Can you spot the hacker? What do you think that means, “hacker?” Were you thinking of a good guy or a bad guy? The term “hacker” tends to be used as a negative and a synonym for cybercriminal, except by hackers themselves. People who identify as hackers don’t tend to also identify as criminals. A hacker is simply any skilled computer expert that uses technical expertise to overcome a problem in a clever way. A malicious hacker is someone who uses those skills to commit crimes which basically comes down to one word… permission.
So, can you spot the malicious hacker? Truth be told, anyone in that video could be a malicious hacker – and that’s kind of the point. Acquiring and wielding offensive and defensive cybersecurity skills is not limited to a single gender or stereotype. While Hollywood likes to use the “guy who lives in his mother’s basement” trope, in reality, hackers, ethical or otherwise, can be anyone. I’ve been fortunate enough to travel the world and conduct war games on several continents. Running these events gave me a great opportunity to observe and interact with security professionals from multiple cultures and backgrounds. After 20 years, I’ve just about seen every type of person in the profession, from the Hollywood trope to people you would never guess are professionals. And this is the point of the video – you can’t spot the hacker based on outward appearances. You can, however, spot them on your network if you know how.
While there is a wide variety in the types of people that become malicious hackers, there is not wide variety in how they operate. Malicious hacking (breaking into networks you don’t own) or penetration testing (breaking into networks with permission) is open conflict, pure and simple. Hacking is a martial art, it is conflict management. It is a never-ending fight between those that would do your network harm and those that would protect it. And in any fight, on any terrain, there are only so many efficient ways to engage the enemy. There is a tried and true process that every successful operator uses. Yes, there are some deviations and special cases (there always are), but every good combatant follows a strategy or formula to maximize their chances of success.
Anyone in the business of conflict, from an attorney at the negotiation table to the fighter in the ring, starts their attack and defend process long before they start actual combat. This first stage is known by many terms; reconnaissance, intel, backgrounding. Regardless of what it is called, it all means the same thing: “know thy enemy.” This first stage is also the most time-consuming. Facts, figures, network and organizational mapping, and more go into creating a comprehensive profile of your target. Short of getting a job and working from the inside (and some will do that), there should be no one that knows more about your adversary.
The next step is finding the weakest point of entry. Maybe an unpatched development server? Maybe the local bar where the IT crowd hangs out every Thursday night? Maybe even spear phishing or badge cloning. This next step is to map your target’s weaknesses against your available arsenal. Do this wrong and your first contact with the enemy may be your last. In other words, don’t bring a sword to a tank battle.
Research. Done? Check. Vulnerability to weapon mapping done? Check. Now it’s “go time”. No plan survives first contact with the enemy. No worries, you have a wealth of background research and more than one trick in the bag. At this stage, you are actively engaging the enemy. Exploiting holes, trying default passwords, whatever is at hand to grant you that precious beachhead. Do your research and planning well, and this should be over quickly with a high degree of confidence in success. Once you’ve established a toehold, it’s time to secure things and move towards the finish line.
Preparation and skill, not luck, have gotten you this far. While inside the network, you shore up your access, install what you need, and cover your tracks well. You’re here to mine the coin of the realm: data. Keyloggers, stego, log wipers, rootkits, and more are at your disposal while you tunnel deeper and deeper into the target network. Victory is close at hand but getting in is only part of the equation. The data is of no value sitting where it is. Encrypted channels and relays let you pipe data out of the target to deposits around the internet via protected servers prepped with the tools and storage you need to secure your hard-earned treasure. Proxies and bounces make it hard to trace back but not impossible. Through sleight of hand and speed of skill, the data eventually resides on an external drive sitting next to you.
You unplug the drive, close your laptop, and store them both in your messenger bag. Task complete, victory assured you look around the coffee shop and casually sip your now cold coffee. Time to go collect a paycheck.
All around the world and all around the clock, this scenario plays out over and over. At each step of the attack, there are crumbs and footprints left behind. Some are easy to find. Others are not. There is no end to the data being generated on the internet and therefore no end to this game. Hackers of all shapes and sizes, all ages and genders, all nationalities and motivations are out there. They are working hard. They are smart. They are passionate about what they do. You will never spot a good one in the wild. But come in for a CEH and we’ll teach you how to work as they do. Know thy enemy but know thyself too. Increase your knowledge and prepare to meet your enemy on the battlefield from a position of strength and knowledge.
Good luck, we’ll see you out there.