Hacking The Hacker
It’s no longer a case of if you will be victim to cyber crime, but rather a matter of when.
The cat-and-mouse game between hackers and their targets is escalating quickly. According to Symantec’s 2015 Security Threat Report, Canada has been ranked No. 4 worldwide in terms of ransomware, which is malicious software that locks a computer down and allows the creator to demand ransom to unlock it, as well as social media scams last year.
As Canadians are more connected than ever, technology has allowed information to be shared quickly and brashly. Unfortunately, the more connected we are, the more vulnerable we are to becoming victims of cyber crime. Technology has reshaped Canada’s economy. According to the Government of Canada, it has also altered our country’s criminal landscape. Our computerized society comes along with the darker underbelly of the devices we marvel at.
Today, online hacking is not restricted to government intelligence agencies, international criminal gangs and political operatives dealing with high profile targets. The number of ordinary men and women involved with online hacking is surging.
Headlines of large attacks, most notably Sony Pictures, JP Morgan and Chase and Home Depot, have garnered much attention from authorities and from the public.
Daniel Tobok, the managing director of Security Consulting and
Forensics at Telus Solutions, says that hackers are not getting smarter. Accessing the
tools necessary to cause a breach on the black market or sharing codes between
cross-platform projects has become much easier.
According to Tobok, there is no band-aid solution. The best defense includes layering the hardware, software, people, education and other elements.
Unfortunately, there is currently no quick-fix solution to protecting companies and individuals from online hackers.
Last fall, the Toronto Police website was taken offline by a cyber attack. The site was subject of a Distributed Denial of Service (DDoS) attack. In these cases, a website is infiltrated with access requests to try and overload the server, which causes the system to crash. On Twitter, a user with the handle @AerithTOR claimed responsibility for the incident.
Similarly in Ottawa, an attack launched by the same group of hackers struck again on the capital’s website prompting city officials to temporarily shut the site down. An illustration of a banana along with a cryptic message directed at an Ottawa police officer. The officer was involved in an investigation of an Ottawa teen who allegedly called in fake emergencies across North America.
More recently, United States officials have offered its highest bounty of three million dollars with information leading to the arrest of the Russian hacker, Evgeniy Bogachev. He was charged last year in the U.S. with running a computer attack network called GameOver Zeus that allegedly stole more than 100 million dollars from online bank accounts. Bogachev was last seen in Russia, where he is believed to remain at large. Currently, he is one of the FBI’s most wanted cyber-criminals.
We get requests where literally you could be arrested for the content of the email.
-Eric Boid, President of Hacklab.to
However, hidden beyond these major hacking attacks is a masked industry of people who are committing small acts of espionage that are receiving far less media attention.
For Kira Genise, a Biochemistry student at the University of Ottawa, getting hacked is something she had to deal with in her fourth year of schooling.
“I personally never considered getting hacked, ever,” said Genise. “But, after having my email account and online banking hacked, I definitely have started to question privacy laws and levels of online security.”
Consumers need to be wary of the risks, use common sense on social media and remember to back up their computers and devices to maintain their security online. Installing software updates that help to eliminate blind spots can protect against the threat of being exploited by hackers.
With the availability of online forums, people can purchase hacking services and more cyber criminals can outsource their operations.
On the new personal hacking website called Hacker’s List, hackers are matched with people who are trying to gain access to email accounts, take down unflattering photos from the Internet or even gain access to company databases. The website functions on a bidding system similar to eBay, where anonymous hackers post jobs on the website and users reciprocate with bids based on their needs. One example includes an anonymous bidder living in Australia who was willing to pay upwards of $2,000 to retrieve a list of clients from a competitor’s database.
As new generations grow up with the Internet at their fingertips, people have begun to consider the negative repercussions of the online community. But the extent of the consequences is still unknown. The criminal exploitation of emerging technologies is in desperate need of new policing measures to keep pace in a digital era.
Often going unnoticed and being difficult to measure, cyber crime also often goes unreported to enforcement agencies.
Addressing these challenges requires domestic and international law enforcement cooperation, engagement with public and private sector organizations and integrating new technical skills and tools with existing policing measures.
On the other hand, there are other groups of hackers that are paving a rather different path.
When you combine a curiosity and a sense of play, the outcome is somewhat of a geek’s paradise–or, dubbed, a “maker space.” They’re community spaces that bring together artists, computer programmers, web designers and hardware hackers.
A “maker” typically lives by the philosophy that every individual is capable of learning the skills to create things, rather than relying on experts. Makers often resent the proprietary nature of large electronic or manufacturing companies, believing data should be open-sourced.
When maker spaces starting opening up in Toronto, people would flood their phone lines with illegal requests, like breaking into their girl friend’s email account.
“Once they’ve been here, I don’t think anybody can get the impression that we do that kind of thing. But we do get a lot of requests over email. I mean frankly, people should not be sending me the emails that they do send because we get requests where literally you could be arrested for the content of the email,” said Eric Boid, president of Hacklab.to.