What are hackers really after?
Photo by Creative Commons October 09, 2017
UD IT urges cyber awareness to deter hackers
Editor’s note: This is the second in a series of articles from University of Delaware Information Technologies promoting cyber awareness during National Cyber Security Awareness Month.
In the 17th and 18th centuries, it was pirates. In the 20th century, it was big-city mobs. Today, organized crime is being redefined by a new cadre: hackers. Read the news on any given day and you’ll find references to the latest breach of a major retailer or other organization, warnings about hackable “smart” vehicles and devices, and stories about phishing and other common cyberattacks. Life in the age of digital interconnectivity comes with hazards less obvious — but not less dangerous — than black sails off the coast.
To many, the word “hacker” conjures the image of a lone miscreant bending over a keyboard in a dark room, trying to breach the Pentagon’s defenses or access millionaires’ bank accounts. In reality, these computer-age criminals come from backgrounds as varied as their motives. Some hackers consider themselves entrepreneurs: they steal data and take over devices to sell on the dark web’s black markets. Others seek a twisted form of vengeance by exploiting people, organizations, and even governments who they feel have wronged them. Some defy these patterns and seem instead to be focused on causing havoc because they want to and because they can (think of the Joker from Batman).
Whatever their motives, most hackers focus on a few things: exploiting people, stealing data, and compromising systems. Over the past few years, hackers have been focusing less on brute force attacks on servers and security measures; instead, they focus on tricking the humans that use those systems.
“Social engineering,” as the process is called, focuses on deceptive tactics such as impersonation of trustworthy figures, threats of impending consequences or forgery of documents or websites. Through trickery and intimidation, hackers can get their victims to surrender login credentials, personal information or even access to their computers or other devices. From there, hackers can commit identity theft, exploit victims’ computers for ransom, sell data or device access to other criminals, or lock victims out of their accounts and systems.
Everyone is vulnerable
Many people believe that they don’t have anything of value to a cybercriminal. However, each of us has accounts at retail websites, banks, healthcare providers, brokerage firms, tax agencies and more. Each of us has a date of birth and likely a Social Security, driver’s license, passport or visa number. All of this data is valuable. And all of it is personal.
Data aside, every internet-connected device — from a computer to a smartphone, from a tablet to a “smart” personal assistant or appliance — has value. Computers and smartphones contain treasure troves of personal information, but they’re also doorways into networks and services. Even the seemingly-innocuous smart appliances found in some homes can be manipulated to launch denial-of-service attacks that overwhelm websites or services.
Just as digitization and internet connectivity are unavoidable in modern society, so, too, is our shared responsibility for protecting our digital identities and connected resources.
Each of us can play a part in protecting ourselves, our community and the University. We can all contribute to the security of our personal data, University research and educational data, and the University’s IT resources by keeping passwords private, identifying and avoiding phishing scams and following other best practices for cyber hygiene.
How you can help
National Cyber Security Awareness Month (October) is all about increasing community awareness of the threats to our digital lives and equipping each and every community member with the skills and resources to protect themselves. Commit to yourself, our community and our University by practicing good cyber hygiene:
Follow UDaily throughout October for security articles and tips
Complete Phase II of your 2017 Secure UD Training
Forward suspicious emails to email@example.com
Check the Secure UD Threat Alerts blog for current information about phishing attacks and other threats affecting the campus community
Contact the IT Support Center (firstname.lastname@example.org or 302-831-6000) or your local IT professional for help
Note: Employees who complete their Secure UD Training before the end of October and/or who report October’s “Take a BITE out of phish!” test email will automatically be entered into the NCSAM prize drawing to be held at the Tech Fair on Nov. 15.