What the Death of the Hobby Hacker Means to IT

Posted on June 18, 2016

Once upon a time, hackers were computer hobbyists who tried their network penetration skills as a kind of rite of passage. They might poke around on a corporate network, but few did intentional damage.

But today's cyber attackers aren't hobby hackers, says Prat Agarwal, director of business development at Breezy. The secure mobile printing expert says that today's hackers are sophisticated criminals who are motivated not by curiosity and a desire to test their skills, but by the huge profits available to data thieves.

According to Security Pro's downloadable PDF Hacking for Profit: a Beginner's Guide to Credit Card Fraud, many of the for-profit hackers live in Eastern Europe, the Middle East, or the Far East ? places that remain essentially cash economies. The document says, "Though they understand the process of credit cards, most International hackers do not understand the impact of committing credit card fraud. Most come from cash economies and the use of a credit card by regular citizens is extremely uncommon. They feel the attack is directed at a big corporation and not an individual. The idea of rising interest rates, chargeback fees or economic instability are not concepts they can understand nor are they their concern. Money is the object of their actions."

Today's cyber attackers come in many varieties, but one of the most common is the carder " an individual or group that use stolen data, usually credit card numbers, to fraudulently purchase items or convert the credit into cash.

So what can an enterprise IT manager do to keep their company out of the hacker's crosshairs" Agarwal says it's a matter of understanding what for-profit hackers want to steal, and using the best possible enterprise security tools ? including a top enterprise mobility management tool " to protect data on all of the devices that connect to your network.

What For-Profit Hackers Want to Steal

When it comes to for-profit hacking, nearly everything is worth stealing. Databases containing personally identifiable information such as credit card numbers are the most sought after commodity, but many hackers will conduct reconnaissance missions to figure out what kind of valuable data might be available from a target before they actually penetrate the network to steal it. During a reconnaissance hack, the thieves will grab everything they can find in order to identify the important parts of the network, such as the location of the databases, usernames, and passwords. This can happen 3-12 months before the actual theft.

"One thing many companies don't realize is that the actual data theft portion of an attack can last for months or years without being detected. But, when the hacker thinks that most of the valuable data has been taken, they may "dump" their access method by stealing information in a noisy fashion designed to be noticed by the targeted company," Agarwal says. "They do this to make sure that no one else can steal the same data, resulting in a loss of value."

This "dumping" usually means reporting, press coverage, and cancellation or flagging of all the credit card data in the system. The company that was victimized usually makes security changes " but over time, if they let their guard down, the hackers may come back to collect more data.

The most common items for-profit hackers steal include:

Jail-Breaking as a Cybercrime

According to The Washington Post, "Each year, Apple releases a new version of the software running its iconic mobile devices, the iPhone and iPad. And each year, a small but dogged community of hackers sets out to break it " or, in the words of the hackers, "jailbreak" it.

"The liberation imagery long seemed apt. Apple puts strict limits on how its devices can be used, requiring, for example, that all apps be bought through the company's lucrative iTunes store. By comparison, the hackers styled themselves as plucky hobbyists seeking freedom from what they derided as Apple's "walled garden" and into a promised land of virtually limitless new software."

That image, the Post said, was no longer accurate even two years ago as evidence mounted that most of the jail-breaks were part of attempts to profit from the sale of apps not approved by Apple, or to remove some of the security features built into the Apple operating system.

Detecting devices that have been subjected to jail-breaking is one of the sometimes forgotten benefits of an enterprise mobility management solution, Agarwal says. "The ability to check every device that connects to the network for security issues such as being jailbroken or rooted, can't be overestimated, he says.

Printer Security: The Last Unprotected Theft Magnet

When is a printer more than an output device? When it is a sophisticated document and data storage device connected to your network. "Printers can be an easy source for a data breach, and so can a mobile device sending unencrypted files to a printer," Agarwal says. "One analyst's report last year said that 70% of organizations had suffered some kind of print-related data breach, often in the form of documents that lay unprotected in output trays."

Mobile devices using insecure apps to send files to a printer are vulnerable to man-in-the-middle attacks, where a data thief intercepts traffic in transit, he explains. "Breezy was founded with the knowledge that data has to be protected both at rest and in motion, so our secure mobile printing solution for the enterprise and our downloadable app for end users feature on-device encryption to protect sensitive information."

Breezy delivers device and operating system agnostic secure mobile printing with on-device encryption for smartphones and tablets running Android and iOS operating systems. Breezy's secure mobile printing technology is fully integrated with leading EMM providers like AirWatch, Aruba, Citrix, Good Technology, IBM (Fiberlink's MaaS360), MobileIron and many others, and can add an extra layer of protection to the mobile devices that connect to your network or store your data. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.