Story

The seven levels of cyber security hacking explained

Much to the disappointment of the cyber security boffins who dedicate their professional lives to making the internet a safer place for us to enjoy, awareness of online security threats amongst the average computer user is extremely low.

Young computer literates click accept on pop-ups without thinking of the consequences and a worrying number will innocently open emails with Viagra in the subject line and be surprised if a click triggers a virus.

Those who've studied common attitudes towards cyber risks have identified a lack of realisation of the human element behind attacks. It is argued that if computer users understood the motives of the individuals controlling such attacks, they would be more pro-active in protecting themselves and fighting the battle against malicious cyber criminals ultimately improving online safety across the board.

The catch-all media description of a hacker is one who accesses a computer system by circumventing its security system. But contrary to popular belief, not all are motivated by the prospect of obtaining credit card details or personal data that they can sell for cash. Not all that fall into the hacker category are cyber criminals. Not all are human.

Level 1: Script Kiddies

Script kiddies are the most common breed of hacker. Essentially bored teenagers with, possibly, some programming skill, script kiddies are amateur hackers who use programs developed by other, more experienced, hackers to compromise computers. These amateur hackers attack for fun and seek recognition amongst their peers. They tend to be untargeted in their approach, finding thrills in bringing down any system.

This low level hacker poses the least risk but they are a nuisance. Sometimes they strike luckily and hit a larger target successfully.

Level 2: The Hacking Group

Level 2 in the hacker hierarchy is the hacking group. Best described as a loose collection of script kiddies, hacking groups wield more power than individual script kiddies and, depending on the motives of the hacker at the helm, can cause serious disruption to a businesss IT network. LulzSec is the most well known hacking group, reported to be responsible for major hack attacks on Sony, Nintendo.com, UK ATM database, XFactor and the NHS despite its reputation as a relatively small and disordered faction of the larger hacking community.

Due to the publicity that LulzSec received as well as the sensationalising of their activities in the media, these loose collections can suddenly spring up with surprising effect. With this being the first layer to which SMEs find themselves exposed, patching and good security practice are key.

Level 3: Hacktivists

Above hacking groups are hacktivists who often act with a political or social motivation. Anonymous is the most well-publicised hacking group, believed to have launched attacks against child-porn sites, Koch Industries, Bank of America, NATO and various government websites.

One group that exists underneath the hacktivist umbrella is Turkish Hacktivists who deface websites to spread their political messages. All kinds of hacktivism are certainly on the rise and those operating in the security industry, working for government bodies or, for example, the police, could be considered most at risk of an attack from this kind of hacker.

Level 4: Black Hat Professionals

Above hacktivists and towards the top of the hacker chain of command are professional black hat hackers who are a very real threat in the 21st century.Their expert coding skills and determined attitude means they are often successful at attaining their target. Their aim is generally not to destroy or publicise but to access and to work out new ways of gaining access to often the most impenetrable of targets. As a result, SMEs may become involved because they provide a low level access point to an extended supply chain.

Level 5: Organised Criminal Gangs

Organised criminal gangs are above Black Hats in the hacker hierarchy. These collectives, that are led by professional criminals, tend to attract code crafters who developed sophisticated programming knowledge in the 1980s.

Serious hacker groups operate within a sophisticated structure, guided by strict rules to ensure their activities can continue undetected by the law. Networks can range in size from a handful to several thousand members and often those included in the network are unaware of their involvement.

Described as the entrepreneurs of the hacking world, the experienced online criminals at the helm may not commit crimes themselves but benefit from the activities (spamming activities or trading of data) that members participate in.

Level 6: Nation States

Above the virtual criminal networks and at the top of the hacking ladder is the nation state hacker.

Within various nation states, it is thought that the highly-trained cybercriminals may knowingly or unknowingly be coerced by their governments to work for them. At this level, a government or nation state may have at its disposal a crack squad of elite hackers. It is rumoured that Stuxnet was the output of one of these organised units.With massive computing power at their disposal, only certain big companies may be direct targets those working in critical infrastructure for example in military, utilities or financial sectors.

Very little is officially known about this layer but it is fairly certain that this hacker type is an emerging threat.

Level 7: The Automated Tool

A knowledge of these six commonly-accepted hacker profiles is valuable to any computer user but the definitions fall short by failing to address the automatic tool that can cause widespread damage to individuals and businesses at very little cost. The threat from the newly-termed seventh hacker is growing and is likely to be the most threatening of all the profiles to the average surfer this year.

The computer explosion of the last 20 years has taken the internet from a corporate domain with few domestic users into the pockets of most people. Certain technologies and software applications have become more common, therefore a simple weakness in a commonly-used application (mobile phone apps) can leave millions of computers worldwide vulnerable to exploitation.

ABotnet is one type of automated tool that uses zombie computers (work or personal computers that it infects initially) to form a powerful network of machines capable of launching a much bigger,stronger and more dangerous attack on a massive scale. Crucially, the users of infected computers are unlikely to know they are part of the Botnet, allowing the attack to continue unabated.

In 2010 a Russian-founded Botnet was found to consist of around 30million zombie computers mostly involved in viral email spam. It had the capacity to send 3.6 billion emails per day the equivalent of 1.2% of all daily traffic. Botnet attacks can be launched to satisfy malicious motives or for financial gain depending on the vulnerabilities it exploits. A Botnet has been used to launch DDoS (Distributed Denial of Service) attacks, flooding companies with unwanted traffic with the instigators requesting cash to stop.

An automated tool is essentially a piece of software that acts like a worm virus and tries to affect as much as possible to give itself the largest possible framework.

Why do they do that? Because large organisations at the corporate level have serious money to spend on defence. Cybercriminals want to break that layer by creating a huge whale of a machine that can take down anybody. They want to be considered a serious threat that everyone has to take notice of.

A hugely damaging attack could cost as little as s100 to set up and can be launched at the simple click of a button through an organised route.

The Ilove you virus in 2000 was an automated and malicious attack that was reported to have affected more than 10 per cent of UK businesses and still holds the title as one of the most successful virus attacks ever. An advanced form of these point and click attacks is likely to be the most prominent this year, yet IT professionals know little about how they should react to limit the damage if they fall victim to an attack of this sort.

A well-crafted tool could be utilised by any one of the other six criminal types.

Businesses can limit their vulnerability by recognising the threats and putting simple safeguards in place.

1) Ensure computers run up-to-datesoftware. Patching reduces the number of routes they can exploit

2) Educate users about good securitypractises

3) Mums the word dont let secrets spill

4) Test yourself, fix, then test again

5) Put decent barriers in place (firewallsand anti virus)

6) Hire an expert to help