Introduction to Cybersecurity and Cybercrime Theory.

20.03.2020 04:11

image source: https://redlevelgroup.com/cybercrime-9-steps-to-safeguard-your-organizations-data-and-technology/

 

Hacker, reality vs. fiction

Cybersecurity “is a set of issues related to providing protection in cyberspace. The concept of cyber security includes the protection of information processing space and the interaction of information and communication networks.” A term which, with the development of technology and global access to information, is gaining in popularity not only among people who use the global network on a daily basis but also among people who have been convinced for many years that this phenomenon does not concern them. 

One of the reasons is the development and access to the latest technological solutions, more and more people are becoming users of desktops, laptops, tablets and, of course, smartphones. 

What do all these things have in common? 

To imagine the scale of how many people are affected by cybersecurity, it is enough to present basic statistics from the report entitled “Digital 2019” published by Hootsuite and We Are Social. In 2018, 360 million new users joined the online world according to the statistics there are currently 4.388 billion people connected to the internet, i.e. 57% of the population, which is an increase of more than 9% compared to 2018. All users spent a total of about 1.2 billion years using the internet in 2019. 

These figures show that more than half of the world’s population is actively using the internet, which clearly makes them vulnerable to cyber threats. Twenty four hours a day, new techniques, tools, ways to protect users, data, open and classified content are being developed around the world, in other words, a huge number of people involved are working daily to improve and enhance cyber security. 

Unfortunately, as the old saying goes, “evil never sleeps,” there is also a second group of people here who break the law by illegally operating on the web, affecting global network security in general. They call themselves hackers…or rather, this term was created by students at the Massachusetts Institute of Technology (MIT) in the 1960s.

There are many definitions of the word hacker 

According to the PWN Dictionary – “initially a skilled programmer, capable of using undocumented or unknown features of programs (e.g. operating system); nowadays – a person using such features to hack into a computer system (mainly via the internet), usually to prove his skills or harm his opponent (e.g. blocking or changing someone else’s web pages) or to gain benefits by illegal means (e.g. stealing credit card numbers from an Internet shop server)”. 

Hackers usually rely on hacking into various digital systems – including smartphones, tablets, desktop PC’s, mobile computers, game consoles and even entire networks. Hacking is officially considered to be a cybercrime. In extreme cases, a term such as cyberterrorism can also be used when actions affect not only civilian user systems but also national security examples of which include hacking into military, intelligence and/or counterintelligence systems, etc. Most often their actions are motivated by material benefits, like  bank account hacking, using ransomware (Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid) to blackmail individuals, groups, organizations. 

Often cybercriminals do this to test their programming skills to make other people angry, to make them famous, and sometimes even carry out activities that are ideologically motivated. There have been cases in which hackers have spoken about themselves as “lesser evil”. One such example are the members of the so-called “Anonymous” group, who in addition to frequent “Denial of service (DDoS)” attacks, i.e. attacks on computer systems in order to prevent proper operation against corporations such as Sony, Facebook or Instagram, have also carried out operations aimed at finding and making publicly available data of paedophiles or people associated with corruption.

One can come to the conclusion with a clear conscience that this is quite a complicated and extensive subject matter with a lot of subjective sentences.

Cybercrime is increasingly becoming an important element and a major theme in literature, films, documentaries, TV shows and video games.

Hacking gained widespread fame in 1999 with the premiere of the Matrix. The film itself introduced the audience to a completely innovative vision of the world, which is controlled by machines created and programmed in the past by humans. Once the machines developed self-awareness, they got rid of people and exploited them only to generate energy. The main protagonist is a hacker Thomas A. Anderson, nicknamed “Neo”, who, “lives”  in a virtual reality set in the 90s called the “Matrix”.

Neo, after successfully escaping from the Matrix, meets others who have also escaped. In fact, in this movie there are no more elements strictly related to hacking, it is more of a vision of the cybernetic world generated by programmed machines using a zero-one system. Still, it remains one of those films that questioned the potential development of information technology and increased interest in terms such as “programming” and “hacking”. 

A few years later, we experienced a new perspective of hackers in movies like Swordfish, or Takedown. 

In Swordfish, the main character is a former hacker, who was serving a prison sentence for committing a cybercrime. He is coerced to join a group of criminals in order to write a worm that will allow 9.5 billion dollars to be stolen from a bank. Security breaches as well as writing software in this production are presented in a very caricatured way, the creators aimed at effectiveness rather than realism. 

This is one of those films in which a hacker is a person who clicks on a keyboard with the speed of light and a blindfold, while supporting several colorful interfaces. For advanced computer scientists, these scenes looked comical. No wonder, after all, it’s only a Hollywood production. However, Takedown, unlike Swordfish, already had far fewer factual errors, given the IT reality of the time. This movie is a fictionalized story of Kevin Mitnick – one of the world’s most famous hackers, combining technical knowledge with phenomenal social engineering. The hacker believes that everyone has the right to knowledge and truth, which is concealed by government organizations. One day, Kevin hacks into the computer of a security expert out of revenge and accidentally comes into possession of knowledge that could threaten the whole world. The film is commonly referred to as the sequel to the 1995 Hackers movie, which, according to many hacker experts, is definitely in the top 10 IT-related films.

There are many more movies in this category, but let’s move on to literature. 

Here again we should mention Kevin Mitnick and  three titles (the author wrote more books, but these three had  the greatest impact) “The Art of Deception. I’ve broken people, not slogans”, “The Art of Infiltration. How to hack into computer networks. The Bible of Hackers” and “The Spirit of the Web. My adventures as the most wanted hacker of all time.” “By combining technical proficiency with the world’s old art of deception, Kevin Mitnick becomes an incalculable programmer.” (New York Times, April 7, 1994)

This is how one of the most well known newspapers in the United States described Mitnick himself. In his books, which are in a way his autobiography, guides, documentation of the activities of other hackers and examples of the use of technological and socio-technical tools that have been, are and will be used against individuals, private organisations and even governments of the countries and international organisations concerned.

These books are in a way his autobiography, his guides, and documentation of the activities of other hackers and examples of the use of technological and socio-technical tools. All of which have been, are being used and will be used against individuals, private organizations and even governments as well as international organizations. Most of the examples are based on facts, and at first glance, the reader is able to say that the situations that took place are like scripts for top-notch action movies.

When mentioning non-fiction literature, one should not forget the book “Hacker.

The True Story of the Cybermafia Boss” by Kevin Poulsen. It is the story of Max “Iceman” Butler, who with the help of his basic tools and his own skills collected data from more than 2 million credit cards, which he then sold through his carding site Cardersmarket. By using a global network, he created something like a criminal network of cybercriminals from around the world. Butler was a former IT security analyst. The knowledge gained in this area certainly helped him in his criminal activities. The hacker confessed to the intrusions between June 2000 and September 2007. (he also used other aliases, including “Digits”, “Darkest” and “Aphex”). His victims were such institutions as Citibank and the Pentagon Federal Credit Union. However, it has to be said that Iceman himself was more of a cracker than a hacker, the main difference is that every cracker is a hacker, but not every hacker has to be a cracker. Crackers always act outside the law and always act to someone’s disadvantage, where hackers often act legally.

We divide hackers into many types, but the most general division is three groups:

Black Hats are a group of hackers who make a living from cybercrime.

Most often they are people who steal data and sell it on the black market, often encrypt databases or computer disks and demand  ransom in exchange for decryption, or attack computer services and blackmail the owners, demanding ransom in exchange for stopping DDoS attacks. The very term “Black Hats” is a reference to old movies commonly called “spaghetti westerns”, in which practically every villain wore a black hat.

White Hats are the complete opposite of black hats. 

Their main purpose is to find security gaps and to test the quality of security on the web. This group includes people whose goal is not to gain material benefits from someone else’s misfortune but to broaden their skills in the subject of testing computer networks and internet application security. At the request of the owners they carry out resistance tests against hacker attacks. Their actions are preceded by an appropriate agreement with the owner, which formally regulates such action. 

Nowadays, many companies look for the so-called Pen testers, i.e. penetration testers. Generally speaking, it can be said that they perform security tests of IT systems, which are called penetration tests, and then assess the security status of the tested system. Pen testers check the system for known vulnerabilities and its resistance to various attacks. Testing takes place on the network configuration, system configuration, services running on the server, as well as on the application layer.

The third group is made up of Gray Hats

Other hackers who are difficult to qualify for one of the listed categories. They adopt methods of operation of both groups mentioned above. 

To sum up 

Hackers can be all sorts of people, those who want to strengthen the level of cyber-security and network security, others just want to make tons of money no matter what the consequences… and yet others like the Joker in Christopher Nolan’s “The Dark Knight” just want to watch the world burn.

 

Author: Oskar Frybes