Know your enemy. Who is posing a threat to your online security – and why?

One of the keys to defending yourself against any threat is knowing who is posing the threat and what they are after. For example, if you have a safe you put your valuables in it because you know that’s what a potential burglar would be targeting.

I’m going to start by setting out a few general categories of cybercriminal, then we’ll look at motives and which threats apply to each group.

The threat to your online safety that is posed by individual cybercriminals.

The threat from individuals varies by activity and motive but even an individual can be an extremely dangerous in terms of the damage they can do. Gary McKinnon was a British hacker who hacked the US Department of Defense in his personal quest to learn more about UFOs.

https://en.wikipedia.org/wiki/Gary_McKinnon

While hackers like McKinnon would be harmless to you and me, his story shows that a talented individual could gain access to organizations that should have mind-boggling levels of security without even being in the same country. The McKinnon case became a cause celebre a few years ago because the US wanted him extradited and facing decades in prison for a relatively minor offence under UK law at the time.

Other individuals who could be a threat include “bored teenagers” who are trying to hack something just because it’s there and “white hat" hackers who will attempt to hack an organization without malicious intent for a reward, such as a job offer or even out of altruism. Imagine you're a company that gets hacked by a white-hat hacker. They've done you an enormous favour by highlighting your security weaknesses without damaging your business. There will also be more sinister individuals, perhaps they already know you personally and wish to do you harm.

Do not assume that an individual is less of a threat to you, just because he is only one person. As Gary McKinnon demonstrated, an individual can hack an extremely well protected organization.

The threat to your online safety that is posed by "hacktivist" groups

If you’ve seen the television show Mr Robot, you’ll be familiar with the idea of a small network of programmers and hackers that commits cybercrime for its own political ends. This may be to damage a large company or organization the group deems unethical. The most famous real life “hacktivist” group is currently Anonymous who have been targeting various Russian websites, broadcasters and banks since the invasion of Ukraine.

For most of us, hacktivists will not be a direct enemy. However they will have learned their trade somewhere, perhaps starting off as the "bored teenager" individuals I mentioned in the previous section. On occasions innocent individuals might be collateral damage in a larger operation, for example if your account is hacked to facilitate an attack on the hacktivists' target. One theoretical example might be if you worked for an oil company or a pharmaceutical company that the hacktivists disliked for ideological reasons. The hacktivists could steal your passwords or infect your computer as a gateway to their real enemy.

The threat to your online safety that is posed by terrorists and crime syndicates

If you’re wondering where terrorists get their funding from, some of it is the result of ill-gotten gains through cybercrime. This can include email fraud or ransomware. Terrorist groups also carry out cyberattacks on targets like hactkivists do and for similar reasons.

The threat to your online safety that is posed by nation states

Warfare is becoming increasingly sophisticated and technological, so nation states are devoting ever greater resources to cyberwarfare. Denial of Service attacks have also been carried out on organisations such as the NHS and the BBC. Following a dispute over their description of the Russian Invasion of Ukraine as “an Invasion”, Wikipedia briefly went offline in March 2022, presumably as the result of a Russian cyberattack. Many denial of service attacks have been carried out by nation states such as Russia, China and North Korea. Indeed, Ukraine suffered a spate of cyberattacks at the start of the 2022 invasion. North Korea also initiated a Denial of Service attack against a Hollywood studio after it released a film which was uncomplimentary about their leader Kim Jong-Un.

https://en.wikipedia.org/wiki/Sony_Pictures_hack

It’s not difficult to imagine the damage a Denial of Service attack could achieve if successful, for example if it crippled a country’s defence systems, even for a short time. Western countries have started fighting back in kind and a huge cyberattack that massively put back Iran’s nuclear ambitions was believed to have been carried out by Israel.

https://www.theguardian.com/world/2021/apr/11/israel-appears-confirm-cyberattack-iran-nuclear-facility

It is reasonable to assume that the USA and UK have similar capabilities.

Passwords

Individuals are likely to be stealing your passwords as a means to steal your money or your identity. Think about information a hacker would require to set up a bank account or credit card in your name. Full name, date of birth, address and a few security questions, perhaps some PDFs of a recent utility bill or bank statement. Organised criminals may have the same objectives. Hacktivists, and nation states might be trying to hack you as a means of getting into a larger system. The NHS Attack in 2017 was believed to have resulted from individual accounts being hacked, as well as the NHS using laughably old Operating System.

LESSONS TO BE LEARNED: Don’t get sloppy with your passwords, keep your computer up to date with regarding operating system and security patches. If anything makes you suspicious, act quickly. Change your password ASAP if you think it might have been compromised.

Scam Emails

While one country in particular is notorious for email scams it is by no means the only culprit. Scam emails may come from individuals or criminal organisations wanting money or, occasionally, a way to gain access to your email accounts as part of a bigger operation. It’s reasonable to assume the larger blackmail attempts, where you are expected to pay in Bitcoin, are primarily the doing of organised criminals and terrorist groups. Besides Nigeria, other West African countries such as Burkina Faso are often the source as is Russia.

LESSONS TO BE LEARNED: Know what signs to look out for. Poor spelling and grammar is often a giveaway as many of the scammers do not speak English as a first language. In my Email Masterclass, we’ll go through the big telltale signs of scam emails and have interactive exercises where you can practice spotting the scams.

Malware and viruses.

Individuals may be doing this, for example a single person could write and deploy a keylogger which is designed to steal all your passwords. The ultimate aim of this would be to steal your money or identity. Hacktivists, and nation states may instigate a Denial of Service attack to damage an enemy’s systems, for example banking, infrastructure or defence. Ransomware is motivated by the desire for money and written by criminal groups or a greedy individual.

LESSONS TO BE LEARNED:  Keep your anti-virus software up to date and run scans regularly. Be careful what you download, especially from an untrusted source. Be careful what links you are visiting, make sure you are actually going where you think you are going.

Cookies and tracking.

If a company can track you by placing cookies on a website, so can a malicious actor. Many years ago I had a hacker who kept putting a file on one of my websites. I would delete it, he would keep putting it back. Eventually I was able to lock the hacker out but this file could in theory have been a virus, a redirect or a tracking cookie. One obvious motivation for tracking a victim’s online behaviour would be for the purposes of identity theft. Using tracking cookies, a criminal could build up a picture of what banks you use, what your social media profile is like and what interests you have. This would enable the criminal to create a fake profile impersonating you or to establish what stealable assets you have.

LESSONS TO BE LEARNED: Don’t be afraid to tighten up your non-essential cookies and if you do come across any strange files on your device, google the filenames to establish what these are for. This is not an exact science, there will be plenty of oddly named files that you do need. But err on the side of caution and be very alert to your computer behaving oddly.

Social Media.

There are a number of reasons cybercriminals might wish to gain access to your social media accounts. It may be part of an attempt to impersonate you, or a stalker seeking to gain access to you or one of your Facebook friends, it might be part of a clever scam to gain access the answers to your security questions. The perpetrators might be motivated by money or have far more unpleasant intentions. Your enemies on social media could be individuals or organised criminals. Some may be complete strangers, others may be people know you personally.

LESSONS TO BE LEARNED: Social media truly has huge potential for causing bad things to happen, and that’s why I run a special course on this subject. Be very careful about what information you reveal publicly. Say you have 250 Facebook friends, how many of them do you know REALLY well and trust completely. I have come across some really horrible stories relating to safety on social media. As a general rule, be careful about checking in, tagging and posting photos – especially of children. Get into the habit of restricting access to your posts, by creating groups of your friends. I will talk about this and the ways criminals can exploit you in great detail on the Social Media Masterclass.

Some overall conclusions about the risks to your online security

Whether you are thinking about protecting yourself, your family or a small business you need to be aware that there is a wide variety of threats coming from a wide variety of directions. You may not have crossed Vladimir Putin personally, however you still might have problems accessing your bank one day because of him. One occasions you may be seen simply as a weak point to be exploited to gain access to a much bigger system . In 2017 The North Koreans instigated a cyberattack on the NHS costing £92m.

https://www.nationalhealthexecutive.com/News/wannacry-cyber-attack-cost-the-nhs-92m-after-19000-appointments-were-cancelled

The attack worked by gaining access to individual staff accounts, and the problem was made worse because the NHS software was seriously out of date. Whether you are the prime target of a cybercrime or merely a pawn in a bigger game you need to be aware of the predators who may wish to do you harm.