Back in the day, like two years ago, the hacking game was all about attacking and compromising the biggest names as possible. However, over recent years, it appears as though trends within the hacking world have begun to shift. What I mean by this is that some of the worlds biggest or best hackers no longer care about “publicity,” but rather about “effectiveness.”
Traditionally hackers have always wanted to make a name for themselves or make international headlines in order to gain notoriety. The bigger the name and the bigger the entity you hacked, naturally the more people would hear about it and the more “famous” a hacker would become as a result. Essentially, why hack some random Joe Schmo down the street when you could hack an international conglomerate, celebrity or national figure? Sure, it might be much easier to hack your next door neighbor than a politician or corporation but no one would ever hear about it or know that you did it. What is the point of being an “1337 H4x0r” if no one knows who the hell you are or what you do?
However, nowadays hackers seem to be much more interested in low level targets than bigger ones. What I mean by this is that hackers are no longer attacking famous people or big brands, they are attacking all of the “little guys” attached to or whom do business with them. For example, why hack the NSA outright when you can hack some random contractor that the NSA does business with? You can wind up with the same level of root access, but with much less effort. This is exactly what the Russians did in 2016.
— Gizmodo (@Gizmodo) October 25, 2017
It is not just the NSA, this is happening all around the world in almost every industry you can think of. Lets take a look at Mozilla, the producers of one of the worlds most secure web browser. Mozilla is almost impossible to hack itself, so instead people have started to attack small companies that make add-on’s or extensions to Mozilla‘s product. For example, recently NoScript, a “legacy” add-on to the Firefox browser, was hacked and in doing so hackers were able to compromise users of Mozilla Firefox for a brief period of time.
This is also a strategy many hackers have begun to implement when targeting other web companies such as WordPress, the worlds largest website hosting platform. It would be extremely hard to hack WordPress outright, but it is much easier to hack all of the plugins you can install on your WordPress site. WordPress is a multi-million dollar corporation, but many of the plugin developers are non-profit or do their work for free. Hackers can attack these small corporations and still gain the same level of access to WordPress sites that they would have gotten if they compromised WordPress outright, but at a fraction of the effort.
— WordPress Engineer (@WP_Engineer) October 25, 2017
To use another example, this can also be observed in the recent hacking of CCleaner, one of the worlds most popular data clearing software programs. Over a period of 3-4 weeks earlier this summer, CCleaner was compromised allowing 3rd parties (hackers) to install Malware on the computers of anyone whom updated or installed the program over that time period. While there was no one computer or target in mind, major tech corporations ended up being compromised by the hack, because many large corporations use CCleaner on a regular basis. This event shows how multi-billion dollar tech corporations could be hacked through a free software program they occasionally use.
Again, it is extremely hard to compromise a multi-billion dollar corporation itself, much easier to hack a free software program to gain the same level of access. So this is exactly what hackers have begun to do.
— Fraud.net (@Frauddotnet) October 7, 2017
At least for now it appears as though this recent “trend” within the hacking world is here to stay for the long run. Looking at the situation independently from the outside, while this is an extremely clever “tactic” to observe, it is also extremely troubling at the same time. For example, there are literally hundreds of thousands of people whom have security clearance to classified documents within the United States Government. No one is safe anymore and even the worlds biggest and most powerful people/corporations/Governments can be brought down by one random employee. In terms of hacking and data security, the old saying certainly holds true; you are only as strong as your weakest link.
This article “The Modern Evolution of Hacking” is free and open source, published under a Legacy Publishers License
Categories: Hacking News