Maria Prokhorova about cybercrime in Ukraine and around the world

– Every day we get the news that hackers are attacking sites, databases, and so on. The waves of cybercrime seem to hit Ukrainian and foreign cyberspace. What caused such a large flow of Internet attacks?

It’s no secret that hackers make money from it. Someone earns money by breaking the system of a targeted object in order to damage its reputation after obtaining the necessary data. Others, known as “white hackers”, earn money by identifying system vulnerabilities, for which they are rewarded in the end. There are also political motives to blow a rival’s reputation or conspiracy theories early mentioned by Mr. Snowden. In any case, such a large flow of Internet attacks is caused by the desire to make good money. Today even schoolchildren learn how to hack systems and write viruses. The easiest computer worm can be written in 15 minutes if you follow all the instructions of an experienced expert on the Internet. 15 minutes and you’re already a novice hacker.

– Today the Internet of Things, which is a system that combines real things with a virtual network, is rapidly developing. Should we worry that it can also cause some security problems?

Yes, we should. About a year ago, the Internet spread the news that a smart vacuum cleaner which cleans and handles a significant part of household chores decided to end its cyber existence in the pool. That is, the robot itself decided to go under the water. The point is that if your enemy gets access to your Internet of things and a video camera, then such a robot cleaner may get into your pool where your children swim. And it can lead to fatal consequences.

Also in our blog there is an article about Petya virus which in 2017 spread through a coffee maker that was attached to the internal infrastructure. Because it was an element of the Internet of Things. And no matter how the pool vehicles and work systems were cleaned, the virus still spread through the coffee maker, precisely through the Internet of Things. Therefore, you need to be very attentive to such things and follow the rules of cybersecurity, even if it’s an ordinary coffee maker.

– The hackers are considered to be of different types. So to speak, they “wear” colorful hats: white, black and gray ones. What does it mean?

In general, the notions “white”, “black” and “gray” hackers are made up by the mass media. From a philosophical point of view, there are no such things as white or black. Basically, such definitions are used to characterize the activities of these people. Visually, they look like us. White hackers are cybersecurity experts who work on the Internet as hackers, find system vulnerabilities and immediately inform about it the administration of the platform. For example, they found a vulnerability in Windows 2012 and immediately reported to Microsoft support on this problem. The same works with cryptocurrency or brokerage exchange. If they find an error through which you can get access to customer accounts, they will immediately report it. This is how white hackers work. There are many different programs for this, so-called bounty programs. That is, the companies announce a contest and a monetary reward for detecting vulnerabilities in their products to test their system in real conditions. The cost of reward in such programs is very different. Sometimes the prize may reach $1 million. However, specific accounts for the identified vulnerability are rarely disclosed.

Now about black hackers. Black hackers are hackers who make money by hacking systems and getting information. This can be either a hacking of a competitor’s service, a DDoS attack, or getting information from an email or a database. For an ordinary person it’s not that bad but if you are a powerful media personality, then being hacked can lead to negative consequences for you. Therefore, the work of such hackers is quite expensive.

As for gray hackers, it is not hard to understand that gray hackers combine the features of black and white ones. A gray hacker is a person who uses black methods to his advantage as well as to others. It is often said that a white hacker is acting in order to serve society for the benefit, etc. Take, for instance, Edward Snowden – can he be considered a white hacker? Or is it just a man who escaped from the state military structures? That’s unclear. Therefore, let’s define white hackers as people who find vulnerabilities in the systems, thereby earning money and informing product owners about this, and black hackers as people who hack other products to achieve their own selfish goals.

– As you know, security cannot be achieved at the level of hardware. So what are the general security rules for users to avoid getting caught?

There is a statement that all devices consist of hardware, software and the human factor. 90% of hacks occur because of the human factor. Which is why the ground rules in cyber security for users are invented. Firstly, create a complex password consisting of characters, letters and numbers, and not (I emphasize!) from the names of your pets and the year of birth. It needs to be picked up by the algorithms. Secondly, do not follow malicious links. A lot of resources, especially on Ru.net, are resources that contain computer worms or various viruses. For example, in the past Zaycev.net was very popular, but the files that were downloaded from here were often infected with computer worms. The same goes for the Torrent. Therefore, we don’t recommend to visit or download doubtful files and resources. 

A purchased licensed software, which was not downloaded from the Internet, is the safest software product. Usually, this is not a cheap thing, but if you take the issue of digital hygiene seriously, it becomes a necessity.

– Is it true that a huge problem for cybersecurity is a so-called social engineering, which is often used by legendary hackers?

Yes, more than 90% of hacks are done with the help of social engineering. Let me explain the situation that existed earlier and the situation today. In the 1990s, strangers often called some parents and told that, for example, their son got into an accident. At the same time, they asked to bring $500 as soon as possible or transfer this sum of money to their card. The parents fell for it and brought the money, but as it turned out their son didn’t get into any accident and moreover he didn’t have any car. So what does that mean? On that night the criminals called you when you were sleepy and scared you to get your money. Hackers act in a similar way. They intimidate you or offer you something leaving you limited time to think and then make you do something. If earlier it was about transferring funds, then now it’s a request to follow the link, click a button or open a new tab. Again, social engineering comes into play. Let’s take for example a usual average accountant and call her Nancy. If she gets a mail about the sale of mink coats at a price of 4000 UAH, she will definitely click the link to see more. And the link may turn out to be malicious with a virus. In fact, the reports that are stored on her desktop can easily occur in the hands of interested competitors. Here is a vivid example of social engineering.

– Where can the threat come from? And who most of all becomes a victim of cybercriminals?

Anyone can become a victim of cybercriminals. This can be ordinary people as well as media faces and famous personalities from the Forbes list. After all, people with high status have valuable information that can affect the market and business. Ordinary people are the people who are simply involved in the processes through which the information can be obtained. For example, hackers can influence people and get information by sending a letter on behalf of a tax agency or a bank with a proposal to open a corporate account to the email of the object they want to hack. As a result, the person downloads the infected file contained in the letter and thus gives the attacker access to the computer.

– What are the most noticeable cybersecurity trends today? From what should we be reinsured first?

Cybersecurity is the trend. First of all, you need to understand for yourself what information can be published and what cannot. Maybe I’m a little superstitious, but I don’t publish personal life and information about my family on social networks, realizing that sometime in the future it can be used against me or against my family members. The next thing is the purity of the correspondence. It’s no secret that the security services may have rights and access to your correspondence with someone. Edward Snowden found it out long ago. Therefore, if you need to discuss something, and you would not want someone on the other side of the screen to know about it, then it is better to meet with this person tete-a-tete. And the last thing is a change of passwords. It’s really important. Because in the darknet there are a lot of different databases, databases of passwords, logins, mail, and accesses to various resources. These databases were obtained in different time. Some were received 20 years ago, others 5 years or a month ago. And the darknet is full of them. The cost of such a base starts at $40 and ends at $4,000. Why? Because everyone is interested in data and how it can be used in marketing, business promotion and more. Therefore, I recommend you to change passwords at least once every six months. Also appropriately react when you are notified by mail of a stranger that entered your account from another city or country. Because they can really access your account, log in and steal all your data.