Getting Started with Cyber Security Literacy

Intro to cybersecurity terminology

It’s about 4 pm on a Friday and I get an email from the Security Operation Manager informing us of a “critical zero-day vulnerability” that needs to be addressed in our internal applications. To which, I replied: “sh*t!! here goes my dinner plan tonight!”. One of the junior DevOps engineers on my team looks at me and goes: “well! we can just take care of this on Monday, right!?”.

That’s when I realized that she didn’t know what a critical zero-day vulnerability meant, the threat of a critical vulnerability to an IT infrastructure or application, and the impact of an attack that might result from it. In this article, I’m going to share some common cybersecurity vocabulary terms, their meaning, and how they are used in an IT security context.

So we are going to explore all those terms through storytelling. I’ll give a summary of a true story of how a journalist named Mat Howen got hacked and his digital life dissolved by hackers.

Meet Mat Honan. He just had his digital life dissolved by hackers. PHOTO: ARIEL ZAMBELICH/WIRED. ILLUSTRATION: ROSS PATTON/WIRED

To learn more about it, check Mat’s article: How Apple and Amazon security lead to my epic hacking. and additional source material: My CS video on youtube

** Pay attention to the words that I’m highlighting throughout the story **

What happened?

It all happened in August 2012, Mat’s iPhone, iPad, and MacBook got hacked. The hackers erased all the data on those devices. They gained access to Mat’s Twitter account, tweeted homophobic and racist messages, and finished their crusade by deleting Mat’s google account, inclined 8 years' worth of messages from his inbox.

The hacker compromised the confidentiality and Integrity of Mat’s information when they accessed and viewed his private password-protected digital accounts; as well as making unauthorized changes including, deleting files on his personal devices, posting illegitimate messages on his tweeter account, and deleting emails on his Gmail account. These actions also compromised the availability of Mat’s info and made Mat’s data permanently unavailable.

Image source: vecteezy.com

Now, an interesting aspect of this hacking is that these attacks were carried out without a single line of attack code; meaning the hackers didn’t use any special computer programs and didn’t need any particular impressive advanced technical knowledge or skills.

A hacker with no significant programming knowledge or skills is called a script kiddie. The only tools the hackers used were a web browser, a phone, and personal information about Mat that anyone with an internet connection could have found online.

How the hackers did it?

The hackers first collected all of Mat’s personal information they could find online. They got Mat’s email address, home address, and other information. Using Mat’s personal info along with clever use of fake credit card numbers; The hacker managed to convince the amazon customer service they are really Mat and ask to reset Mat’s amazon account for them.

Once, the hacker had access to Mat’s amazon account; the collected additional personal info. Amazon gave them the last 4 digits of Mat’s credit card. Which they then used to crack Mat’s Apple ID and gained access to his Apple Devices(iPhone, iPad, and MacBook).

Image source: wired.com

Next, the hackers got enough of Mat’s info from his Apple ID and were able to reset Mat’s Google account and access his Gmail. From there they used his google account to get access to his Twitter account and were able to post homophobic and racist messages.

To finish up and cover their tracks, the hacker deleted Mat’s Google account and used his apple ID to request a remote data wipe of all his apple devices. The funny part is the remote wipe service was meant to protect apple users from cyber criminals, allowing them to delete their data in the event of loss or stolen devices.

Cyber Security Terminology

In the story above, the hackers leveraged multiple security vulnerabilities. Some of them were beyond Mat’s control and others that He could have prevented such as not linking several of his online accounts together in a way that access to one could grant a hacker access to all of them.

In cyber security terms, the method of attack I explained above and was used by the hackers to attack Mat’s account is called an exploit. Since Mat’s unfortunate incident, Amazon and Apple have updated their customer identification protocols to eliminate the vulnerability on their side.

A particular aspect of this story is that the hacker claimed that his motivation was to spread awareness about computer security. He was a hacker-activist aka hacktivist. That being said, the hack impact could have been significantly worse if the hackers were cybercriminals driven by financial profit. They could have used Mat’s email to access online baking.

Now, let do review everything or perform a little informal risk assessment. In cyber security terms:

• Vulnerability is a security term that describes potential weak point points in a security system.
• Threat describes the likelihood of an attack happening.
• Impact describes the consequences of an attack

risk is the combined measure of the vulnerabilities, threats, and potential impact of a cyber attack on a given system

So, let’s imagine that this hacking story hasn’t happened yet. How could you or Mat in this scenario lower security risks?

Cyber Security Best Practices

A cyber security System Analyst might or would have recommended the following:

• Reduce vulnerability to attack by enabling two-factor or multiple-factor authentication (MFA) on the Google account.
• Another way to reduce risk is to reduce the threat — to put it simply, the more that people gain from attacking you, the more likely you’re to be attacked — A relatively anonymous internet user is less likely to be targeted by hackers unless it’s personal. A public figure’s threat is relatively higher.
• Risk can also be reduced by reducing the potential impact of an attack — for example, if Mat could have recovered easily from being hacked if he had backups of his data.

Here are some top cybersecurity best practices tips. Source: titanfile.com

Keep software up-to-date → Avoid opening suspicious emails → Keep hardware up-to-date → Use a secure file-sharing solution to encrypt data → Use anti-virus and anti-malware → Use a VPN to privatize your connections → Check links before you click → Don’t be lazy with your passwords! → Disable Bluetooth when you don’t need it→ Remove adware from your machines → Double-check for HTTPS on websites → Don’t store important information in non-secure places → Scan external storage devices for viruses → Avoid using public networks → Back up important data.

Avoid the “secure enough” mentality — always keep in mind there is no such thing as being 100% secured

Oh yeah, after reading all this; I can picture the junior DevOps Engineer in my team asking: “but what is a zero-day exploit or vulnerability?” And I’ll probably say something like: “Don’t hesitate, google it!”

Jokes aside, I hope that you’re somehow familiar now with some of the cybersecurity terms and if there are any other terms that I might have not mentioned in this article: “Don’t hesitate, google it!”😎😅

Cheers!!!