“Celebrity” Hackers

By now, we’ve all heard of the existence of hackers and hacker groups. While most of us can only actually “name” a few (if any) of them, we are nonetheless bombarded by reports of their nefarious activities and fear whom they may strike next on an almost daily basis.

But what are their motivations? Are they simply disgruntled teenagers that switched focus from britches to breaches? Is it for political reasons? Environmental causes? Creating chaos for the sake of creating chaos? Or just good ole’ fashioned economics? Well, there is no simple answer. It can be all, some or none of the above. Motivations are as scattered and far-reaching as the hackers/hacker groups themselves.

The main thing these cyber dwellers have in common, however, is they rely on anonymity to be effective. Sneaking through the Internet’s soft underbelly undetected and untraceable is their path to satiating agendas.

On the flipside, there’s what I’ll dub the “celebrity” hackers — those that proudly advertise their exploits for recognition, infamy, maybe Darknet street cred. Or perhaps it’s their sales pitch, as money still seems to be the main vehicle that drives us toward our paths.

There is undeniably a celebrity-like status to be had if one adheres to the adage that, “any press is good press”, a tried and true formula that has worked for everyone from actors and athletes trying to stay relevant to serial killers. Regardless of the desire for achieving this media-induced hierarchy, a quick Google search shows a ranking of the top known hacker groups and even how to join them.

From a general public standpoint, it’s understandable that there is a level of sympathy, sometimes even support, for those cyber rebels who are “taking on big pharm”, “trying to save the environment” or any such Robin Hood-esque scenarios.

But the sobering reality is that most hacker groups are in it for the money, money obtained through financial and reputational damage to others and/or the theft of data. For example, take the recent breach by the hacker group APT29, aka “Cozy Bear”, who claim to be working for “Russian Intelligence” and are trying to steal COVID-19 vaccination information from the US, UK, Canada et. al. Having the power to withhold or leak this information can cause serious disruption of a drug that is much in need across the globe. If successful in this attempt, the affected almost have to acquiesce to any demands for the good of everyone.

Then there’s the Twitter hack that targeted HNWIs with a thinly veiled fundraising motif in an effort to get bitcoin. This was particularly despicable because it plays on the philanthropic heart strings of those who can afford to attempt to make a difference. Charities struggle enough without having the added pressure of legitimacy blocking their efforts to do good.

Lastly (for now) there’s the notorious and sarcastically named “Evil Corp” who recently launched a string of attacks against U.S. companies using WastedLocker ransomware (Ransom.WastedLocker). Following the typical M.O. of ransomware tactics, the purpose of these attacks is to cripple the victim’s IT infrastructure by locking out most of their computers and servers in order to demand a hefty ransom. To date, at least 31 customer organizations have been attacked; it’s likely the total number of attacks may be much higher.

All of these groups are receiving worldwide attention and are strong indicators that not only are hackers and hacker groups not going away anytime soon, but the desire for instant notoriety can be sated by attempting like-minded behaviour. And armed with a laptop, skill and lots of due diligence, some see this as a much simpler route to fame and fortune than sitting in a cubicle or wielding a shovel. In fact, the number of sellers of access to corporate networks increased by 92% in 2019 from 2017, with “access-as-a-service” becoming an increasingly popular offering on dark web sites.

Some tips to protect yourself

Regardless of which direction one’s moral compass is pointing in regards to hacking, nobody wants their data compromised or their money illicitly funnelled. Here are a few preventative measures to take:

Employ 2FA as much as possible, from log-ins to email to internal infrastructure access and everything sensitive in between.

Also, because the attackers usually need several attempts to brute force passwords and gain access to an RDP, it is important to enable account lockout policies, such as restricting the number of failed login attempts per user.

Perhaps the most important way to strengthen resilience is through constant monitoring for compromised data related to your company. As with almost all cybersecurity countermeasures (and eerily parallel to the steps to becoming a hacker), diligence, patience and knowledge are all key.

About the author: John Turnbull is the Creative Production Writer/Manager for ZeroGuard, the “Google of cyber intelligence”