What is a data hacker and what do they do?
They have many names: hackers, crackers, black hats, cyber criminals. All of them do the same thing: steal data to make money or taking political advantage of it.
Because many companies and government authorities are poorly protected, it is fairly easy to break into them. It happens hundreds of times a week worldwide. All types of companies and authorities fall victim, from the very smallest up to the White House.
- For hacker individuals and small hacker groups, the motive is always the same: it’s nothing personal; they just want your money.
- For state-sponsored hacker groups, the motive is also always the same: to obtain state secrets that can be used internationally.
A hacker is a criminal similar to a burglar, but who works on the Internet. There are several ways they can get hold of data or money.
Phishing: The criminal sends you an e-mail with the correct name and everything, and pretends that you won money in a competition, have money deposited in an account that must be withdrawn, a rich relative has died and you have to withdraw the inheritance, a package is waiting for you at the post office but you have to pay a fee, etc. There are many tricks and the emails are sent in their millions around the world every day. Either you can be tricked to go to a website where you lose your personal data, credit card details or bank account, or you may have a small, invisible malware installed on your computer: a Trojan horse. This leads to the next step.
Hostage taking: Once a hacker has entered the company via a Trojan horse, some sort of hostage situation is automatically arranged. Usually, the Trojan gets around the company’s network and encrypts all the data in its way, thus making it unreadable. Then you will see a message saying that if you want your company back you will have to pay X pounds. Otherwise, we will erase all your data. After that, the company is permanently “lost”.
Data erasure: The Trojan horse could also be intended to destroy. It erases all data in its path and when all data is gone, the company or authority is also effectively “gone”. In this case, the Trojan usually comes from a competing company or a rogue state.
Password theft: If the hacker is allowed into your facility, pretending to be e.g. a technician, serviceman or similar, he may be able to get people’s passwords to the company network by simply talking to them or handing out gifts. This is surprisingly common. He may be able work undisturbed and steal or modify data, falsify web pages and basically see everything that goes on in the company and use this to stifle competition or sell the information to competitors.
Spearphishing is becoming increasingly common. An impostor pretending to be the boss sends an e-mail or calls (voice fraud) the finance department and states: Hello, this is Charlie. I am stuck in X-land and I immediately need 123,456 pounds to take me home and to pay certain debts. Please transfer the money into my private account 123456-7 so I can pay for flights and living. The villain has done some research and found out that the boss is out and about, which increases credibility.
As long as the staff has
- little or no knowledge of cyber crime and IT security
- substandard passwords on their accounts and servers
- never had any training regarding fraudulent conduct on the Internet
this will continue. Businesses, the media, schools, government and the state administration must begin to educate and make staff, students and the general public aware of the risks. Training must be followed up regularly. But it is expensive and takes time, and so is rarely done.
Backup your stuff! Back it up sufficiently often for the backup to be useful for day-to-day restoration. Better to lose one day’s work, than to lose the whole company.
The backup you cannot touch, you don’t have. Keep the back-ups in house.