Posts

six personalities and types of hackers online kids older white hat and black hat

The 6 Types of Hackers You May Come Across Online

 

These days it’s easy to look at the mountain of cyber crime news out there, and imagine a hoodie-wearing, tech-savvy loner in a dark corner of a room trying to get into a network for information. However, times have changed. It’s not just technology that changes or security measures that evolve. Hackers are also evolving.

In order to properly detect hacking attempts, it’s also important to understand who’s behind the attacks as well. Hackers come in all shapes, sizes, and intentions, so never judge a hacker by their cover as it might be a whole different facade then what you believe. We’ll give you our top six types of hackers you may come across online.

six personalities and types of hackers online kids older white hat and black hat

The White Hat Hacker

The least malicious of the bunch, the white hat hacker breaks into protected systems to either test the security of the system, or conduct vulnerability assessments for a client. Most of the time, they work for a security company which makes the security software or product and wants to find weaknesses in the software before releasing it for open or commercial usage. Most recently, white hat hacker Tavis Ormandy discovered the vulnerability for Cloudflare. Ormandy, employed at Google, found and reported the bug, termed Cloudbleed, which was affecting millions of sites worldwide. 

While they may use methods similar to “mal-intentioned” hackers, white hat hackers do not use the data that they’ve found for ill will. Simply put, the white hacker does what he or she does for ethical reasons, and there are even classes and certifications available to become a white hat hacker.

The Black Hat Hacker

A black hat hacker is most likely what the general public thinks of when they hear the word “hacker.” The black hat hacker is the opposite of the white hacker, where their intentions are always for personal gain rather than for the good of society. Also known as “crackers,” they gain joy from cracking into systems and bypassing security. A black hat hacker usually intends to profit from breaking into systems or does so simply to satisfy a craving for mischief – they can be differentiated from hacktivists who have a political motive for their hacking.

The Grey Hat Hacker

You guessed it, the grey hat hacker is a mix of the white hat and black hat hackers. While the grey hat hacker might break some rules and violate laws, they usually don’t have the malicious intent that the black hat hacker has. The white hat hacker will always hack under supervision or prior consent, but the grey hat hacker will not go to the lengths to receive permission before breaking into systems.

When a grey hat hacker finds a vulnerability, instead of alerting the authorities or the company, they will most likely offer to repair it for a fee – utilizing it as an opportunity to make some financial gain. Grey hat hackers argue that they only violate the law to help others, but because of the nature of their breaking and entering – companies may choose to prosecute rather than appreciate the “help.”

The Hacktivist

A hacktivist uses the world of computing and networks for a political movement. Whether it’s related to free speech, freedom of information, or proving a conspiracy theory, hacktivists span many ideals and issues. Many hacktivists work towards a common goal without reporting to a boss or an organization.

Even people unfamiliar with the IT world have heard of hacktivist groups like Anonymous, who have been active in their political movement over the past decade. Whether it’s combatting terror groups or calling for protests of retaliation, hacktivist groups hope to impact change in the real world through their programming skills in the cyber world.

The Script Kiddie

This is a wannabe hacker who lacks expertise. Just like it takes time to earn your Ph.D., it is difficult to go up the ranks to becoming a skilled hacker. A script kiddie is usually nowhere near the level of being able to hack into an advanced system, hence tending to stick to weakly secured systems. This “kid” may also get premade scripts or codes from other sources because they lack the knowledge to develop their own code. Script kiddies’ careers are generally short-lived as they might lack the discipline and creativity it takes to become an advanced hacker.

The Green Hat Hacker

Unlike a script kiddie, the green hat hacker is a newbie to the hacking game but is working passionately to excel at it. Also referred to as a neophyte or “noob,” this is a hacker who is fresh in the hacking world and often gets flak for it, having little to no knowledge of the inner workings of the web. Although it may seem unlikely that this newbie may cause any serious issues, because they’re blind to their own actions, green hat hackers can cause significant damage to a system without knowing what they’ve done and worse – how to reverse it.


It’s easy to compartmentalize hackers into good or bad, but it’s not always so black and white (pun intended). Whatever colored hat the hacker may wear, it’s important to note the differences in their techniques, results, and intentions. Then, once you understand the motives, it may be easier to either ask for assistance or perhaps look for a better security solution to guard your data and applications.

For more information on security solutions for your data or applications, visit www.pentasecurity.com or email us at info@pentasecurity.com.

profile

Buffer Overflow, a Common Attack

Data can exceed a buffer’s capacity. Not many people may know or have heard about buffer overflow, but we are here to help you understand this dangerous web threat. To put it simply, most programs that run in our computers manipulate data of some form. This data could originate from data associated with the program or logged data that is stored on your computer. The computer assigns this data to a temporary storage, also known as a “buffer”, where they can be quickly used and deployed.

buffer overflow

What is Buffer Overflow?

Now, imagine a buffer as an empty cup that can be filled with water or ice. It has the capacity to store a fixed amount of water or, in this case, data. If there is more water than it can hold, the water will leak and overflow onto your table. Buffer overflow happens in a very similar, albeit a bit more complicated way. Buffers have a limited amount of data they can store and if the buffer is overwhelmed with extra data, it will naturally fall into adjacent buffers to make up the storage.

The overflow of data can be caused by a simple programming error made during its development. However, malicious hackers are able to enact an overflow and perform severe damage to any computing system.

How Does Buffer Overflow Affect You?

According to the SANS Institute, a buffer overflow may cause havoc on network systems and applications. More specifically, buffer overflows can:

  1. Corrupt data that was stored in other buffers, which may lead to a 404 error.
  2. Interrupt the normal flow of programs.
  3. Shut down an operating system.
  4. Run malicious programs through the excess data.

So How Can I Prevent Buffer Overflow?

Buffer Overflow comes in many sizes and these days, they can come also as viruses. Therefore, if you don’t have a firewall and an antivirus software, we strongly advise to install them at once. Make updates as soon as possible when your antivirus and firewall programs ask your permission. In addition, avoid opening unknown and suspicious emails as they can execute malicious programs or malware that can lead to your PC becoming a zombie bot. Don’t install suspicious third party programs because this could be a gateway to allow hackers to mess with your operation system.


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

ddos attack net of thieves over a computer desk

DDoS Top 6: Why Hackers Attack

Lately, it seems like the companies that haven’t had their web and cyber security compromised are in the minority.

Many are hit hard by web vulnerability attacks. Specifically we see an increase in DDoS (Distributed Denial of Service) attacks. With DDoS, the attacker’s main goal is to make your website inaccessible using botnets. Botnets are basically an army of connected devices that are infected with malware. Your website’s server becomes overloaded and exhausted of its available bandwidth because of this army. Much of the time, the attack doesn’t usually even breach your data or go over any security parameters.

So if it’s not to breach your data, why would someone go through the effort to shut down your website? There are a multitude of reasons, but today we’ll look at the top 6 reasons for a Distributed Denial of Service Attack.

1. Some (not-so) friendly competition

As more and more enterprises are taking their storefronts to the cyber world – there is also competition within the cyber world.

In fact, in a recent survey nearly half the responding businesses said that they believed that their competitors were launching DDoS attacks in order to disrupt services. After all, if your competition’s website is down, all the traffic will come to your website instead. Additionally, your competition’s brand image is tarnished, giving positive associations to your company instead.

Even if an entrepreneur may not be skilled in hacking, DDoS attacks are now available for hire, and attacks can be executed for a fairly low price on the dark market.

2. DDoS for Hacktivism

As we’ve noted, DDoS attacks aren’t necessarily about taking data. It can be used to strongly voice an opinion – any opinion. Voicing your opinion on the Web can have a bigger and faster effect than if you were to attend an in-person rally or strike. DDoS is often used to show support or opposition regarding a certain topic. It could be political (see below), but also for/against businesses or banks, ethical concerns, or even an online game.

3. All about politics

A subset of reason #2, DDoS attacks can also happen between countries or governments. The Web is the newest battlefield. DDoS attack victims can be government websites. While the sites could have been attacked by apolitical hackers, many do believe that governments or political parties often attack each other using the DDoS method.

As most governments rely on the Web to communicate and run their country, this has proven to be an effective method to show political opposition.

4. Seeking their revenge

An extremely common reason for DDoS attacks, this situation could apply to businesses, individuals, as well as governments. Not necessarily to give an opinion, attacks are used to seek revenge on your enemy. There’s no need to get your hands dirty at all.

For example, there have been increasing instances of previous employees hiring DDoS attacks on the dark market to seek revenge on their former employers. We’ve previously written on internal data breaches by present or past employees, but this is yet another form of when one person holds a grudge and it affects an entire company.

5. A precursor for something bigger

On New Year’s Eve of 2015, BBC was reportedly attacked with a DDoS attack measuring over 600 Gbps, beating out the previously set record of 334 Gbps. The attackers who claimed responsibility, New World Hacking, said that it was simply “testing.” More recently, the hacking group PoodleCorp took responsibility for shutting down the trending Pokemon Go game using the DDoS attack and they claimed that they were also testing for something on a larger scale.

A hacker may be preparing for something new like the above two cases, or they may be using the attack as a distraction for a larger attack, hoping that they won’t be found out. This is one case where the attack may be used indirectly for a security breach.

6.Some plain ol’ fun?

And lastly, sometimes there’s really no rhyme or reason to why DoS or DDoS attacks happen.

There’s a misconception that there is a specific reason behind all attacks. However, this is simply not the case. Many hackers get an adrenaline rush from hacking into a system or a website, no matter how big or how small it may be.


Therefore, there’s the responsibility as the individual user or as the CIO/CTO of a company to ensure that security measures are being taken. One needs to prepare for an attack because no one is ever exempt from the chances of an attack.

So what are these security measures I speak of? In my opinion, the most essential step you can take is to protect yourself with a WAF (Web Application Firewall). By using WAF services like Cloudbric or a WAF like WAPPLES, you can make sure your website is continuously protected.

For more information on Cloudbric (full service website security provided for free if your website’s bandwidth is under 4GB/month), check out their website and find out more about WAPPLES, the WAF they use for their service.

ddos attack net of thieves over a computer desk

XSS: The Con-Artist

“XSS” is an acronym you hear often in the field of information security. It’s a relatively common attack for both the client and the server. Acronyms can make you think that it’s a bit more hi-tech and complicated than it really is. But at the root of it, XSS is basically a con-artist, waiting for his next ploy.

What is XSS?

Short for Cross Site Scripting, this web vulnerability is a type of injection where the attacker inserts script (oftentimes JavaScript) into a page. The script is not sanitized and allowed to remain in the browser – meaning the script can execute as if the administrator had written it.

There could be a variety of consequences: It could alter the display, modify the browser, or even steal your session cookie and sign in as an administrator, which could give complete control over to a hacker.

But I use the word “could” because there’s a lot of variety and uncertainty when it comes to the XSS vulnerability: what the consequences can be, when they can happen, and to what extent they reach. So let’s make it a bit easier to process.

Think of the XSS vulnerability as a con artist’s latest trick. You never go out looking for a con-artist, but some way or another, they get you right where they want you.

Non-Persistent XSS: the Pickpocket Scam

Pickpocketing is the oldest trick in the book, proven to work time and time again. It’s become a common and simple way for attackers to get their target. The pickpocket may approach you as the “nice stranger” who’s asking for directions on the street. But their hand reaches to take your wallet from your pocket while you’re explaining directions. Though the pickpocket targeted you, when the ordeal is done and your money is gone, it’s as if it never happened.

non-persistent xss chart

It’s the same with Non-Persistent XSS, the most common type of XSS. An attacker will inject script that’s targeted and contains malicious script. You click it, and fall for the trap. But just like with a pickpocket, when the code is injected and you have been fooled, none of what happened goes to the server. The website will simply execute the script and reflect it back to your browser, and the cookies will go to the attacker. Immediacy and the lack of detectability are the highlights of these non-persistent XSS attacks.

Persistent XSS: The ATM Skimmer

On the other side, Persistent XSS is much less common. While it has the potential of causing more significant damage, it can also be found out and remedied quicker. Think of an ATM skimmer. A skimmer is an electronic device that is placed within or outside an ATM. It takes the information that a customer may put into the ATM. The difference? While the skimmer may look the same as the ATM that the customer uses on a daily basis, it is copying all information and relaying it to the con-artist. It’s non-targeted, so everyone who uses the ATM will be affected without discrimination.

Like the ATM skimmer, the website may look the same as it usually does after the malicious script has been injected. It is saved by the server and then displayed on normal pages. All users who are browsing the website will be subject to the XSS. It will be affected over and over again.  In fact, this is why this type of XSS vulnerability is much more dangerous. Damage can be done to a wider breadth of users without anyone knowing that there is anything amiss.
PERSISTENT xss

Fortunately, because this type of XSS takes place on a server – if someone is able to spot the unwelcome script, it can be remedied. In the case of the skimmer, perhaps the ATM maintenance crew notices that there is a bar code missing, or a warranty seal that’s in the wrong place. They can take quick and urgent steps to make sure that the skimmer is removed.

XSS Exploits in Real Life

XSS-affected websites can suffer from a variety of issues. Unfortunately, websites with a large number of active users are often affected through both persistent and non-persistent XSS. Recently, a Persistent XSS vulnerability was found on PayPal’s website. This would have allowed for hackers to inject code resulting in a malicious payload, potentially opening up attacks for its 150 million customers. Thankfully, the company was notified of the vulnerability before any negative impact. But of course, there are companies that aren’t so lucky.

Hackers will always find popular websites, big or small, to execute their attacks, so what can you do to protect your website?

  • Source Code Analysis: Source code analysis tools are used to find security flaws by going through source code line by line. Ideally, this tool will be used before the website goes live. This way, problems can be re-mediated before any issues arise.
  • Vulnerability Scanners: There are security scanners that will identify vulnerabilities like XSS. Although they’re not perfect (because they’re not optimized for your website or application specifically), they can allow you to find the most obvious vulnerabilities to clean up.
  • Web Application Firewall: Web Application Firewalls or WAFs follow rule-sets to detect or block anything suspicious. WAFs will normally prevent attacks such as XSS and SQLi as part of their rule-set. Make sure that your WAF is one that has low false positive rates. That’s it! You’re well on your way to having a safer, cleaner website.

Which method is the most effective? As I always say, there’s no perfect way to escape any form of web attack. But the best thing you can do is follow the points above like a process. Source code analysis tools will scan for flaws before anything goes live. Vulnerability scanners will then look for further issues as the website is up. A WAF will block the attempts that manage to slip through the cracks. Unfortunately, nothing is foolproof. But risk can always be reduced and controlled.

stairs-1229149_1920

Website Defacement – What is it?

Website defacement is hard to imagine but visualize this —you have finally moved into your dream neighborhood and are excited to spend your first night in your new home.

You’ve dreamed of owning a house like this your entire life. You put in a lot of time and effort, as well as financial investment into this house. You’ve finally made it and can rest assured. The next morning after a great night’s sleep, you go outside to pick up your mail. However, you see this on the side of your house:

defacement graffiti

Graffiti. Some delinquents outside of the neighborhood came when you were sleeping. They drew all kinds of messages on your treasured new home. As with most people, you would most likely not be happy with the situation. You may even possibly look into home security to prevent a similar situation from ever happening again.

We all know that unwanted graffiti on your home or business establishment is considered vandalism. However, did you know that your website could also be vandalized? A hacker can break into your website and either upload unauthorized files or post malicious changes on your website. This act of virtual vandalism is called website defacement. Just like the delinquent who spray-painted a scribble on your wall, a hacker oftentimes defaces your website. Not for any monetary gain, but rather, just for bragging rights.

The Dangers of Website Defacement?

Although most hackers who intentionally make changes on your website may not be looking to steal your or your users’ private information for identity theft, website defacement is still dangerous to anyone’s business. Website defacement attacks affect your reputation as hackers can manipulate pricing for online retailers, make embarrassing changes to article posts or even upload unwanted photos. One of the most harmful website defacement methods—phishing links—cause both harm to you and your users. Using a phishing link, a hacker can lure your users to a website that looks just like yours and ask for their private information. Once your website is recognized by your hosting company as a website with a phishing link, it will shut your website down and blacklist it.

You Have Random Changes On Your Website. Now What?

Hackers launch website defacement attacks by directly cracking into a server to deface its website. Cloudbric, powered by WAPPLES, prevents unauthorized users (hackers) from uploading files or changing your website’s content by blocking any malicious traffic that is reminiscent to a hacker’s characteristics. Cloudbric constantly monitors your website’s response data, which is your website’s communication to our server. Once that response data differs from your website’s original content, we flag the changes on your website for you to check. If the change is obviously malicious (with explicit content or the addition of phishing websites), Cloudbric blocks these unauthorized changes automatically.

In addition, Cloudbric saves and stores the location of your website’s original static content, whether they being on static or dynamic pages, so that even if your website was ever defaced, you can easily restore it.

Just like how your home can be vandalized by some delinquents, so can your website. Just like the example of your beautiful home being defaced, it may be difficult to stop someone from spray-painting graffiti on your home without having a security personnel constantly watch your home. Cloudbric is the security that your website needs to prevent delinquents from making changes on your website or even worse, add malicious phishing sites that steal users’ personal information.


 

This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

clouds

Cloud Trends…or Cloud Threats?

“Cloud” is a term that’s thrown around quite often in the IT world. But are we talking enough about cloud threats?

Even if you’re not familiar with technology, you probably own at least one device that’s essential to your every-day responsibilities. Your immediate thought? Probably your smart phone.

Mobile technology affects every corner of our lives. Before smart phones, cell phones were mainly for calling, texting, and maybe a few other novelties . But within the past few years, people are becoming accustomed to smart phone technology. In fact, most would agree that using your cell phone for just calling and texting could be “old-fashioned.”

What’s the reason behind this change? Advancements in hardware and communication technologies are givens, but development in cloud computing is also a major contributor. Cloud computing has allowed users to produce, store, share, and utilize content more conveniently. This in turn increased the value of technologies aiming to provide convenience because suddenly, data isn’t just sitting thereit’s portable. No need to carry around all of your devices to be productive in your workload.

But this is no win-win mentality. Because due to its rapid growth and development, the cloud is becoming a target for hackers, and many are concerned about the state of safety and security in the cloud.

Cloud Threats

The Cloud Security Alliance (CSA) is an organization that’s dedicated to raising awareness and spreading knowledge about cloud threats and security. Every year, CSA releases a “Top Threats” list of the cloud threats to be on the lookout for – here’s their full list for 2016, but for the purposes of this blog post, let’s take a look at two in particular: Data Loss and Abuse and Nefarious Use of Cloud Services.

cloud computing can be done from a phone but dark and dangerous sometimes

Data Loss

Many people who have multiple devices tend to store their data in the cloud, but it’s not always 100% safe. An accidental deletion, a physical catastrophe, a malicious attack… all of these could lead to the permanent loss of your data unless you as a consumer takes the measures to back the data up. When you’re signing up with a cloud data storage provider, make sure to read the fine print. Although your data could have been lost, depending on the provider, the responsibility might not be on the provider’s shoulders but on yours.

Reviewing the provisions and understanding the conditions is important for any contract. However, especially when sensitive information is at stake, this is not a step you want to skip. More and more consumers are putting risky information into cloud storage while assuring themselves that this is the safest way to go. Although this is partially true, this doesn’t mean that there is no action necessary.

Abuse and Nefarious Use of Cloud Services

While this sounds like a extravagant title, the summarized version: there will always be people who want to use your data for unethical purposes. Whether it’s through the guise of free cloud trials or maybe just a poorly designed cloud service, not all providers are created equal. Malicious hackers may try to use the cloud to launch DDoS attacks, spam and phishing scams, or defacement.

So be prudent when choosing a provider. They should include controls and monitoring so you can see how the cloud workload is doing. A cloud provider shouldn’t have anything to hide, and should be reputable.

So we’re doomed? 

Not at all. Cloud computing is a great development – we can access any kind of information from virtually anywhere in the world. It’s permeated different markets and services and has users ranging from people like you and me, to SMBs or startups, to large enterprises and government entities. It’s affordable, accessible, and maintenance is fairly easy.

But like any service (tangible or virtual), we need to make sure we know what we’re getting into, and take precautions for cloud threats as necessary. Just because you can’t see it, doesn’t mean someone isn’t after it.

For more information on products or services pertaining to web security, check out our products page or leave us a comment – we’d love to continue this conversation with you.