Jochen den Ouden knows exactly how a hacker operates, for he is one. Fortunately, he uses his knowledge and skills to uncover vulnerabilities in security systems and not to abuse them. How does a cybercriminal work, and why is it important to know? Three questions to ethical hacker Jochen den Ouden.
"Opportunity makes the thief," I sometimes say. The simpler the security, the easier it becomes for a malicious hacker to "get in. Often it's not even "something personal," but a coincidence. Some hackers scour the Web looking for vulnerable Web sites, poorly updated servers or errors in configurations. That's what they take advantage of.
Sometimes it's accidental: a hacker finds an interesting vulnerability and takes advantage of it. But sometimes it is also targeted, in which case a hacker takes a number of steps. The first step is often gathering information about the target. Consider, for example, finding out what computers an organization has or what software is being used. But also who works there (what is the hierarchy like, which people are responsible for maintaining the ICT systems, etc). Then an attack plan is devised. How can the hacker get in? For example, must he physically access a system (leave a USB stick, for example) to gain access, or can he do it remotely? What software is needed to do this? That could be malware (a virus, cryptolocker, etc.), for example. Then it is important that the hacker can maintain access. Sometimes that has already been done in the attack. For example, malware has then been sent with a so-called "backdoor. This gives access to the system without the employees realizing it and therefore the hacker has free rein. Eventually, the attacker can think of exploiting the leak further or encrypting files. The latter is very popular these days because there is quite a bit of money to be made.
If you know how a hacker thinks and works, you can better understand how to protect your own data (or that of the boss). The better you understand the steps a hacker takes, the better you can defend yourself against an attack. Not only can you come up with technical solutions (a good firewall, for example) but because you understand how the hacker thinks and works, you can also think along in, for example, policy and rule making so that technology and the employee work better together.
Jochen den Ouden is the instructor of the course Mindset of a hacker that will take place in Utrecht on March 9, 2020.
Every day in the news we hear about cyberattacks, hackers and data breaches. But how does a hacker actually work? How can you arm yourself and your organization against unwanted third-party access? You do that by thinking and working like a hacker.
In addition to a higher awareness of cybersecurity, the student gains insight into what six steps a hacker takes to obtain data.
Learn more about the course Mindset of a hacker
This article can also be found in the Information Security dossier
