I subscribe to this concept.
Hardening Internet and Phone against Hacking
- Thread starter Rigo
- Start date
frase
Well-Known Member
- Reaction score
- 4,666
- Location
- Melbourne, Australia
@britechguy Scamming is what I meant, accidently put spamming.
@Rigo Social engineering leads to a hack.
Each to their own beliefs.
@Rigo Social engineering leads to a hack.
Each to their own beliefs.
GTP
Well-Known Member
- Reaction score
- 9,979
- Location
- Adelaide, Australia
According to Auntie Google the definition of hacking is "the act of gaining of unauthorized access to data in a system or computer."
Also "the use of a computer or system without permission."
So to my mind anyone who allows someone to access their computer or system knowingly doesnt constitute a "hack."
Australian Cybersecrity Laws list "Hacking" as "Unauthorised access"
Also "the use of a computer or system without permission."
So to my mind anyone who allows someone to access their computer or system knowingly doesnt constitute a "hack."
Australian Cybersecrity Laws list "Hacking" as "Unauthorised access"
Sky-Knight
Well-Known Member
- Reaction score
- 5,767
- Location
- Arizona
It's even broader than you think. Because a "hack" is also a word used to describe functional, but otherwise poor code that's hard to maintain shoved into a system that's not ready for it.
The first definition, cut with rough or heavy blows applies here. We're just not talking about trees or grass, we're talking about ideas, systems, procedures, and even people.
Hack is akin to "virus" these days in these matters. There are more specific words for specific ideas and events, but "hack" is a vague coverall.
YeOldeStonecat
Well-Known Member
- Reaction score
- 6,887
- Location
- Englewood Florida
It's about "user education". You can only put so much into place, as far as...services, or settings, systems, software. The term "hardening" is a bit too...assuming. At the end of the day, the majority of it relies on "human behavior".
As for the term "Hacking"....I also LOL at how much it's become "over used". Myself...I lean towards the concept of "breaking in due to leveraging exploits, back doors, etc". But...technically....the actual definition of hacking is "Unauthorized access to a network(s)/computer system(s) for some illicit purpose". The term "unauthorized" can be interchanged with "without permission". Now...here is where it gets "gray". Some people will argue "But...the end user let them in, by answering the Phish, or by clicking the PDF, or...by installing that app and clicking "allow" without reading the fine print!. Well...the end user was "tricked". OK..the end user was an idiot, was stupid, careless, whatever. For the purpose of the definition, the end user did not intentionally knowingly invite the bad guy in...they just...didn't slow down to "think". So Sally at the front desk, who doesn't slow down to examine any phishing email that asks for her password...fell to the phish, "technically" she opened the door for the bad guy, unknowingly. But she did not call up the hacker from Afghanistan and say "Here Achmed....is the Administrator password for our 365 account...I give it to you so you can break in".
The majority of malware, ransomware, etc....gets into business systems due to human error >80% of the time....I think more like..in the high 80's % of the time. Yes, we've had recent actual "exploit" waves, such as the recent Exchange "Hafnium" one. To me that is a good old classic example of a hacked system. Or recently we got called in by a business that was still on SBS2011...and their network was crushed because their server got poached and was running "cldap reflecton DDoS attacks". <==turned into a juicy migration to 365 and monthly MSP client.
Part of what we do is do a "security presentation" to clients. I bring my laptop and project to a big screen TV in a conference room or wherever they do their "all staff meetings". I also have a little mini projector I can plug into my laptop if the client doesn't have a big screen in a conference room, I can just project on a wall. It's a good "value add" for your clients on monthly plans. Or you can charge for one for clients not on a plan. People tend to "know" the term phishing, but...when you show them many..many examples, and tell stories about basically what happens behind the scenes, giving examples....you see a light bulb go on above their head. And they tend to "get it". Helps a lot.
You can only do so much. Even clients that you've put on MFA....those authenticator apps...we all know a few end users who are capable of say..standing in line at the grocery store, their authenticator asks to "allow or deny"..and by habit they'll just hush it with "allow".
As for the term "Hacking"....I also LOL at how much it's become "over used". Myself...I lean towards the concept of "breaking in due to leveraging exploits, back doors, etc". But...technically....the actual definition of hacking is "Unauthorized access to a network(s)/computer system(s) for some illicit purpose". The term "unauthorized" can be interchanged with "without permission". Now...here is where it gets "gray". Some people will argue "But...the end user let them in, by answering the Phish, or by clicking the PDF, or...by installing that app and clicking "allow" without reading the fine print!. Well...the end user was "tricked". OK..the end user was an idiot, was stupid, careless, whatever. For the purpose of the definition, the end user did not intentionally knowingly invite the bad guy in...they just...didn't slow down to "think". So Sally at the front desk, who doesn't slow down to examine any phishing email that asks for her password...fell to the phish, "technically" she opened the door for the bad guy, unknowingly. But she did not call up the hacker from Afghanistan and say "Here Achmed....is the Administrator password for our 365 account...I give it to you so you can break in".
The majority of malware, ransomware, etc....gets into business systems due to human error >80% of the time....I think more like..in the high 80's % of the time. Yes, we've had recent actual "exploit" waves, such as the recent Exchange "Hafnium" one. To me that is a good old classic example of a hacked system. Or recently we got called in by a business that was still on SBS2011...and their network was crushed because their server got poached and was running "cldap reflecton DDoS attacks". <==turned into a juicy migration to 365 and monthly MSP client.
Part of what we do is do a "security presentation" to clients. I bring my laptop and project to a big screen TV in a conference room or wherever they do their "all staff meetings". I also have a little mini projector I can plug into my laptop if the client doesn't have a big screen in a conference room, I can just project on a wall. It's a good "value add" for your clients on monthly plans. Or you can charge for one for clients not on a plan. People tend to "know" the term phishing, but...when you show them many..many examples, and tell stories about basically what happens behind the scenes, giving examples....you see a light bulb go on above their head. And they tend to "get it". Helps a lot.
You can only do so much. Even clients that you've put on MFA....those authenticator apps...we all know a few end users who are capable of say..standing in line at the grocery store, their authenticator asks to "allow or deny"..and by habit they'll just hush it with "allow".
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
Terms change. Hacking now means any method of gaining access to a computer not just technical means.
It is just like the word gay. It used to mean happy now it means homosexuality.
Terms change. Arguing about it is looking the horse’s backside as it is running away from the barn. It is too late.
It is just like the word gay. It used to mean happy now it means homosexuality.
Terms change. Arguing about it is looking the horse’s backside as it is running away from the barn. It is too late.
britechguy
Well-Known Member
- Reaction score
- 5,017
- Location
- Staunton, VA
The point being, it doesn't. There are lots of experts who do not accept the "not by technical means" definition. It isn't just me.
My central point, though, is that it's important to be clear about what is being discussed, no matter who's doing the discussing. So if you are someone who takes hacking as a very broad umbrella term there's little use, here, in using it, as in most cases we're talking about some specific form, not all of it.
But I will make clear, for myself, that I will never use the term hacking for social engineering. If I'm discussing that, broadly, that's the term I'll use, and if specifically I'll use something like phishing, spear phishing, etc.
There needs to be some way to make a clear differentiation between attack by technological means alone as opposed to tricking a human being into doing something stupid and giving "the keys to the kingdom" away. These are two utterly different attack surfaces that have utterly different solutions. That not only should matter, it does matter.
There is no solution to hacking under the very broad definition because it covers way too much territory to even be of much utility.
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
And again you just demonstrated that you have missed the point. Terms change. Hacking used to refer to writing, usually news writers, who were often called hackers or just hacks. It then became a term used by computer programmers who would hack out code, the term then was hijacked by the public to refer to computer programers who used their skills to break into other computers. Old school programmers were offended by the hijacking of the label they wore with pride.
Social engineering is just a toolset for criminals attempting to access computers. The fact is that such tricks are part of the same goal and used hand in hand with real hacking tools. The ones that use social engineering tricks and cons are no different in their goals than the bad acting computer programmers. They are all hackers as the goal of both is the compromise of someone’s computer.
That doesn’t mean that you shouldn’t educate end users about social engineering tricks just like you need to educate them about firewalls.
Like it or not the public has already labeled both kinds of criminals as hackers.
Social engineering is just a toolset for criminals attempting to access computers. The fact is that such tricks are part of the same goal and used hand in hand with real hacking tools. The ones that use social engineering tricks and cons are no different in their goals than the bad acting computer programmers. They are all hackers as the goal of both is the compromise of someone’s computer.
That doesn’t mean that you shouldn’t educate end users about social engineering tricks just like you need to educate them about firewalls.
Like it or not the public has already labeled both kinds of criminals as hackers.
Last edited:
Sky-Knight
Well-Known Member
- Reaction score
- 5,767
- Location
- Arizona
The experts don't matter... language evolves based on a plurality of use. The dictionaries are always behind this trend just a bit.
This is just like why we all pronounce "to" when we read "two", instead of actually pronouncing that w... everyone once pronounced that w, it was dropped. Because pronunciation changed. Definitions are influenced by the same forces.
Heck the differences between the internally understood definitions of some words are almost the foundation upon which the political division in the US is built on. This is an OLD argument.
Oh, and there is a term that means "technological breach", it's an exploit.
This is just like why we all pronounce "to" when we read "two", instead of actually pronouncing that w... everyone once pronounced that w, it was dropped. Because pronunciation changed. Definitions are influenced by the same forces.
Heck the differences between the internally understood definitions of some words are almost the foundation upon which the political division in the US is built on. This is an OLD argument.
Oh, and there is a term that means "technological breach", it's an exploit.
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
This. Perfectly distilled my point.
britechguy
Well-Known Member
- Reaction score
- 5,017
- Location
- Staunton, VA
Whether you wish to believe it or not, I am not a prescriptivist but a descriptivist. But what you believe to be a fait accompli in change in language usage I do not. This is definitely still a transitional stage.
But, in any case, I'll accept your point. But I won't use the language that way myself, and I won't use it that way to clients. I'll also educate clients to be more precise in their thinking about this, because understanding the "how" matters in what you need to do to prevent it.
There's very little an end user can do to prevent exploits in the grand scheme of things. They're almost entirely able to prevent breaches from social engineering with some very simple practices, applied consistently. That's a huge difference in ability to protect oneself.
I’ll throw in another angle in this thread:
Because of (I'm presuming) the combination of clickbait tabloid news and the rise of social engineering, you should also be conscious of the alarming rise of mentally vulnerable/clinically paranoid people claiming they’ve been hacked because they do not understand how applications or websites work.
I got one customer convinced that a Portuguese folk singer is monitoring them through the phone, router and TV, apparently partly because of YouTubes recommendation engine.
There are several more instances from other customers with varying degrees of both plain absurdities and gut-wrenching reasons for why they think they are “being hacked”.
It is not my place to recommend psychological help, so I just try to professionally explain the how’s and why’s of the “IT problem” they come to me with as clearly as possible, hoping to make them see it’s not something to worry about. However, they often try to bend the story of their impossible “attack” as I deconstruct it, to support their narrative that someone is in fact after them.
After becoming aware of these issues, I now tend to try to avoid getting involved with these individuals as it is too much of both a time sink and, I feel, morally ambiguous to try to “help” and then bill them.
Because of (I'm presuming) the combination of clickbait tabloid news and the rise of social engineering, you should also be conscious of the alarming rise of mentally vulnerable/clinically paranoid people claiming they’ve been hacked because they do not understand how applications or websites work.
I got one customer convinced that a Portuguese folk singer is monitoring them through the phone, router and TV, apparently partly because of YouTubes recommendation engine.
There are several more instances from other customers with varying degrees of both plain absurdities and gut-wrenching reasons for why they think they are “being hacked”.
It is not my place to recommend psychological help, so I just try to professionally explain the how’s and why’s of the “IT problem” they come to me with as clearly as possible, hoping to make them see it’s not something to worry about. However, they often try to bend the story of their impossible “attack” as I deconstruct it, to support their narrative that someone is in fact after them.
After becoming aware of these issues, I now tend to try to avoid getting involved with these individuals as it is too much of both a time sink and, I feel, morally ambiguous to try to “help” and then bill them.
The thing is that we're dealing with people who mostly don't care about semantics or get confused about expression we understand properly for what they mean technically.
Over here I get enquiries about "something gone wrong with the modem".
So your Internet has stopped working?
No no, it was making a weird noise, and now when I push the button nothing happens, no fan noise, no light, nothing.
Then the penny drops and I realise it's about the computer box itself.
Or the complaint about the computer when showing the monitor as this would be the computer itself.
The thing with hacking now seems to be a similar muddle up of expressions and we have to adapt so we can communicate with the customer at their level.
I can't see myself ever referring to the computer as a modem, but I'm no longer thrown off as badly when someone calls about their 'modem'
.
Same with hacking, used to mean 'breaking into a computer system by means of technical feats', now it's unauthorised access to a computer don't worry about how. Can't see myself ever calling such generalisation hacking but I'll adapt for the sake of communicating with the customer.
Fair enough
Over here I get enquiries about "something gone wrong with the modem".
So your Internet has stopped working?
No no, it was making a weird noise, and now when I push the button nothing happens, no fan noise, no light, nothing.
Then the penny drops and I realise it's about the computer box itself.
Or the complaint about the computer when showing the monitor as this would be the computer itself.
The thing with hacking now seems to be a similar muddle up of expressions and we have to adapt so we can communicate with the customer at their level.
I can't see myself ever referring to the computer as a modem, but I'm no longer thrown off as badly when someone calls about their 'modem'
.Same with hacking, used to mean 'breaking into a computer system by means of technical feats', now it's unauthorised access to a computer don't worry about how. Can't see myself ever calling such generalisation hacking but I'll adapt for the sake of communicating with the customer.
Fair enough
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
The amount of narrow vision of some people is amazing. I once had a client who called me up saying he could not get his email. After trying to quiz him about error messages and the like ALL he would say is that “I can’t get my damn email!” Realizing that I was getting nowhere I went on site. When I entered the room I could smell the ozone and could see the dead PC. Nothing in his discussion with me mentioned the loud bang or puff of smoke he saw when he flipped on the PC that morning. All he cared about was that he could not get his email. #facepalm
Markverhyden
Well-Known Member
- Reaction score
- 11,213
- Location
- Raleigh, NC
The reality of the matter is the police are some of the least informed about how to really tell what's going on.
I can visualize the call she made.
her: My computer's been hacked.
dispatcher: Sorry to hear that Ma'am. How do you know that?
her: <insert typical thing that makes people think they are being hacked such as getting emails saying they've been hacked>
dispatcher: <put's her on hold> Sargent got someone who thinks they've been hacked.
sargaent: <face palm> Tell her to get computer person to look at her system. We don't get involved with those things.
dispatcher: Ma'am we recommend you hire someone who can look at the you system to see if anything has happened and what they can do to protect it.
her: But I tell you, I know it's been hacked.
dispatcher: I understand that Ma'am but the police does not get involved in something like you are describing.
She's just looking for validation for her beliefs. Just like any other customer who thinks they absolutely know how it all works.
Last edited:
Similar threads
