Tom Muleya-Fraud Insight
It is no longer a matter of “will you or your organisation be hacked, but, rather when”?
Social interconnectivity has rendered everyone with a high probability of experiencing cyber attack.
In the case of businesses, the need to become more efficient and integrated with one another, as well as the home user, has given way to a type of a criminal, the “cyber criminal hacker”. The criminal landscape has drastically changed and hence technological innovation is now a must thing to stay a step ahead of cyber criminals.
In the previous instalment, we noted that the crime of hacking is emerging as a serious threat globally.
We have had cases of individuals, corporate companies or government institutions having been hacked. No one is spared by this new criminal. In the 2000s, government agencies and large corporations were subject to cybersecurity hacking with the prominent victims including Microsoft, eBay, Yahoo and Amazon, who all fell victim to Distributed Denial of Service (DDoS) attacks.
However, the most famous of them all was US Department of Defence and the International Space Station who both had their systems breached by a 15-year-old boy.
In our own context, currently we have cases before the criminal courts involving corporate companies that experienced cyber hacking at the dawn of this year.
While there are many reasons that motivate hackers to commit crime, the number one reason is hacking for monetary gain.
Any method used is aimed at gaining access to financial data.
Cyber hackers use or employ a variety of techniques to hack their victim and or organisation that include among others ‘social engineering’, password hacking (brute force attack), infecting devices with malware, exploiting insecure wireless networks, logging keystrokes, spying of emails, gaining backdoor access, and creating zombie computers. Now let us look at some of the techniques and how they are executed;
Spying on emails: The hackers in this regard create a code which allows them to intercept and read emails.
Logging keystrokes: This is whereby a hacker use programmes that enables him/her to track every keystroke a computer user makes. Once installed on a victim’s computer, the programmes record each keystroke giving the hacker everything they need to infiltrate a system or steal someone’s identity.
Hacking passwords: Hackers employ different ways to obtain passwords. The trial and error method commonly known as a brute force attack, which involves hackers trying to guess every possible combination to gain access. At times, they may use simple algorithms to generate different combinations for letters, numbers, and symbols to help them identify the password combinations.
Infecting devices with malware: Hackers may infiltrate a user’s device to install malware. They target their potential victims via email instant messages and websites with downloadable content or peer to peer networks.
Exploiting insecure wireless networks: Hackers take advantage of open wireless networks such as wi-fi. Not everyone secures their router, and this can be exploited by hackers moving around in search of open and unsecured wireless connections. As hackers exploit unsecured wireless networks, innocent people taking advantage of an open network to get free services become hacked in the process.
Participate in the fight against fraud and cybercrimes. Think Cybersecurity. Watch out for the next issue as hacking is explored further.
Tom Muleya is a Detective Assistant Inspector working under the CID Commercial Crimes Division. He is also a member of the National Cyber Security Awareness Taskforce, Zimbabwe.
Feedback WhatsApp: 0772 764 043, or e-mail:[email protected]