Hacker Detection – Spot the Hackers

HACKER DETECTION

SPOT THE HACKERS

Not all hackers are cybercriminals. So how do you know if there are any hackers present in your company/organization its network and digital assets or cloud systems? How do you get a clear idea of what they are doing there, why and to what end? A presence could be either physical or virtual. We are all connected to the internet via our IP numbers and devices… Not all connections and data pockets are secure or encrypted. In many cases, users never read the access logs or even know this information exists. Most of the time, there is no time or knowledge on how to do this.

There is always a possibility that you are hacked without your knowledge. Different sources of Cyber Threat Intelligence confirm that hackers target as well individuals or whole industries. Not all your security measures will work. Many hackers launch attacks are able to bypass firewalls, antivirus systems and other security protections in place.

ARE YOU BEING HACKED?

Why should you bother about hackers?

The naive or blissful thinking attitude.. that nothing is going on, “don’t be paranoid”, this won’t happen to us, we are too busy, we have nothing to hide, we are ok, we are too small or unimportant to be a target of hackers (etc…) is the main reason that your blindspots will be exploited. The list of excuses not to spend some money and time and intelligence on cybersecurity is endless. Common sense is sometimes totally absent. In some cases, there is blatant denial or ignorance at work. Ask yourself:

  • who are the users in my network
  • who uses my bandwidth and WiFi access points?
  • are access passwords still stored in excel files or cleartext files?
  • is the confidentiality, integrity, accessibility of my files guaranteed (CIA principle)
  • who can access my data?
  • is my backup or cloud storage secure?
  • are there credentials stored online or in PC’s that should not be there?
  • how do I know if hackers are targeting my technical infrastructure?
  • are those new IoT devices secure?
  • what if a vendor stores my login on their systems in an insecure way?
  • how do I manage BYOD (bring your own devices)?
  • do I have a counter hacker attack strategy in place?
  • how do I monitor my network? who can monitor my network?
  • can somebody login and steal my files?
  • can my passwords be captured?
  • is my internet traffic encrypted?

Thus an investigation that goes deeper into finding out the significant unknowns, irregular or suspicious activity in and around computer networks and digital assets, digital devices might indicate that an organisation/company is being targeted by hackers or already under some form of cyberattack, surveillance or cyber espionage.

Here are some of the reasons why you SHOULD verify if you are being hacked or not:

  • you need to protect the data in your system, accounting details etc.
  • as a caretaker of your customers data, you are obliged by the law to comply with PDPA, GDPR and other regulatory requirement to safeguard these data and make sure you don’t put people in harms way, due to lack of compliance or negligence.
  • the wellbeing of your co-workers and staff might be put at risk if data is hacked
  • companies can literaly go bankrupt or use millions, if not billions of US dollar as the result of hacking or cyber attacks
  • if you are online, which means connected, the change that you are already hacked or will be hacked in the near future are quite high. Are you prepared?

Different types / categories of hackers (typology)

  • White Hat Hackers – cybersecurity professionals authorized or certified to hack systems – pentesting. ethical hackers.
  • Black Hat Hackers – attack systems to steal data or destroy the system. Criminal Hackers. Malicious intent is clear.
  • Gray Hat Hackers – in between black hat and white.
  • Script Kiddies – amateur hackers, trying things out, experimenting, juveniles – doing lot’s of DoS (Denial of Service) or DDoS attacks, IP-flooding etc…
  • Green Hat Hackers – learning from experiences – opportunics – trial and error users.
  • Blue Hat Hackers – hacking as a cyber weapon, gain popularity, revenge action, sometimes dangerous.
  • Red Hat Hackers – they counter attack the black hats.
  • State or Nation-state sponsored hackers – cyber espionage – spy on adversaries & other countries – government funded groups.
  • Professional Hackers for hire – basically mercenaries – will do anything for money if profitable – dark ops / covert ops.
  • Cyber Terrorist type of hackers – attacking or destroying national security facilities, critical infrastructure, etc..
  • Criminal hackers – into cyber crime –
  • Political hackers – Hacktivists – affiliated with certain political ideologies – hacking government websites –  personal, political or social motivation.
  • Malicious insider or whistleblowers – expose confidential data or illegal activies inside organizations.
  • APT groups – advanced persistent threats – long term threats – very persistent.
  • Cyber Warfare hackers – conduct cyber war, use of cyber weapons, sometimes linked to military operations.

Different Purposes and motivations of hacking

  • Ethical Hackers help companies and organizations in fixing their network security, IT security, cyber security. Battle against cyber threats, cyber crimes, setup cyber defences, detect vulnerabilities. do pentesting.

  • Black Hat Hackers: steal data, steal crypto currency and other information for self-profit, extortion, ransom, sell the data on the black market, dark web. Cause further nuissance to target company (e.g.: Ransomware Attacks)

Red flags that your digital assets or system might have been hacked


Many levels needs to be looked (CFR. OSI model & network infrastructure, software, hardware in use, cloud platforms etc.)

  • slow or unresponsive websites
  • suspiciously high outgoing network traffic
  • hacked devices run slow because other processes occupy the processor
  • increased disk activity or suspicious looking files in the root directories of any drive
  • illegal data exfiltration uses the network bandwith – network is slower – unauthorized data transfers
  • large number of packets which come from a single IP address
  • slow browsing speed due to for example DNS Hijacking – dirty plugins/extensions, hacked browsers
  • crashing systems – screen of death – freezing applications – lagging systems
  • pop-up ads, unwanted adware
  • reports that backdoors or trojans have been detected on your system
  • spy apps logging your actions (check for log-files)
  • online unauthorized activity on your accounts
  • unscheduled sudden reboots of devices
  • unauthorized changes in system settings
  • suspicious services added
  • other abnormalities…

How to detect hackers?

  • enumerate all the devices on your network. block mac-addresses that you don’t want to have access
  • check the IP addresses that connected to you. An IP address can be used to find their approximate geographic location
  • run TCPView in Windows to see who is connected
  • run a proper anti-virus, firewall on your device
  • check for spyware and PUPs
  • check if remote users are connected to your computer
  • check for unknown or suspicious processe running
  • follow a network intrusion course
  • check for illegal or suspicious software, many times these are used for remotely accessing a network

We are not just looking for the guy in a hoodie ..

Hackers come in many different shapes… Looks and appearances are deceiving or even set up as deception or obfuscation. Only deeper profiling will lead to tangible facts and proof of what is going on. Start the investigation and assessment today.