How to Stop a Hacker: Disincentivizing Cybercriminals (SecurityWeek)

As long as computers have been in existence, there have been people trying to hack them. As technology has evolved and improved, so has the advancements for keeping cyberattacks at bay. But of course, as technology gets smarter, so do the hackers. For years, there has been a ceaseless cycle of organizations finding new ways to secure their data, while hackers continue to find ways to break in and access it.

Cybercriminals, or the “bad” hackers, hack because it’s profitable. A recent report showed that 72 percent of hackers are financially motivated. That means that if the economic incentives were minimized, many may find that it is no longer worthwhile to attempt a cyberattack. Of course, there are many nation state attackers and “hacktivists” who choose to hack for other, non-financial reasons. But for the large majority of cybercriminals attempting to make a buck, it’s important to find ways to deter these criminals from putting forth the effort to attack in the first place. 

Rather than focusing our efforts on stopping cyberattacks, what if we were to instead turn our focus to stopping the attackers themselves from having the incentive to attack in the first place? Here are a few ways to lessen these incentives in an effort to stop cybercrime at the source.

Make examples out of hackers. Hacking is unlike many other forms of crime in that it can entirely be done from the safety of your own home, behind the confines of a computer screen. The lack of public exposure leads many cybercriminals to believe they are above the law or otherwise safe from prosecution. Adding to this issue is the fact that many of these attackers live in countries that don’t have extradition treaties with the United States and their local governments may tolerate a certain amount of attacks. 

However, when law enforcement makes a high-profile arrest or indictment, such as the recent accusation of the parties responsible for the 2014 Yahoo hack, it can serve as a harsh reminder to others that they too could be subject to criminal prosecution. It is also promising to see an increase in coordination between international law enforcement entities to stop attacks, such as the 2016 arrest of the ringleader of a global scamming network that was led by Interpol and Nigeria’s anti-fraud agency. These examples further indicate that the old concept of being anonymous and unable to be caught is no longer applicable when cybercriminals are on the cover of news articles or behind bars. This reminder may be enough to dissuade hackers from attempting similar crimes.

Make hacking more costly. Hacking can be expensive, time-consuming work. Many attackers are put off by the possibility that they may spend countless hours of their lives developing a singular botnet or malicious website, only to have it stopped immediately. At the ecosystem level, the continued prevalence of taking down botnets and disrupting hacking organizations is a strong deterrence for those trying to exploit these vulnerabilities. Rebuilding servers requires time, effort and money for cybercriminals, many of whom may no longer wish to put in the level of work that it would take to get their activities back up and running. Hence there is usually a lot of leveraging of botnets that have already had a least one successful attack through repeat attacks at different sites or small modifications to it.

While it’s certainly plausible that more attacks may come in their place, the disruption could be significant enough to slow the hackers down and make their chosen line of work more costly. By stopping these activities in their tracks, especially those working on a large scale, it could discourage other hackers from developing similar tools, or repeating their previous attacks. As an example, there are efforts underway to do network-level botnet command and control infiltration.

Harden infrastructure. A common practice among cybercriminals is a reconnaissance phase, in which hackers do broad scans for systems that appear to be vulnerable. Implementing strong safeguards to make your organization appear secure is a key way to deter the economically-minded hackers who are looking for a quick payday. If you have strong security practices in place, you will look like a much less attractive target to the cybercriminals, who will likely choose to focus their efforts elsewhere in the hopes of targeting a more easily accessible option. Hardening includes efforts such as being diligent in upgrading software and hardware patches for known Common Vulnerabilities and Exposures (CVEs).

De-value data. Many hackers these days choose to focus their efforts on accumulating data that may be useful down the road – whether to exploit, sell or otherwise leverage the information they obtained through illegal means. However, if the data they are looking to acquire becomes much less valuable, they won’t be as motivated to acquire it.

For example, the payments industry has started cutting down on card-present credit card fraud with the introduction of EMV chips. Each time an EMV card is used for payment, the chip in the card creates a unique transaction code that cannot be used again. This means that if a hacker were to steal the chip information from a specific point of sale terminal, that transaction number would not be able to be used again, making it useless to attackers. This has made credit card information much less valuable to acquire, as it is almost impossible to reuse the information.

Similarly, two-factor authentication has made passwords less of a target for hackers – without the second authentication method, such as an individual’s cell phone, having a user’s password is virtually useless. Identifying methods such as these to lessen the allure of certain types of data is a great way to deter hackers from targeting your valuable information.

While there is no singular solution for stopping hackers in their tracks, by implementing a few of these measures, we can work to put an end to the real incentives that exist for hackers today. By removing the allure of hacking, we can hopefully incentivize cybercriminals to instead use their skills in a positive way, to benefit not only themselves but also the greater good.

Jennifer Blatnik is VP of cloud, security and enterprise marketing at

Juniper Networks

with focus on enterprise deployments of security, routing, switching and SDN products, as well as cloud solutions. She has more than 20 years of experience helping enterprises solve network security challenges. Before joining Juniper, she served multiple roles at Cisco, including directing product management for security technologies aimed at small to medium enterprises, as well as supporting managed services, cloud service architectures and go-to-market strategies. She holds a B.A. in Computer Science from University of California, Berkeley.

Previous Columns by Jennifer Blatnik:


Source: SANS ISC SecNewsFeed @ May 4, 2017 at 06:54AM