DXC Asia General Manager Security and Analytics Services Abdallah Zabian, discusses romanticism, hacktivism and motivations of black hat hackers and why there is a place for ethical hackers in cyberspace.
Today, cybercriminals are constantly evolving, and their tools are becoming more sophisticated. It’s increasingly more difficult to profile a typical cybercriminal or hacker. The face of today’s cybercriminal is relatively unknown.
Cybercriminals are not the characters depicted in movies, hidden behind their computers in jackets. They’re not isolated; they’re among us and hidden in plain sight, which makes recognizing them increasingly difficult.
There are different types of hackers today – from ethical, white hat hackers who are focused on protecting organizations by finding security gaps in a company’s security system, to malicious, black hat hackers whose goal is to profit from data breaches and cyberattacks.
Each hacker has a different way of operating – the actions they commit depend on their motive for hacking. Therefore, it’s not possible to stereotype the profile of hackers today.
However, hackers hack for a variety of reasons: financial motivations, nation-state sponsored cyberwarfare, corporate espionage, hacktivists, resource theft, gaining reputation and street credit. Cyber threats today are becoming more sophisticated – cybercrime is now one of the most lucrative industries on the black market.
Asia is an ideal environment for cybercriminals to thrive in, due to high digital connectivity, contrasted with low cybersecurity awareness, growing cross-border data transfers and weak regulations. Moreover, the region’s cybersecurity challenges are expected to escalate over time. Take Singapore for example, while the number of common cyber threats decreased, the country continues to be the target of cyber-attacks by advanced actors.
Many hackers or hacktivists today join groups like Anonymous and Lazurus Group in order to demonstrate their dissatisfaction with powerful institutions, such as large corporations and politicians/governments who fail to share their similar views. They tend to ignore boundaries and delight in causing chaos. They are motivated by taking something of value and causing significant harm.
As one of the major financial hubs in Asia-Pacific, Singapore is drawing increasing attention from financially motivated hackers every year. This is mainly due to the country’s attractive assets that are of significant interest to cyber threat adversaries from across the motivation spectrum, including financial crime and state-sponsored espionage.
The Many Hats in the Hacker Community
The hacker community is almost always one step ahead of us; they’re highly skilled, well-funded, and are constantly expanding their networks by hiring more like-minded individuals. Some of them are financially motivated, others are in it for the street credentials. They’re always changing their processes in order to infiltrate new security barriers and enact damaging attacks.
It’s important for businesses to widen their knowledge across the cybersecurity landscape, identify security loopholes and invest in the newest security solutions and programs to prevent major attacks.
Hackers are ruthless – as we’ve seen with recent breaches in the region. Top of mind for many businesses is how they can best protect themselves against this increasingly sophisticated enemy determined to attack lucrative targets.
In order to defend themselves against this ‘hacker community’, businesses need to build security into the fabric of the digital enterprise and invest in services and solutions that help to detect threats quickly, respond to attacks rapidly and defend the enterprise from security breaches.
However, not all hackers are criminals – as mentioned, there are ethical hackers who are hired to protect organizations and find security loopholes in their security system so that they can be patched.
Ethical hackers, also known as white hat hackers, know how to find and exploit vulnerabilities and weaknesses in various systems. In fact, they have the same skills as black hat hackers (malicious hackers), however, ethical hackers use their skills in a legitimate and lawful manner to try to find vulnerabilities and fix them before the “bad guys” get there. An ethical hacker’s role can be said to be similar to that of a penetration tester, but with broader duties.
There are also precise, blue hat hackers who are hired to test software for bugs before its release. Many major tech companies offer “bug bounty” programs, where they offer financial rewards to hackers who find holes in their security measures.
In Singapore, between December 2018 and January 2019, the Government Technology Agency (GovTech) and Cyber Security Agency (CSA) in Singapore recruited both local and overseas hackers to find vulnerabilities in five government systems that could be accessed over the Internet.
Under the Government Bug Bounty Program, about 400 ethical hackers signed up to find holes in the REACH website, Gov.sg website, Ministry for Communications and Information’s Press Accreditation Card online, the Ministry of Foreign Affairs website and MFA’s eRegister portal.
Romanticism, Resistance and Role Models
Romanticizing figures is not unique to the hacker community, this has happened throughout time both in TV and cinema, etc. This makes the narrative more exciting. As such, different industries try to capitalize from it monetarily.
New research from the Michigan State University has identified key characteristics and gender-specific behaviors in kids that could lead them to become juvenile hackers.
Many of today’s tech-savvy youths are said to demonstrate the sort of curiosity that makes them ideally suited to become tomorrow’s ethical hackers. The tipping point here is to teach them how to use these instincts for good, steering them away from the darker corners of the Internet. One of the best ways to introduce youths to ethical hacking (and steering clear from black hat activities) is by introducing them to “hacker” mentors – programmers, engineers and security professionals. They can also learn about the different types of cyber security jobs that involve hacking, putting their skills to good, ethical use.
Additionally, there are ethical hacking courses that train participants to protect our systems from internal and external harm. These programs include courses by the Singapore Polytechnic EC Council Singapore.
Hacking is considered a form of fraud in many countries. The consequences are heavy in most countries. In Singapore – under the Computer Misuse Act, offenders can face up to SGD 100,000 in fines, imprisonment for a term not exceeding 20 years, or both.
Last year, the Singapore Police Force arrested and charged a serial hacker for suspected involvement in a series of cases involving unauthorized access to computer material.
In 2015, a hacker was jailed for four years and eight months after targeting computer servers of at least seven organizations – including the websites of the PAP Community Foundation, Ang Mo Kio Town Council and three linked to City Harvest Church – in 2013. He used software to scan various government servers, including those of the Prime Minister’s Office and the Elections Department. He also hacked a The Straits Times blog, and illegally accessed a server that contained bank statements of Standard Chartered Bank clients.
There are various ways for people to voice their opinions and points of view without resorting to malicious hacking to be heard. Meaningful dialog will yield constructive results creating a win/win scenario. By helping people understand your point of view rather than imposing it, you gain more than just a momentary win, you are able to impact real change.