Are You Ready To Defend Your Club and Yourself? Cyber Threats to Clubs Are Real - Part 2

Once a pastime for hobbyists and amateurs, cybercrime is now within the purview of organized criminal enterprises, whose agendas and methods are significantly different from that of the stereotypical hacker.

Starting with this issue, we will present a multi-part series on emerging security risks and assess their impacts on clubs. In Part Two, we'll continue to lay the groundwork, looking at the changing face of cybercrime and its evolving web of tactics and methods. In the next issue, we will consider how cybercriminals are targeting new technologies like social media, will identify some specific technical risks faced by clubs and recommend countermeasures for thwarting attacks.

10_2_14_1

New hackers, new models, new risks
So just who is this new breed of hacker? In truth, there is not one new model, but several, and each has different mindsets. Motivations range from the politically motivated hacktivist (an activist hacker who seeks to make a political statement through his or her hacks), to the profit-seeking mob-like syndicate (who are highly organized, efficient and corporate in structure), to the small-time operator (who may also be a highly-educated developer but one who operates autonomously), to the familiar tech-savvy teenager who is usually independent and unaffiliated.

One of the most troubling new hacker models is the organized criminal enterprise. This development marks the passage of cybercrime from amateur to professional ranks. If the old hacker was a lone operator with recreational goals, the new cybercriminal is a professional manager. He or she may be a formally trained developer or a professionally trained intelligence operative. The structure of the organization may resemble a corporation, with leaders at the top who reap the financial rewards of the hack, but who do little hacking themselves. While some models resemble old-style organized crime syndicates, others are more akin to a modern terrorist entity with a cellular structure of widely distributed hackers who are totally unconnected to and unaware of the specific activities of other hackers.

These enterprises are often transnational, with hackers distributed throughout the world. Leaders deliberately plan criminal activity to cross as many borders and jurisdictions as possible. This makes it very hard to prosecute these crimes, especially if the hacking occurs in countries with little to no legal structure in place (i.e., no well-defined laws on cybercrimes and no procedural rules governing evidence-gathering and investigation). This allows cybercriminals to take advantage of gaps in existing law to avoid apprehension and prosecution.

How big is their incentive to commit their crimes? While estimates can vary dramatically, in the last few years, numerous law enforcement and security research sources have estimated that cybercrime profits range anywhere from a few billion to several hundred billions of dollars. To put this in perspective, profits from illegal narcotics trafficking are estimated to be around $500 billion.

10_2_14_2

Obfuscation and Stealth Tactics
It used to be the case that when your computer was infected with a virus, worm or Trojan, you would see the damage at some point, whether it was annoying pop-ups, corrupted data, network flooding or machine instability. These days, you would be lucky to notice your machine was running slow before finding out months later that your credit card details had been stolen by a Trojan running quietly in the background.

The goal of today's malware authors is to create malicious software that can go undetected for as long as possible, allowing it plenty of time to quietly steal credit card data, send spam and replicate itself. The malware may be in the system for months doing reconnaissance work before it finally takes overt action. Symptoms will appear long after the initial infection, if they appear at all.

The most dangerous malware today is constantly being altered and mutated, in order to ensure that it does not match known signatures. Thus, security measures can't even find the malware, much less remove it. Even identifying an intrusion has become more difficult because of the attackers' use of encryption and hidden communications. What all this means for organizations is that they may not know their systems have been attacked until the damage has been done.

Remember, however, that hacktivists tend to operate differently. They don't rely on long-term stealth tactics – quite the contrary. Hacktivists want their attacks to be as blatant and public as possible. Their goal is to bring attention to their cause, not to steal credit card data (although they may do this too). Overall, hacktivists' behaviors and motivations are hard to predict. Their drivers are emotional or political, and out-of-line with the apparent financial benefits that might be gained from the breach.

As this overview demonstrates, the shadowy world of cybercrime never sits still, but evolves with the times. Armed with this knowledge, clubs should continually assess their security standards for hidden gaps and vulnerabilities. Actually implementing such a rigorous review process, however, can be a challenge. In our next issue, we will bring the discussion down to the organizational level, and outline some steps you can take to protect your organization.

09_23_14_3

For more information on security standards and practices for your organization, please contact Daimon E. Geopfert, national leader, Security and Privacy Consulting, Technology Risk Advisory Services, McGladrey LLP, at 312.634.4523.