Hacking demo highlights ease of cybertheft
Martin Voelk of Cyber 51 Limited, to show how easy it can be for cyber-criminals or mischief makers to breach online systems, demonstrated how to hack in four steps on Tuesday.
The IT security expert said that while computer hacking has been on the rise over the past decade, companies tend to act to protect their systems only after they have been victimised.
Those searching out protective services, he said, mostly fall into three categories: clients who have been hacked; clients that have to conform to regulations; and those who hear about attacks and are trying not to become victims.
Persons falling outside those three groups, he said, rarely present themselves as clients.
Voelk told a forum, organised by Columbus Business Solutions in New Kingston, that hacking tools are so easily accessible - for example, in demonstration videos on the Internet - that the first step in protecting your computer system is to attack the problem through the eyes of a hacker in what he called 'a penetration test'.
"Security is a never-ending wheel for those using the Internet, because when you get over one problem you have another one to deal with that came out of solving the previous problem," said the security expert.
"The penetration test is only as current as the day it was done, but that is why it is a recurring service," he said.
Under the penetration test, companies are advised to hire experts to hack their own system in order to identify its vulnerabilities.
"We would tell the customer what we did to get in the system and they can correct it," Voelk said.
In his four-step hacking demonstration, Voelk said that in the first phase, the attacker would scan the system to check the different services that are running.
"You wouldn't want to hack into a web server when what you really want is a database server, so the hackers will scan first," he said.
Next, the hacker searches for more details from the server such as the type of software; then looks for exploits in order to break into the remote system.
"These exploits are all over the Internet. They are readily available. You just need to locate one on the Internet and run the exploit against the server," he said.
When the exploit is successfully executed the hacker will have control over the remote system.
"Now you can do anything you want, take any information you want - and a lot of them leave it open to come back at a later date," he said.
An exploit can be a series of commands or software.
Voelk is the founder of Cyber 51. He has 14 years of IT security experience and is a certified ethical hacker, according to his company's website. Cyber 51 has offices in the United Kingdom, United States and Mexico.
marcella.scarlett@gleanerjm.com