is connected to the internet and someone can simply hack into your vehicle and make the windows go up and down. Spooky. But if the car's ECU (Engine Control Unit) is communicating with the circuit that controls the windows, this poses a big problem. Because this means you can hack it. And shut down someone's engine remotely. And this has the potential of being absolutely deadly.

These are of course not all the forms of attacks hackers can do. There are many more. And even newer ones to come in the future. But one thing we do know, they are people too. Whether they are simply out for money, fun or activism. The world is definitely a more interesting place because of them. And maybe slightly more dangerous. So stay safe guys and do take the necessary precautions.

#hackers #singapore #itblocksg #protip #scams #data #password #stealing #crime #activism #attack #online