Chapter 2: The threats – Security in the Digital World-

CHAPTER 2: THE THREATS

2.1 Cyber crime

Cyber crime is a criminal activity that involves a computer or digital media and a network – in most cases, the Internet.

Cyber crime allows anyone to become a criminal: a person who is technically inept, or who lacks the confidence to challenge another person, or lacks the guile of a fraudster or anyone who is not able to be a criminal in the traditional sense of the word. The computer gives them a shield to hide behind, and gives them the means to attack without being seen or heard, and without being near the victim or having any connection to the victim.

Attackers are slowly discovering all the ways that devices can be used to attack others. As this knowledge develops, the number and sophistication of attacks also increase.

2.2 The who?

There are two very different types of attackers who must be understood to help you protect yourself. There are the brazen, confident, imposing, threatening, violent and overt attackers, while the other attackers are deceptive, covert and manipulative. Attackers who intimidate, threaten violence, are violent or are extremely abusive are the former, and Internet attackers – manipulators, tricksters and fraudsters – are generally the latter. Internet attackers are also technologists, using technology and people’s lack of understanding of technology to get what they want.

Hackers and crackers

There are two types of people who know computers, networks and programming: hackers and crackers. Hackers use their knowledge to find vulnerabilities or weaknesses in computer systems and then try to fix them. Hackers in the truest form are ethical hackers: they are available for hire to attack a computer system or network to test the security in place so that the organisation can improve it.

Crackers use their knowledge for their own benefit or gain. There has been much confusion about these terms, to the extent that ‘hacker’ is now used to describe both types of people without making any distinction as to whether or not the ‘hacker’ is using their skills and knowledge for good.

To avoid confusion, the generalised term ‘hacker’ is used in this book to refer to a person who uses their knowledge and experience to find vulnerabilities or weaknesses in a computer system, whether it is for ethical purposes or otherwise.

Hacking has become an industry in its own right, with hackers advertising their services and distributing their tools as products for sale. They tend to work alone but occasionally collaborate to achieve a common aim, either for a specific period of time or until the common goal has been achieved. From these collaborations groups may form that collectively are very resourceful and clever because they tend to share knowledge and experience, and have more time between them than a lone person.

Groups of computer hackers who use their skills and knowledge to further a political agenda or personal belief are called ‘hacktivists’. ‘State-sponsored’ hackers are teams that have phenomenal computing resources, as well as the infrastructure and support to dedicate their whole time and effort to an aim.

Among all of these types of hackers are the script kiddies, who try to be hackers without the knowledge and experience. They will collect malware or code from the Internet, copy it or change it slightly, and launch it back onto the Internet. While they lack any real experience or understanding of the tools they use, script kiddies can still be quite destructive simply because they don’t really understand what their tools may be capable of.

Traditionally, hackers have mainly targeted commercial organisations or governments, be it for monetary gain or commercial espionage, or to cause political upset or influence public opinion. However, hackers are now targeting home networks as much as commercial entities or public bodies. Home users are running their own networks, and some professionals are using their home networks to manage company information, but home networks are almost always less secure than corporate networks.

As well as the professional information that could be taken from a home network, there are other reasons these may be attacked. If there is a baby monitor, the images could be sold to child pornographers. There may be personal information that would enable an attacker to steal an identity or financial information, or access credentials that could provide access to financial accounts. With the Internet of Things (IoT), even more information can be gleaned from home networks, such as when the home is vacant, which could be passed on to burglars. A hacker might also try to insert malicious software (malware) onto home networks. Such malware will have a specific purpose, which I’ll discuss later.

Internet trolls

Internet trolls are quite unique in their intent. They generally exist in social media and do not seek personal gain in a tangible form such as money, but instead seek satisfaction or even some form of revenge through seeing the distress caused to another person online. Internet trolls start arguments, quarrels or disagreements online in order to get their satisfaction. Internet trolls have been grouped according to their ‘trait’, their mannerism or even their characteristic. These groupings include:

Insult troll – will pick on anyone for no apparent reason and post insults to or about them.

Persistent debate troll – just live for a good argument.

Spelling and grammar troll – try to show how clever they are or even suggest a comparison with somebody. These trolls may not even be blatant in exhibiting their characteristic. They might make a spelling or grammar observation in a post, sometimes in inverted commas or quotes to highlight it.

Blabbermouth troll – not necessarily interested in contributing to a thread or topic. These trolls will post so that they can be seen and acknowledged, maybe even posting something that is irrelevant to the topic or thread but is all about themselves, usually suggesting how good they think they are.

Exaggeration trolls – will post any response to blow any topic out of proportion.

Other threats

There are lots of other threats that exist online which are discussed later in the book, in the section on parental security. A very brief introduction of some of these threats is below. Greater detail of each of these threats is included in the parent’s section. The main source of information should be child protection agencies websites, such as NSPCC, ISPCC and/or American SPCC, who will have the greatest detail, current information and also advice, guidance and contacts of where help is available.

Cyber bullying

Cyber bullying is a means for anyone to be a bully as potentially there is no physical connection between the bully and the victim, it is all done by electronic means. Traditional bullies rely on physical presence or group pressure; cyber bullies can be without these aspects. Where a person who did not have the physical presence was not able to be a traditional bully, they can be a cyber bully.

Cyber bullying has two significant aspects that means it differs, and is significantly more of an issue, to traditional bullying;

It is relentless, a child retreating into their safe zone, their home or bedroom, is no longer guaranteed to escape the online bullying as the internet is invited into the home or safe space.

It is not restricted to a single method of bullying. Where traditional bullying is primarily experienced when the victim physically meets the bully cyber bullying can be experienced at any time, on any medium i.e. on the mobile phone, the laptop, the tablet, the home computer, etc.

Cyber bullying is addressed in greater detail in section 12.

Grooming

Grooming requires a concentrated effort on the part of the attacker. Grooming is achieved by manipulating the victim based on a secret trust relationship.

Grooming develops from a single action which is used by the attacker as the foundation of the trust relationship. The single action could be from taking a sweet from a stranger to getting in a car with a stranger, or any other number of actions which might be forbidden by the parent’s but encouraged by the attacker. Once the single action has happened the attacker uses this to gradually increase the appearance of trust, for example the child talks to the stranger, then the child takes a sweet from the stranger, then gets in the car, etc. This trust escalation will continue until the attacker, the groomer, gets what they want from the child.

Grooming is spoken about in greater detail in the parent’s section and there will be more detail on the websites of child protection agencies.

Sextortionists

Sextortionists have a different attack method to grooming attackers, although ultimately their intent might be the same. Sextortionists will base their attack on a single action of the victim that the sextortionist gets hold of, for example by cloning the victim’s phone or hacking their picture or text storage, then exploits. The attacker will exploit this by telling the victim they will release the image, text or other incriminating or embarrassing media, unless the victim does something for the attacker.

2.3 The why

Internet attackers are generally after one of two things: either to better themselves by getting money or goods, or to prove to themselves how clever they are. The attackers who want to prove how clever they are tend to attack companies, organisations or government agencies. The attackers who want to get money tend to be the threat that home users and normal Internet users should be concerned about. The reason these attackers prey on normal Internet users is they feel the users are not trained, are not aware of the threats, and are gullible or can be manipulated.

There is another type of attacker who mainly targets children for sexual exploitation, which is mentioned in the parent’s section. There are also many agencies that would be ‘official’ references and would have current reporting of these threats. These agencies would include such bodies as the NSPCC in UK, ISPCC in Ireland and American SPCC in the US. Each of these agencies, in addition to policing agencies, will have websites where further information can be found.

Financial gain

The primary motivation for the majority of attacks is financial, whether it is money the attacker can get directly from the attack or from another person who could benefit from the spoils of the attack. Attackers who launch a ransomware attack are looking for immediate financial gain, whereas another attacker might capture a victim’s financial details to sell to another person, which would be an indirect gain.

Corporate information

Attackers who target corporate information are also looking for financial gain, either directly or indirectly. Attackers seeking direct gain could use the information gained to benefit from a merger or an acquisition that could only be discovered from a breach, whereas an attacker seeking indirect gain might take the information gained to plan a physical attack, even going so far as to kidnap or extort money from the company.

Home users may be attacked by ‘professional’ attackers who want to get corporate information. Although workers are often told not to use their home computers for work, the attackers know that the workers will because it is easier and less hassle than taking the company laptop out, or there could be a time restriction that means work has to be done on the home computer. Attackers will target home networks to see how much corporate information they can get, which they could then use against the company or in another type of attack.

As well as corporate information being on home systems, there are also home offices. Businesses need to start somewhere, with the starting point generally being the home. Also, in some households the management or administration of the home and the family is down to one person who uses their home device.

Ego

An attacker with an egotistical motive is not seeking financial gain but is seeking recognition, acknowledging that the attacker has the skills and knowledge to defeat the security. There are far fewer ego-motivated attacks reported in comparison with financial or politically motivated attacks.

A significant attack that appeared to be ego-motivated was the Sony pictures hack in 2014. There may have been another motive initially but as all the images and data was made available soon after the hack it would suggest it was an ego-motivated attack.

It is probable no ego-motivated attacks actually start as ego-motivated attacks but happen accidentally. This could occur for example when exploring the hack of one agency then discover a vulnerability to another agency which could lead to greater discoveries.

2.4 The where

The general answer for the where is the Internet, as an attacker needs a surreptitious way in and the Internet is a path you have willingly put in place.

Threats also exist in the digital environment as technology becomes more integrated in our way of life. Between the technology we bring into the home or wear on our person, or even in us, the way our information is shared with one another, companies and official bodies, and the way we use technology to exchange information or make transactions, there are many opportunities for attackers unless we manage how we use technology, our information and our digital presence.

Specifically stating where a threat may exist is impossible as the possibilities are endless. There are some places where it would be easier for an attacker, or where an attacker has a proven, successful method. These prime locations include public Wi-Fi zones, ATMs (not in branch or store), shops using contactless payments, shops using chip and PIN, and enclosed areas of congregation.