The first Friday of every month was when we hackers gathered to swap war stories. We were just teenagers with a common interest and the fact that our hobby was hacking into corporate networks added a touch of excitement to our lives.
Today I run my own IT security business and most of my erstwhile hacking buddies have well-paid jobs in the IT industry. But there are some of our brethren who play for higher stakes, like the Iranian hacker who recently compromised some 40 million credit card accounts.
Hackers usually begin their careers as teenagers. They want to know everything about the computer and once they have a thorough understanding of how it works they can find flaws in specific areas of the operating system or in applications.
Their methods for attacking networks range from taking advantage of simple administration mistakes through to custom-designed exploits. There are two dangers; the first is `script kiddies` who don`t know exactly what they are doing and just run code that others have written to gain access to a server. Secondly there are expert hackers who write their own code to exploit machines and because of their high level of expertise, are able to exploit vulnerabilities before anyone else knows about them.
Hacking is an ongoing phenomenon that companies can be unaware of because they don`t always find the evidence. Stealing credit card numbers online happens daily - hackers find weaknesses in Web sites that support credit card transactions and abuse the fact that they CAN take them.
Major companies may not be vulnerable through their own networks but through those of subsidiaries or partners that are not up to speed in their security measures. For example, in the recent credit card attack, Visa and MasterCard International accounts were compromised through an attack on a third-party that was linked to their systems.
Hackers can target branches of access where the data is stored, which can be easier to hack into. The lesson here is that company security extends beyond the firewall; to be secure you must ensure your partners are secure too.
At the same time, you have to realise that no one can guarantee 100% security. The best way to protect your systems is to get regular vulnerability assessments, do application level testing and set up managed security services. Security is not a once-off thing; it`s a process that needs to be monitored on an ongoing basis.
It is for this reason that Telspace provides a monthly service that checks your networks for specific problem areas and tells you how to fix them. We run various levels of testing, ranging from single application auditing through to full attack and penetration testing for corporate networks.
We find a range of common flaws that include administration mistakes, not updating software, incorrect firewall rules, dial-in numbers that are not efficiently secured and increasingly wireless networks that are not protected in any way whatsoever.
The future looks bleak from a security point of view. More and more people will be online doing day-to-day tasks such as online banking. There is a huge reliance on IT systems in the corporate market so more sophisticated hackers are learning the new technology and how to exploit it successfully.
Remember hackers want to learn systems inside out; they crave an understanding of how everything works because it`s a challenge for them. The confidential data on your network can be an open book for those who know what to look for and how to go about it and the only way to protect your systems is to remain alert at all times.
Share