Hackers And You – Why Do Hackers Compromise Systems?
Welcome to part 2 of our series on hackers and you. In this article we will look at hackers, and what you need to know about them to better protect yourself. In the first part of the series, we covered a bit about who hackers are and the different types you will come across. This time we’ll be looking at the motivations of hackers and why they go about hacking your systems.
Why do hackers hack?
The most simple answer here is that they do it for money and because they can. Many hackers start off by hacking systems and software as a way of testing their skills and to see what they can achieve. While there are a number of hackers who carry on doing it purely to challenge themselves and then do nothing with the information they gleam, others continue to pursue it with some form of financial motivation.
White hat hackers
For white hat hackers, money can be earned through a number of means such as bug bounties and security consulting. Bug bounties are where a company will offer a reward for the submission of severe bugs and vulnerabilities found in their products. When it comes to security consulting, white hat hackers can perform various tasks for companies such as testing their servers and software for vulnerabilities, performing intrusion attempts against buildings and attempting social engineering attacks against staff. Many of these replicate the techniques that a black hat hacker targeting the company would attempt to use against them.
Black hat hackers
Conversely, black hat hackers gain money by compromising systems or companies to steal information that they can then sell on the black market to other people. Lists of user accounts and email addresses can be quite lucrative as spammers will buy these, for example. On other occasions, the information can be used for blackmail/extortion purposes, such as with the 2015 Ashley Madison hack where users received emails asking for bitcoin in exchange for not releasing information. In some cases, black hat hackers may be hired by companies or governments to attack specific targets that suit their purposes.
Another income stream for a black hat hacker is developing a new exploit against a piece of software or a system that can be sold to other hackers and script kiddies. Generally, the exploit will be turned into a relatively simple piece of software that the attacker can then run against a target system to perform the attack with ease. These attacks are commonly referred to as zero-day exploits as they are used prior to the system or software creator knowing about and being able to mitigate them.
Script kiddies
Script kiddies generally have far simpler methods of making money from their work, as they mostly look to compromise servers and computers so that they can later use their processing power to meet their needs. Often they sell these compromised systems to send spam email, set up phishing websites, perform DDoS attacks, or run cryptocurrency miners. They can also use the compromised system to run exploits against other systems in order to compromise them. The compromised systems can also become part of a much larger network of systems under the attacker’s control known as a botnet.
As with many people, hackers will sometimes use their skills for free if they feel there is a reason for it. Often these causes are political, whereby a hacker will attack the servers of a group or political party that they disagree with purely because they have an opposing viewpoint. Fortunately, this is unlikely to affect you unless you are running sites that these hackers may take offense to.
Now that we’ve covered who hackers are and why they are likely to hack you, next time we’ll be looking at how they hack your servers.