Information banditry
I think everyone knows that information technologies have penetrated our lives seriously and we need to think for a long time. Almost in every small company there is an accounting computer, and in almost every medium there is a permanent Internet, and the protection is very often almost zero. The usual hacking of the site, espionage for competitors, using anyone as a zombie will not surprise anyone (and for ordinary companies this is not very critical). But now there was a crisis and many experts were out of work. And there may appear (if not already appeared) a completely new danger to such firms.
Under the cut my personal reflections
Perhaps now it is worth a little to examine the specifics of servicing computers in Russia, in small and medium-sized firms (especially those with Soviet bosses, and computers for their black box). Most of the directors of such firms do not take themselves into the staff of system administrators, arguing that in order to protect 1–16 computers, it makes no sense to pay a certain amount of money (“Peter Vasilyevich’s nephew will install everything, I saw his computer”). Hence, most often installed systems with default settings, installation of unnecessary and sometimes dangerous programs (oh, oh, what a secretary can set for himself with boredom can only be guessed), not installing updates in time, etc. etc. All this leads to the fact that the security policy is either in an embryonic state (“Do not tell the password to other uncles”) or is absent as a class.
Now let's move on to the topic itself - it would seem that in such a situation the hacker has nothing to look at in this company for himself. They do not have a website, they do not store credit card numbers on the computer (if they use them), and the probability of finding potential competitors that can sell the information of this company is close to zero. And this may give rise to a new phenomenon “information banditry” (my personal name, do not hit hard :)). Now let's take a closer look at all aspects of this phenomenon.
Firstly, the usual hacking of the system takes place, and in this case everything goes much easier - experienced firms rarely sit in such companies and methods of social engineering, which have been considered many times (via ICQ or via e-mail, under the guise of a price list or a tax inspection decree) hold the trojan on the victim's computer. True, in this case, the trojan should perform slightly non-standard backup functions. Let me explain, this program performs a search on the disk for certain extensions (* .doc and * .xls for MSOffice and / or 1C base, for example), then send it to where the cracker wanted (you can really create compression modules in the Trojan before that) for example). And after all, delete the files on the victim computer, and delete through any of the algorithms for full erasing when it is impossible to recover files.
Well, and after all this, without too delaying the moment, so that the first shock did not pass, to call this company and it is proposed to restore the information for a not very high price. With Russian laws and relative caution, a cracker will be very difficult for him to “sew” the case, because he hasn’t found a disk with documents somewhere in file-sharing networks and provides voluntary assistance to the company is very difficult. It should also be noted that the loss of documents (with client bases or accounting the day before tax reporting and ... continue the list themselves) is usually a very unpleasant thing and if you cannot restore them from any backup copies, you will have to pay money. Also, if criminal circles come out on this path, then we can expect a repeat of the 90s racketeering, only in the information field.
PS: All of the above is paranoid delusions.
')
PPS: How does the Habrasoobschestvo think this is real, and not in isolated cases, but put on stream?
Under the cut my personal reflections
Perhaps now it is worth a little to examine the specifics of servicing computers in Russia, in small and medium-sized firms (especially those with Soviet bosses, and computers for their black box). Most of the directors of such firms do not take themselves into the staff of system administrators, arguing that in order to protect 1–16 computers, it makes no sense to pay a certain amount of money (“Peter Vasilyevich’s nephew will install everything, I saw his computer”). Hence, most often installed systems with default settings, installation of unnecessary and sometimes dangerous programs (oh, oh, what a secretary can set for himself with boredom can only be guessed), not installing updates in time, etc. etc. All this leads to the fact that the security policy is either in an embryonic state (“Do not tell the password to other uncles”) or is absent as a class.
Now let's move on to the topic itself - it would seem that in such a situation the hacker has nothing to look at in this company for himself. They do not have a website, they do not store credit card numbers on the computer (if they use them), and the probability of finding potential competitors that can sell the information of this company is close to zero. And this may give rise to a new phenomenon “information banditry” (my personal name, do not hit hard :)). Now let's take a closer look at all aspects of this phenomenon.
Firstly, the usual hacking of the system takes place, and in this case everything goes much easier - experienced firms rarely sit in such companies and methods of social engineering, which have been considered many times (via ICQ or via e-mail, under the guise of a price list or a tax inspection decree) hold the trojan on the victim's computer. True, in this case, the trojan should perform slightly non-standard backup functions. Let me explain, this program performs a search on the disk for certain extensions (* .doc and * .xls for MSOffice and / or 1C base, for example), then send it to where the cracker wanted (you can really create compression modules in the Trojan before that) for example). And after all, delete the files on the victim computer, and delete through any of the algorithms for full erasing when it is impossible to recover files.
Well, and after all this, without too delaying the moment, so that the first shock did not pass, to call this company and it is proposed to restore the information for a not very high price. With Russian laws and relative caution, a cracker will be very difficult for him to “sew” the case, because he hasn’t found a disk with documents somewhere in file-sharing networks and provides voluntary assistance to the company is very difficult. It should also be noted that the loss of documents (with client bases or accounting the day before tax reporting and ... continue the list themselves) is usually a very unpleasant thing and if you cannot restore them from any backup copies, you will have to pay money. Also, if criminal circles come out on this path, then we can expect a repeat of the 90s racketeering, only in the information field.
PS: All of the above is paranoid delusions.
')
PPS: How does the Habrasoobschestvo think this is real, and not in isolated cases, but put on stream?
Source: https://habr.com/ru/post/52100/
All Articles