The Information Security landscape, much like Hip-hop, Disco or Regae, was never shaped by your conventional cream-of-the-crop. The best Hackers, Crackers or Phreakers were usually high school – or under-achieving Computer School drop outs.
With names like 53rv3r K1LL3r, or Grey [email protected], most hardcore hackers or Professionals in the field would hate to be thought of as being conventional anyhow.
Today, I make a small attempt to bridge the gap between that enigmatic race and normal Batswana by explain two bits of jargon that define a Hacker’s existence.
Hack (as a verb) ; means to access a computer system by circumventing its security system. This definition refers to the most frequent and modern type of hacking. However, historically, a Hacker was in fact anybody who solved problems by ingenious means; such as the Bush Mechanic who adapts a Toyota car part to a Mercedes. The word hack as a noun also refers to the act itself. Therefore the act of obtaining free access to Satellite TV would be described as a Hack.
Modern IT hacking comes in many forms and breadth of complexity. For example, while the phone hacking attacks in the UK were quite simple, thousands of man-hours are spent daily trying to attack corporate and Government systems using sophisticated programs. From the Security perspective however, the end justifies the means. If a system were broken using the most low-tech attack, it still was broken!
The reasons why people hack are numerous and varied. A large fraction hack for Profit, others as a form of Protest, and an important number hack purely for the Challenge. However, there is a growing number of hackers that are attacking systems on behalf of other persons or organisations to gain sustained, real time intelligence for market or political advantage.
Many organisations have been hacked in our region and in Botswana in particular. Many of these events do not make headline news because some go undiscovered. Those of us who keep a keen eye on the IT Security business know very well that there are organisations that have been attacked in the past and yet have not yet improved their security! In parallel are organisations that have not yet been attacked that are prone to multiple deeply intrusive attacks.
Commonly, individuals or organisations discover they have been hacked when their website is defaced by a hacker or group of Hackers . Defacement in this context refers to the alteration of normal webpage contents. The hacker posts any text, photograph or video he pleases on the homepage of the attacked website; of course the messages are usually offensive or contrary to the owner of the site. While this is embarrassing and damaging to an organisation’s reputation, it is not necessarily the worst thing that may have happened. It has now become clearer than ever that phone numbers, Email addresses, policy documents and other electronic records stolen can be quietly used for espionage to far greater effect than a Website defacement.
It is quite important that information that may not seem particularly valuable or confidential can go a long way in aiding a hacker in infiltrating and establishing solid points of breech within a targeted system.
As I have mentioned in this column before, in the information age, information is treasure. In a direct sense therefore, if you depend on informaiton technology, you are unwise not to worry about information technology security.
“Ownage”, a slang coined from the verb to “own” refers to the state in which a hacker has established unimpeded access to their target system.
At conferences and with organisations we work for, we have demonstrated several means by which an organisation gets “owned”. Essentially, a successful attack results in unlimited access of the hacker to informaiton that is possessed by the target organisation or individual, with the added benefit that the hacker can modify, delete or originate information within the target system.
It is an extremely safe bet that there are organisations or individuals in our region are under “ownage” as I type out this very line of text!
However, it is not all doom and gloom. One of the most instructive opinions you will ever see in this column is that most Information Security intrusion is performed using known mechanisms and are largely preventable.
Risk- and Information Systems managers need to loosen their smart ties and leverage the knowledge and skill of the very hackers who have already attacked or stand poised to attack their systems.
It is an undeniable fact; invited or not, there is a hacker on your doorstep. Only, he is thousands of miles away!
*Mumbi Musunga is the Technology Director of the local IT Security Firm, Vikela Data. Contact: [email protected] or www.vikeladata.com.