When we think of cyber criminals and information thieves, the image that often pops into our heads, framed by Hollywood and highly visible cases, is a hacker sitting inside another person’s network, illegally, using operating system commands to navigate around to important information, which they can either steal or encrypt for extortion purposes. However, two other modes of unlawful intrusion that have made recent headlines are every bit as dangerous to victims everywhere: the malicious insider and the website spoofer.
the malicious insider
The FBI recently released a joint statement with British officials from MI5, in which the public was warned about China insider tactics. The pattern that Chinese government spies often take, which has been noted for decades, is to make friends, and use that relationship to get information. The insiders can do this by gaining employment with the victim agency, or coordinating a long-term campaign to become a business associate of an individual target. With social media, especially LinkedIn, the relationship building is fast, convenient, and harder to detect online. The British Defense Minister ordered all military this week to remove their security clearance status from their social media profiles.
North Korea is involved with multiple efforts to fake online resumes and identities under the pretense the hacker is a freelance contractor who is a specialist in cryptocurrency transactions. The potential business associate often bolsters their fake resume with a fake LinkedIn profile.
A huge reason these insiders are successful is the sheer amount of employees needed who are proficient in IT and other computer-based professions. The supply is far outweighed by the demand of talent in this area, and fighting for qualified employees can often mean shortcuts are tempting to bring someone into the fold.
To compound the issues above, it seems the “old school” identity thief apparently still is around. When a nefarious actor combines non digital identity theft with malicious insider activity, such allegedly is the case with Walter Primrose and Gwynn Morrison, who were recently charged with espionage, one could possibly end up with an insider threat for years, if not decades, with no real way to check their distant past (before the age of electronic records and sharing).
Finally, the criminal enterprise of website spoofing has found its way into the headlines the past week. Website spoofing takes virtually no hacking talent, only an ability to navigate the mountains of OSINT materials on the internet, draft a believable phishing email, and construct a website that looks identical to the victim’s bank, brokerage account, or other personal login pages. Once the victim hands you the keys to their kingdom, you may enter that information and transfer assets or information to about anyone you choose. Europol just arrested nine people in The Netherlands a few weeks ago who stole several million euros from people all over Europe using the above tactics. It is apparent that either the victims did not use two-factor authentication or it was not effective.
The term “hacking” as it relates to cybersecurity, is so much more than breaking into a network or computer. It is as much preying on human cognitive biases and oxytocin (the brain chemical that elicits trust) in many cases as it is about highly technical skills.