Beware of A Hacker’s Hole in One
Cyber criminals and black hat hackers have many things in common with the golfing community.
Further explanation is needed before the mouse clicks to the next article.
Here it is. Just about anybody can pick up a golf club and hack away at a golf ball. The driving range hitters move to the course to become first-timer players who turn into weekend golfers who transform to scratch golfers who blossom into tournament pros and, if some work hard, eventually earn the right to call themselves significant winners.
What they all have in common is the potential for a hole in one, even the first-timers, if they strike the ball correctly, and the landing zone is welcoming and open.
The same can be said for computer hackers. They don’t have to be successful every time. They just rattle the windows or knock on the door to see what is open and unguarded, maybe a house not protected by a sand trap or water hazard.
They see a par three and go for it.
When a black hat strikes the ball off the tee using a hacker’s penetration tool, they only need to be successful once. The green’s flag placement or, in this case, the network’s defenses, need to be successful every time or it’s a loss. The trophy or payoff can be whatever they desire: financial gain, compromised military information, Personal Identifiable Information (PII) to sell, destroying a company’s reputation, or every day bragging rights within the hacking community.
The professional hackers, the ones who dive into the deep end, are the dangerous ones. They lock themselves in a room with a case of their favorite energy drinks and work at it day after day until they come up like a groundhog on the other side of the wall, like a cheap Caddyshack reference in an IT article. To keep the golfing analogy moving along here, they are the same kind of personalities that stay on the driving range for several hours after playing 18 holes because they weren’t happy with the cut shot attempted on the 12th hole.
The mentality of a black hat hacker and a dedicated golfer is the same. They are hooked and motivated. One profession, golf, is for good, and the other, the cybercriminal, is for nefarious activities. They are both after a target, and both will not stop before they get it.
There are several levels of hacking from the rookies to seasoned professionals. Novices try everything until they enter the inner sanctum, from using free penetration tool kits available to everyone to the widely available command-line scripts. The pros are more dangerous because they have honed their craft, studied, and practiced code writing so they can write scripts and code to take advantage of a specific security flaw. They know how to alter their attack vectors to penetrate a company’s Information Technology weaknesses, including employing human engineering email phishing tricks.
The term hacker was once a positive term. The word derived from the phrase “hack writer,” someone who hacked away at an article or composition until it was perfect to submit. Later the term referred to code writers who hacked away at the code until it executed correctly. Malicious cyber criminals were known as “crackers” to differentiate them from other IT professionals.
Today, the term “hacker” has several identifiers in front to define certain types.
- Black Hat Hackers who break in a network without permission for personal gain;
- White Hat Hackers or ethical hackers who ask and receive written permission and conduct penetration tests according to a set of rules,
- Gray Hat Hackers who may access a network without permission but will not use it for personal gain.
The whole Black Hat community falls under one term, Cybercriminals.
The whole Information Assurance and IT Security Field are dedicated to one goal, making sure Black Hats and Cybercriminals hit the ball in the drink. Hence, they get frustrated and move on to another golf course, less protected by IT water hazards and sand traps and elevated greens, the defense-in-depth approach.
Chief content and technical writer
Rick Bretz possesses comprehensive experience in several subjects including video editing and production, radio/TV and journalism writing, videography, radio broadcasting, IT Management, Information Security and Assurance. He also works as a Senior Cyber Security Engineer for Vulnerability Management, Service/Infrastructure Operations and Platforms Support for the government. Mr. Bretz also is a documentation and technical writer for the Veteran Administration’s Continuous Readiness in Information Security Program. He also served in the US Army beginning in 1979, graduating from leadership schools and from Journalism, Broadcasting, Newspaper Editing and Public Affairs Supervisor courses. He retired from the Army with many writing and broadcasting awards to accept video production and management positions. He holds a BS degree in Information Technology with a Specialization in Security Assurance from Capella University and has a Security + Certification from CompTIA. Mr. Bretz also writes his own blog on topics that interest him that can be reached at pastparallelpaths.com.