To Understand the Hacker, You Must Become the Hacker

Blog Oct 2014

Hackers are mysterious. Not much is known about them - until they get caught, at least. But until the divine hammer of justice is brought down upon them, they will continue to stalk the shadows and wait for us to unknowingly hand over our personal information. What they don't want you to know is that they generally act according to a few particular variables, and that it is possible to avoid their pitfalls. Today, it seems like there are more hackers than ever before, and they are coming up with new pitfalls, traps, and threats all the time. In fact, just last week, a new major security vulnerability was discovered called POODLE (Padding Oracle On Downgraded Legacy Encryption). This POODLE vulnerability allows a hacker sharing a network with you to hijack and decrypt the session cookie that identifies you to a service (like Google), and then take over your accounts. You can read more about it in a paper published by Google security. POODLE, Heartbleed, Shellshock, BadUSB, the list of new vulnerabilities that hackers are finding and exploiting goes on. How can you stay ahead of every new threat and have peace of mind that your company's network is safe? The first step toward foiling the plans of a hacker, is to not make assumptions. Human beings make mistakes by nature, and nobody is perfect. But mistakes can happen when we aren't careful, and that's what hackers take advantage of. In order to protect yourself from them, you should think like one. Step 1: Infiltration As a hacker, the first thing that comes to mind is how you are going to access a system. It doesn't matter whether it's internal or external, online or offline - anything will suffice, so long as they can get access to something they wouldn't normally have access to. Once they get into your network, it's difficult to stop them from doing damage. The key to stopping a hacking attack is to prevent them from gaining access to your system. Here are a few ways you can prevent hackers from gaining access to your workstations and network:

Use up-to-date antivirus software.
Don't click on suspicious-looking emails or attachments, especially if they are from an unidentified sender.
Don't allow strangers to physically access your network (i.e. letting someone use your computer you don't even know).
Be wary of phone calls and people asking for personal information. Don't be afraid to be stern with them, especially if they are acting strangely or are asking for unnecessary information, like your social security number or credit card information.

Step 2: Elimination Hackers love to take out those who are indifferent about their data, and will gladly give them a hand with "removing" it for them. Basically, those who don't have their data protected are practically begging for hackers to take it. There are generally two reasons that people don't use antivirus software:

They don't feel they need it - a severe misconception.
They don't have the time to implement it - another severe misconception.

In the wise words of social network engineer Chris Hadnagy, "The level of paranoia you display should be commensurate to the info you are protecting." You wouldn't leave your kid alone in the forest; before long, they would be surrounded by a pack of hungry animals. The same can be said about your other child, your business; and its data. Hackers won't rest until they access it, so do the right thing and protect it. Step 3: Prevention Even if you think you are good at protecting your data, you can make a mistake. You're always visible to hackers, and they know just how to get to someone like you. Always prepare for the worst, and always keep your eyes open. There is a first time for everything, but if you stay ever-vigilant, you'll greatly reduce the risk for human error, which is a hacker's greatest strength. PACE Technical Services might not be a group of professional hackers, but we know how to protect your network (and your business) from one. Call us at 905.763.7896 to mitigate your chances of being trapped by a hacker.