A hacker is not a cybercriminal with José Manuel Ávalos

José Manuel Ávalos is Managing Director at Disruptive Consulting, a consultancy that provides cybersecurity services and performs R&D in different technologies with a great social and economic impact such as Blockchain, Big Data, IoT, etc.

He is is also co-director and host of 'Cosas de Hackers', a popular show about new technologies.

What types of cybercrime are there?

Broadly speaking, cybercrime refers to crimes that are committed in computer or other digital systems and, also, to physical crimes that use digital means.

In general, we can classify cybercrime according to motivation and objective, albeit with many nuances.

Hacktivism, for example, is primarily ideologically motivated and does not seek to destroy its goal but to draw attention to certain political or ideological attitudes. Denial of service (DDoS) attacks, publishing confidential information (doxing) or manipulating web pages (defacement) are common in this sense in order to make their cause public.

On the other hand, script kiddies are virtuosos of technology who seek notoriety and fame. Thus, they are dedicated to detecting vulnerabilities in networks, programs and / or platforms to deconfigure them.

There is also cyber espionage, carried out by institutions, organizations and / or governments with the aim of obtaining relevant information and a competitive advantage. It is usually materialized in attacks such as infiltrations or phishing or through insiders, staff inside the organization who leak relevant information moved for economic reasons or revenge.

The famous cyberwar is waged by states against states; In this category we find the APTs Advanced Persistent Threat, organized groups with great resources that carry out attacks around the globe against governments, institutions, industry, companies and / or citizens. These include theft of information, causing damage, social panic and / or influence operations. At the same time, numerous armies around the globe have specific military units for warfare in cyberspace.

There is also cyberterrorism, organizations that exercise terrorism through new technologies and whose objective is none other than to do harm and generate social panic. They often sabotage critical infrastructures or public institutions in order to destroy them and restrict our freedoms.

Finally, cybercriminals are primarily motivated by financial gain. They are usually very well organized groups that work as a well structured organization or company where each unit has its objective. In addition, some have investors and even publish annual projections, business plans and even quarterly reviews to continue growing and offer their services on demand.

During COVID-19, their most common operations to do evil have increased, such as the famous ransomware attacks, identity theft, malware distribution or banking Trojans.

Is a hacker the same as a cybercriminal?

We must differentiate between a hacker and a cybercriminal, since they are not the same.

The term hacker in the Spanish-speaking world has been misinterpreted, as hackers are not the bad guys. A hacker is any person who investigates and investigates, driven by curiosity, the computer systems in search of any flaw and then communicates that knowledge with the aim of improving the systems and thus preventing cyber-bad guys from taking advantage of those vulnerabilities and can profit.

The recent cyberattacks on the Colonial Pipeline, which supplies 50% of jet and car fuel to the northeastern U.S.A. and much of the south, as well as JBS SA, the world's largest meat producer, reflect the diversity of targets and the scope of the attacks. What types of cyberattacks exist today and which are the most frequent?

Certainly, there is quite a bit of confusion about which types of attacks are the most common since the general press usually only reflects the most spectacular ones such as ransomware.

Although it has increased this year and is booming, they are not the most common attacks given their complexity.

According to the latest annual report of the European Union Agency for Cybersecurity, first on the list are malicious programs or malware, web attacks, phishing, attacks on web applications, spam, denial of service attacks o DDoS and identity theft. Thus, ransomware is not the most common technique, although it is among the top 20 in the ranking. In addition, the report draws three clear conclusions: cybercriminals have increased their capabilities, have adapted quickly to the pandemic and have been more effective in their objectives.

Why is cybercrime considered one of the biggest criminal threats today?

According to McAfee, in 2019 cybercrime across the globe caused more than € 800 billion in losses. But in addition, a cyberattack also has consequences in organizations and influences the performance and attitude of the people who make them up.

In addition, the cybercrime market is booming and it is very lucrative for cybercriminals as they can act with considerable impunity and with almost no judicial consequence due to the complexity and anonymity of the network and the complicated international jurisprudence. Likewise, some experts place the cybercrime business above the drug business in terms of economic benefits.

Is cybercrime today part of global geopolitics?

Yes, so much so that in the recent meeting between President Biden and Putin in Switzerland, among the topics to be discussed were cyber weapons as a priority.

Biden has asked the Russian government to stop the attacks from its territory and take effective measures to kill cybercriminals operating from Russia or the US will respond with economic measures.

Having cyber bad guys at your service, a catalog of cyber weapons and / or military groups specialized in cyber warfare offers a strategic advantage over your adversaries. Furthermore, given that the authorship is hardly attributable and it is complex to identify who or who is behind a cyber attack, it seems to be an almost perfect line of negotiation. Of course, there are always suspicions or certainties of who or who are behind.

Is it true that we can suffer a cyberattack through our coffee maker if it is connected to the network or is it a legend?

All technology by definition will have flaws that make it vulnerable and these vulnerabilities, sooner or later, will be discovered.

Indeed, it is not an urban legend that our coffee maker, thermometer, doorbell or vacuum cleaner ends up being hacked. In fact, it has already happened. The botnets that zombify our connected devices is a reality on the rise, causing us to lose control of them or be used as an entry vector to cyber attack us. There are some recommendations for use: as far as possible we must keep our devices, both software and firmware, connected to secure network segments, updated and with restricted access, although this will impact the service provided by said device. We must also bear in mind that the router of our internet provider is the gateway to our house, so it is worth configuring a certain level of security in it.

Finally, what are the main errors in our use of online tools that favor us being cyber-attacked?

Good question, the truth is that it all comes down to two words: common sense. We should all follow the “not doing anything on the net that you wouldn’t do outside it” premise.

The widespread use of social networks, our need to publish everything we do -places, purchases, events, etc.-, configure our applications and systems with easily remembered passwords and repeat them without knowledge, believe everything that comes to us by mail, messaging , fake news is the perfect breeding ground for cybercrime to roam freely.