Access to new technology has produced a variety of different individuals and groups that set out to change entire industries and thus the emergence of “Underground Hacker Communities” have soared to the forefront making people more susceptible than ever to identity thief. “If someone were to “Google” themselves he or she would be surprised at how much publicly available information there is about themselves,” said Michael Good Founder and CEO of IT New York.
Good, a 22-year old serial entrepreneur and former teen hacker, has some interesting takes on why businesses and individuals are so vulnerable and capable of being hacked and therefore identities stolen especially during the busy holiday rush season. He took a few moments to talk about the perception of the term “Hacker”, educating the general public on the need to protect themselves against online fraud, and what scared him straight and caused him to leaving hacking for a career as an IT professional.
I. What was the driving force behind you stepping away from hacking into the IT profession?
First, I was afraid of getting in serious trouble. When the police notified me that I was violating several laws by downloading and sharing databases of websites and also installing backdoor Trojan viruses on my enemies, I realized that I needed to make a change.
My parents and the police told me that my skills could be used for good; that I could actually make money hacking into companies who need to test the vulnerabilities of their systems. So, from that day onward, I decided to be what people in underground hacker communities call a “Grey Hat Hacker.” The term Grey Hat Hacker refers to a skilled hacker whose activities fall somewhere between hackers who have never done anything illegal (White Hat Hackers) and cyber criminals (Black Hat Hackers). The term Grey Hat is more vague because Grey Hat Hackers have the skills to do what Black Hat Hackers do, stay active in the underground communities, and sometimes do things that are in a legal grey zone to obtain information for a client.
II. The words “hack” and hacker” have a bad connotation connected to them. In recent times, I’ve come to know that the words aren’t always related to bad behavior within computer systems. Describe the difference between “good” and “bad” hacking.
In recent years, the term “hack” has taken on a new meaning. For instance, there are several events called “Hackathons” now that last typically between one day and a week. A programmer in a hackathon is usually collaborating with designers and project managers to collaborate intensively on a software project. The term hack is used in a playful, exploratory way, meaning that the members of the hackathon are just exploring new territory.
Even the word hack refers to playful exploration of software or hardware now, and may refer to an innovation. Having a new hack for an iPhone may refer to a new set of icons, improved Siri, etc. The term hack is now more referred to as an innovation of some sort than a cyber attack.
Bad hacking is what Black Hat Hackers do. These types of hackers are looking to steal sensitive data from databases, email scams, botnet, sniffers, etc. These are the hackers that want to steal your money or sell your info to other people so they can rob you.
III. You’ve put an emphasis on educating tech users (cell phone, laptop and computer owners) the importance of phishing, especially during the holiday season. What is it that you’ve seen about the holiday season that makes consumers more susceptible to identity theft and other crimes involving online fraud?
People spend more money during the holiday season than any other season, due to the religious holidays that people practice. Also, there is New Year’s, a time when people celebrate their past year and the year to come. People spend money on making a change to their usual regiment when making New Year’s resolutions.
Cyber criminals are aware that people spend more money during the holiday season, too. They know that people spend more time shopping online and may not be as diligent in checking their credit card information during this hectic time of year. So, hackers like to monitor your Internet activity with keyloggers (something that tracks every word you type), phishing scams (fake emails trying to get you to type in your login information), and/or by compromising the websites you visit. You can’t defend yourself 100% of identity theft, but you can be proactive in mitigating the damage by monitoring your credit card and bank statements.
IV. MTV’s “Catfish” is a show that has caught the attention of pop culture. While it is entertaining, it highlights a need for consumers to be more aware of online fraud. What more can the general public and media do to get the word out about fraud awareness?
Facebook is the most effective platform for a cyber criminal use for catfishing, due to how much information is available about users on Facebook.
These 7 tips will help you identify “catfishers”:
1) How many photos does the user have? If they don’t have more than one or two, then that’s suspicious.
2) Look at their recent wall posts. If you see people asking, “Thanks for the add….Do I know you?” and the posts remains unanswered, it is probably a fake profile.
3) Check the person’s friends list. How many friends do they have? The average Facebook user has about 130. If they have very few friends, like 20-30, then that is an indicator that the profile could be fake. And, Are their friends global or local? The more local the friend, the more likely the person is to be real. The more global their friendship lists, with very few or no local friends, start getting suspicious.
4) Are all the friends on the person’s profile one gender? If all the person’s friends are male or all female, then the person could be trying to lure potential romantic partners online.
5) Download one of the pictures of the person you think may have a Catfish profile. Go to google.com/images and click the image icon. Upload the picture. Google will then search to see if this image is unique or an image of someone else. This is a surefire way to see if someone is Catfishing.
6) Be really cautious of declarations of love and romance. If someone you have never met feels passionate about you, be very, very careful.
7) Google the person’s name and any other information you have on them to see what results you find. This could include their email address, physical address/location (along with their name), telephone number, etc. if they provide that information on their profile.
V. Unbeknown to many, there are very structured and organized underground hacker communities. How dangerous are these communities to our lives?
Some of them are very dangerous, while others are only mildly dangerous. The mildly dangerous ones are communities that share techniques on hacking, phishing, and other forms of electronic criminal activity, but never let users share databases of websites or other illegal information. So, by definition, these communities that don’t let users share illegal information, like the social security numbers of people, aren’t violating any laws.
However, other underground hacker communities are extremely dangerous to people, yet I bet 99% of the population aren’t aware of how dangerous they are. Individuals in these more extreme underground hacking communities build reputation by sharing databases they’ve acquired through hacks that may include social security numbers, email addresses and passwords, and where users’ live. Sometimes hackers will even post all the messages a user has sent on a website. I’ve seen that happen with countless forums, in fact.
VI. Besides educating the public on being aware of online fraud, what is the main focus of IT New York?
In response to the increasing need for remote IT solutions, the company developed its reputable team of programmers, cyber security experts, and digital marketing professionals. IT New York provides services to a broad spectrum of customers and organizations within diverse industry sectors, including venture capital firms, law firms, fashion and manufacturing companies, and technology and communication companies. Our specialty is security, because we enjoy it the most, but we also provide programming, and digital marketing. We just started offering a new service similar to LifeLock, but for companies.
Your network and data is at risk of being compromised, whether you are a multinational corporation or a small business. Malicious attacks can come from outside hackers or resentful employees, and they can be devastating. The number of daily attacks is growing exponentially. Inspect your security strategies to guarantee protection for all systems that can be accessed by entrusted sources, such as email, websites, databases, systems and networks.
We offer 3 points of protection:
Our information security experts perform routine penetration testing to ensure your security. We employ advanced and proprietary tactics to test your infrastructure from the latest attack trajectories, helping your organization prevent becoming another statistic. Our distinctive methods find vulnerabilities others do not.
Scanning For Threats
Not only do we monitor your personal data within our extensive network of credit and non-credit applications and address changes, but we search known criminal websites that share or sell personal information.
We review each attempt to misuse an identity, and proactively contact you anytime we detect a threat. We alert you by e-mail. phone or text message immediately. Once we inform you of the threat, we figure out the root of the cause.
VII. In my observations, teens are more likely to learn hacking on their own. With that being said, initially, teens seem to be more likely to get in trouble for hacking than using it for good. You have some who’ve turned the corner and turned it into good, as you have. What can the school systems do to engage teens so that we can have more of them engaged positively with the hacking phenomenon?
Students need to be taught computer programming starting in elementary school. Considering Moore’s law, that states that computing power will essentially double every two years, it is imperative that students learn as much about computers as soon as possible, regardless of what field they are going in to because computers hold the framework for every company and organization and will be used by everyone.
Websites like CodeAcademy.com, www.universityofreddit.com, and coursera.com are teaching students programming for free. There are also tons of documentation on how to program in PHP, MySQL, Ruby on Rails, etc. if you Google it. We are currently in a time where we are not bound by the limits of our resources, but bound by the amount of time we spend working. I’m positive any intelligent, hardworking student who spent his or her time on the aforementioned websites and Googled anything he or she wasn’t sure can learn programming just as well as if he or she attended a top university.