Am I A Target for Hackers!?
WHO'S AFRAID OF THE BIG BAD WOLF?
Cyber threats seem to be everywhere. It certainly feels that way, doesn’t it? The truth is, they are quite prolific. Reports are constantly making headlines about homes getting invaded by hackers, whole school districts getting shut down by them, and businesses having their data stolen. What chance do you, as a homeowner or renter have against such skilled hackers that are even capable of embarrassing top officials in Governments?
So, are you a target for hackers? The answer to that question is not just “yes“, but “absolutely yes!“. However, it’s also “not likely“, “maybe“, and “not really.” This article will look at who these hackers are, what they want, and by the end, you’ll have 3 sound and simple tactics to make yourself not worth their time or attention.
Who are these Hackers?
Hackers come in all shapes and sizes and creeds, with several degrees of skill sets and tools available. However, security specialists tend to place them in a few different categories. Those categories are based upon what resources (skills, tools, money, etc) they have at their disposal. These categories also define what motivates each group. So, lets take a look at them!
The first group of hackers are Amateurs. They are nicknamed “Script Kiddies” as they generally lack the skills required to develop their own attacks. They resort to using existing tools, and editing existing program coding. They don’t even fully understand how or why their tools work, but they use them whenever they can. While they lack funding or a lot of skills, they are still a massive threat. It’s this group that is primarily responsible for a lot of identity theft. Their attacks are often in the form of email phishing attacks, and collecting available data such as databases of user accounts, and using them to log into peoples accounts. It’s this group that we most often see hacking smart homes.
The next group are Highly Skilled Professionals. They make good money hacking businesses and institutions. They are capable of programming their own hacking tools and programs, to work for them. They have a lot of experience and usually have the money to acquire advanced tools and equipment to aid them. Interestingly enough, this group has been becoming less of a threat to the general public due to the kinds of things that motivate them. Still, they are capable of great damage and at times, they do exactly that.
The final group are State Sponsored Hackers. These are full teams of hackers employed by Governments to spy on, and implement subterfuge on their enemies and allies alike. They also conduct widespread economic attacks, target infrastructure, and conduct misinformation campaigns on the public. This group is by far the most dangerous and well equipped out there. There literally is no barrier that they cannot break given enough time. They have nearly unlimited funding and all of the latest technology as well as full intelligence teams to assist them.
So, those would be the major umbrella categories we tend to separate hackers into. Now, lets take a look at what motivates each group, and how that applies to you!
What Do They Want?
Each of these groups are driven by primary motivations. They can be anything from just pure entertainment (“Do it for the LoL’z), to money, to respect, various causes, and even National pride. Knowing and understanding what motivates each of these groups helps us identify how to protect ourselves from them. Even more than that, it helps us know if we are even a target of theirs!
Starting with the lowest level, the Script Kiddies, we know that their motivations are usually to just see if they can. They are learning a new skill, and are always exploring what they can do with the tools they have. It is often curiosity, and a sense of mischievousness, and getting a laugh, that drives them. As they get some experience, they also get bolder, and their motivation shifts into gaining respect from the hacker community. They like to brag and show off what they accomplished in an effort to gain glory and build a reputation. There is also a sense of empowerment that motivates them as their skills and experience develop.
At the next level, the Highly Skilled Professional is usually motivated by profit. Their skills are able to earn them substantial monetary income either legitimately or illegitimately. Some at this level are are motivated by various causes, be they social or political. This subset is known as “Hacktivists”. Their motive is to bring attention to a specific cause, or point out a perceived evil that they want exposed.
State Sponsored Hackers are pretty much self evident as to their motivations. It’s entirely political, and usually their actual profession. They do what they do out of duty to their National Interests.
So, what do these motivations tell us about you being a target? Well, quite a bit actually! Let’s look!
Am I A Target?
Now we arrive at the part you’ve all been waiting for! Give yourself a pat on the back, and a sip of your favorite beverage for surviving the more technical ominous parts above. Now, we get to the good stuff!
The question as to if you are a target all comes down to who you are, and do you provide what they want!! The good news is that for most of us, we don’t have a lot to be afraid of.
The Script Kiddie is absolutely targeting you. You’re their practice field. Attempting to hack into your accounts or get your identity information is what they want! Fortunately, due to their lack of skills and tools, they are stopped by very basic security best practices like social media and email discipline, password management, two-factor authentication, and VPN’s. Hacking takes time, and each of these security obstacles take a lot of time to bypass. So, script kiddies will usually just move on to the next target when they encounter these. They’re looking for an easy in, for laughs, entertainment, and bragging rights. They don’t normally have the skills to actually work past these boundaries. So, while you are their target, you remove yourself from their target list by using basic security best practices.
As for the Highly Skilled Professionals, most of us are not worth their time and effort. The profit motive alone along with the risks involved, move them on to more legitimate uses of their skills. These hackers tend to become Cyber Security Professionals in businesses. They are paid well for their work, and get to use their skills without the risk of going to prison. There is a growing trend for them to move out of the professional office situation, and into things like “Bug Bounties”. When a developer creates new software, it costs them a lot to hire staff to continuously test the software. So, these companies offer bounties, for hackers to find bugs in their programs and report them. These bug bounties can be worth tens of thousands of dollars for each bug discovered.
The Hactivist is another animal, and their targets are more based upon who you are. If you are a member of a political organization, or a cause, then you could very well be on their target list. It’s not you, personally, that they’re interested in however. It’s what you represent. They target the organization, the cause, or in the case of politicians, the politician themselves. If you are in these types of positions, then you certainly do need to take an elevated approach to your security. It is recommended that you seek professional guidance to navigate this field.
Lastly, and most dangerously, is the State Sponsored Hacker. Since they attack widely, and hit major corporations, military members, government officials, utilities, and infrastructure, they are prolific. If you are an executive of a corporation, an employee of a financial institution, civil utilities, government contractor, or tech start-up, then you are on their radar. As a member of any of those organizations, foreign Governments have great interest in gaining access to the data, technology, and personal information, of the entire organization. The higher up in that organization, the higher value you present to them. Their attacks seek to leverage the intelligence they gain in a manner that gives them an advantage on the global stage. They also seek to destabilize society. They do this by using disinformation campaigns on social media. If they can turn citizens against each other, it’s very advantageous for them in sewing dissent and unrest.
For the average citizen, the best way to avoid being a target of State Sponsored Hackers is to present yourself as boring and worthless online. This is known as a “Grayman Defense”. You just blend into the background. Limiting what you say about yourself on social media, exercising discipline with emails, private messages, and other forms of communication, helps a lot. If you don’t bring attention to yourself, then you are far less likely to draw any. If you are a member of their target list, it’s advised that you consult with security professionals on how to employ sound. 24/7, security best practices for yourself, and your family.
I know that was a lot to read through! It’s amazing to me that you’ve made it this far! So, as a reward, I’ll give you a few parting tips on how you can make sure that you’re not a target for hackers.
First and foremost, relax. As you can see, the vast majority of the public does not have much to offer hackers in a way that they would want to attack you, personally. You don’t have to be afraid!
There are three very basic tools that you can use, that are very very very helpful in making life hard on a hacker, and driving them down the road to the next target.
- Password Manager
- Authenticator App
A password manager is a software tool that acts like a secure vault to store your passwords in. Passwords are a large vulnerability in cyber security. People have a tendency to use their same username and password all over the internet and when those other locations get hacked, your login’s are stolen, and added to databases, that are sold all over the dark web. This is how hackers can get your login information without ever actually hacking you. They get your username and password from one location and they try it at other locations. This is exactly how almost every single Smart Home hack happened. A password manager is a powerful tool to combat that. They have the ability to create very complex passwords for you, and store them, so that you never have to use the same password twice. Even if one place where you login is hacked, then only that single location needs to be changed.
Authenticator App’s allow you to leverage Multi-Factor Authentication. This is when you use more than one thing to prove that you are you, and nobody else. Typically, we use a username and a password. These are two things that you know. An authenticator app, makes it so that anyone trying to access your account, has to have your phone, physically, in their hands. This is something that you have. Something you know, you have, or you are (fingerprints), are all factors. Using more than one factor greatly improves your security. It’s nearly impossible to get around this combination. The Authenticator app, makes it so that when you log into an account, you are asked to enter some numbers. You open the app, and it already has the numbers available for you. This number changes every 30 seconds, and can only be used once. Making it really hard to steal and use. They’re very cool. I love them.
A VPN is a Virtual Private Network. It’s an encrypted tunnel from your device, through the internet, and to it’s endpoint. This makes all of your online activity encrypted and protected.
As a bonus, I will add one more tactic to this list. Never, ever, ever, ever, ever (x 10000000), click links in your emails. If a legitimate service sends you an email with a link, ignore it, go directly to their site via Google or other search engine, and address your business directly on their site. Or call them, by using the number on their website (not a number in the email), to handle whatever you want to handle.
Thank you for spending your time here with me, reading this. You didn’t have to, and I do not take that lightly! If you want more of this kind of information, or want to know more about how to select the best Password Manager, Authenticator App, or VPN for you, please take a moment and sign up for our newsletter, and follow us on Facebook or Twitter!
If you need professional guidance, feel free to reach out to us. It’s our mission to bring our Corporate and Government level Cyber Security experience and best practices to the homeowner and renter. We would love to help you!