CybersecurityHunting hackers: An ethical hacker explains how to track down the bad guys
When a cyberattack occurs, ethical hackers are called in to be digital detectives. In a certain sense, they are like regular police detectives on TV. They have to search computer systems to find ways an intruder might have come in – a digital door or window left unlocked, perhaps. They look for evidence an attacker left of entry, like an electronic footprint in the dirt. And they try to determine what might have been copied or taken. But how do people track down hackers, figuring out what they have done and who they are? What’s involved, and who does this sort of work? The answer is that ethical hackers like me dig deep into digital systems, examining files logging users’ activity and deconstructing malicious software. We often team up with intelligence, legal and business experts, who bring outside expertise to add context for what we can find in the electronic record. But when the attack is more advanced, coordinated across multiple media platforms and leveraging skillful social engineering over years, it’s likely a government-sponsored effort, making arrests unlikely. That’s what happened when Russia hacked the U.S. presidential election. Diplomatic sanctions are an option. But pointing fingers between world superpowers is always a dangerous game.
When a cyberattack occurs, ethical hackers are called in to be digital detectives. In a certain sense, they are like regular police detectives on TV. They have to search computer systems to find ways an intruder might have come in – a digital door or window left unlocked, perhaps. They look for evidence an attacker left of entry, like an electronic footprint in the dirt. And they try to determine what might have been copied or taken.
Understanding this process has become more important to the public in light of recent events in the news. In October 2016, the U.S. officially said Russia was trying to embarrass respected political figures and interfere with the U.S. presidential election process. Specifically, the Obama administration formally blamed Russia for hacking into the Democratic National Committee’s computer systems. The statement hinged on the investigative capabilities of American ethical hackers working for both private companies and government agencies.
But how do people track down hackers, figuring out what they have done and who they are? What’s involved, and who does this sort of work? The answer is that ethical hackers like me dig deep into digital systems, examining files logging users’ activity and deconstructing malicious software. We often team up with intelligence, legal and business experts, who bring outside expertise to add context for what we can find in the electronic record.
Detecting an intrusion
Typically, an investigation begins when someone, or something, detects an unauthorized intrusion. Most network administrators set up intrusion detection systems to help them keep an eye on things. Much like an alarm system on a house, the intrusion detection software watches specific areas of a network, such as where it connects to other networks or where sensitive data are stored.
When it spots unusual activity, like an unauthorized user or a surprisingly high amount of data traffic to a particular off-site server, the intrusion detection system alerts network administrators. They act as cybersecurity first responders – like digital firefighters, police officers and paramedics. They react to the alert and try to figure out what happened to trigger it.
This can include a wide range of attacks, from random, unstructured incursions by individuals and small groups to well-organized and precision-targeted strikes from hackers backed by government agencies. Any of them can set off an intrusion alarm in a variety of ways.