DIY Cybercrime Tool Kit: 4 Reasons Hackers Don’t Have to be Sophisticants
Popular culture often portrays computer hackers as either teen programming prodigies who break into computer systems for their own entertainment or loner savants who are bent on gaining personal revenge against systems that have belittled their intelligence. The modern reality is that computer hacking has devolved away from sophisticated programming and into a realm of step-by-step instructions that anyone with a modicum of computer knowledge can follow to wreak havoc on computer networks.
Anyone can now download a “Tor” browser to access the internet netherworld known as the dark web in order to purchase hacking tools or to train themselves to do their own code hacking. Consider the following three options that are available to unsophisticated novice hackers:
Learn How to Hack
In April 2016, a self-styled group of “hacktivists” hosted a session on the dark web to recruit and teach other parties the ins and outs of hacking. They promised their students that they would receive a coding tutorial with information relevant to privacy, security, and anonymity. These and other learning sessions are offered on the premise that students will use their newfound hacking knowledge for social justice purposes, but the proffered tools and techniques can just as easily be used for cybercriminal activity.
Buy a Botnet
Aspiring hackers that do not have the time or inclination to educate themselves on hacking techniques can simply purchase a botnet that they can then use, for example, to launch a DDoS attack on a target network. In October 2016, a fraud investigator discovered a DDoS botnet that was being offered for sale on the dark web for $7,500, payable only in untraceable bitcoin. The purchaser could use this botnet to launch a DDoS attack that would create tens of thousands of calls on an organization’s computer network every second, effectively overwhelming and shutting down that network. It was also reported to have ransomware and automated spam capabilities. A wholly unsophisticated hacker could easily recoup a $7,500 investment in this tool with even a limited number of network attacks.
Hire a Hacker
The dark web also provides an anonymous platform for hackers to advertise their services on a contract basis. Some enterprising brokers have also established dark web websites such as “rent-a-hacker” that aim to connect hackers and clients. Law enforcement authorities have little chance to shut these sites down or to track their behavior because the dark web channels its operations through hundreds of thousands of interconnected computers in order to shield the network addresses of the parties that request and offer these services. When authorities are able to shut down a site that offers illicit services, ten more sites will likely pop up as replacements.
Just Rely on the Weakest Link
Cybercriminal activity often reduces to targeting the weakest links in any computer network, namely, the network’s users. In spite of all warnings, users continue to use weak passwords, click on links from unknown sources, fall prey to “Nigerian Prince” scams, and use free Wi-Fi networks that give hackers unfettered access to information stored on mobile devices. Hackers need no special tools or knowledge to rely on human fallibility.
As long as hacking continues to be a source of rich spoils, cybercriminals will be drawn to hacking to take advantage of those spoils. An organization can erect strong cyberdefenses against hacking attacks, but the ease of hacking and the increasing availability of hacking-tools-for-hire will rise to overcome those barriers and keep networks exposed to the risks of a breach.
Cybersecurity insurance may be the last line of defense for organizations that are potential hacking targets. Cyberinsurers will analyze an organization’s network to provide cyber security quotes that account for the organization’s risk level and susceptibility to a hacking attack by both sophisticated and unsophisticated attackers. In the event of a successful cyberattack, that insurance can provide resources to compensate for both direct and third-party financial losses.
You might also enjoy: Responsibilities regarding data security