IT security: how to spot a hacker

After many years in the IT industry, I’ve discovered a hacker doesn’t always
fit the stereotype. Instead, according to the FBI, the most common hacker is
probably sitting at the desk next to you, right now.

This is someone who gets to work early, takes his or her turn cleaning out
the office fridge, tells funny stories at lunch and, at some point, makes a very
dumb move. It often starts when this hacker-next-door sees a file directory or
workstation that’s just too juicy to pass by, like one named ‘Salary
Comparison’. It’s simply too tempting NOT to peek inside.

In other words, curiosity is one scenario motivating the most common hacker.
Another is revenge and, of course, increasingly on the rise is industrial

What organisation has time to do professional, in-depth background checks on
every temping IT consultant? Often this part-time help is called upon when times
are tough, and corners are most easily cut during a recession. The result is
people who get easy access to the most sensitive and impenetrable systems.

No matter what the reason, internal hacker attacks make up 70% of all
security breaches according to the FBI. The next question is: how do these
attackers get access to critical systems?

The answer: all too easily. Once that hacker-next-door decides to break into
a target system, their next stop is a search engine. A few key words later, and
anyone can discover that the most common ­ and effective ­ type of hack into a
target system is to become what’s called a ‘script kiddie’.

Script kiddies use default lists of privileged passwords, or the
super-user/administrative codes built into every piece of hardware and software.
Have you ever noticed the ‘Administrator’ ID next to your name when you login to
your workstation? That’s a privileged user and password, a backdoor into your
system built by the manufacturer. It cannot be disabled or destroyed.

Let’s turn back to our hacker-next-door who wants to access the salary
comparison workstation. They don’t know who owns this workstation, but they can
search to find what the default Administrator passwords are for this type of
standard business PC.

If the built-in default doesn’t work, the would-be hacker may try simple
passwords like CompanyName123. You’d be stunned how often these basic passwords
– also available as mini computer programs on the web ­ are the fastest way into
any organisation’s data.

Once the hacker enters a target system with a privileged password, the
evil-doer now has more access to data than the system’s legitimate users. At one
company, for example, a disgruntled IT professional changed every password on
the network.
All software had to be reloaded. The company was basically shut down for days.

Meanwhile, the angry ex-employee denied all knowledge of the incident. And
who could prosecute him? The deed was done under an anonymous identity, the

So there you have it: the most common hacker is actually someone working in
your business today, a non-professional trouble-maker who ­ when tempted ­ can
easily find his or her way into your organisation’s most sensitive data.

This leads to another question I am commonly asked: why do most enterprises
leave their privileged passwords, the keys to their kingdom, open and unmanaged?

The reason is simple. Manually changing these codes is extremely
time-consuming, so these back doors generally stay open.

Visit professional hacker sites, and their biggest complaint about script
kiddies is not that they exist but that once these amateurs do something
flagrant and dumb with
privileged passwords, these wonderful secret passages into a company’s data get
closed to the professionals.

Of course, there are automated ways to securely change privileged passwords
in ‘digital vaults’, which ties an individual ID to a shared one ­ this very
software is now being used by many security-savvy enterprises around the world.

Until these products become standard tools in most enterprises, however, I’d
keep a close eye on the folks around you. You never know who is privileged to
your information.

Calum Macleod is European director of Cyber-Ark

Outsourcing danger

Outsource your code and you’re more likely to be hacked. Organisations that
admitted to being frequently hacked all outsource at least some of their coding
practice, with 90% outsourcing more than a third, according to a report by
Quocirca and supported by Fortify Software.

The hacker’s future looks rosy, with 78% saying that it is important for them
to outsource software development due to the cost benefit.

But security is being left out in the cold as companies fail to build in
security when they outsource the development of their critical applications.

A staggering 60% of companies that outsource the coding of their critical
applications do not mandate that security must be built into the applications.

Yet statistics show that the software application layer is where most hackers
are accessing critical data.

According to NIST (National Institute of Standards and Technology), 92% of
vulnerabilities affecting computer networks are contained in software

As organisations increasingly look to outsource application development, more
components of software applications are being developed outside of their direct

You need to make sure when applications are designed that they are constantly
checked for vulnerabilities. Use application security software to do this

Rob Rachwald, Fortify Software (

Securing data on the move

How do you stop mobile data getting into the wrong hands?

• Encrypt your data on every device you carry, if it’s sensitive. As everyone
now uses their own personal devices to link into the corporate network be sure
you can accommodate every type of file.

• Buy a software product that can detect devices trying to connect to the
enterprise and sync with corporate data.

• Make sure the encryption software you invest in does not slow down your

• Never leave data security up to the end user. It is imperative that this is
controlled and managed centrally. This can also reduce TCO (total cost of
ownership) as machines don’t need to be locked down or bought into the office to
update them.

• Corporate governance now requires you to have security and prove it. Use
software that includes a central management console ¬ that way every machine is
protected and can be tracked.

Follow these steps and you will be able to roll out a sustainable security
policy for all end points and devices.

Peter Mitteregger, CREDANT Technologies

Related reading

HMRC banknotes