Neerja Singh
A hacker university is selling cybercrime courses designed to hack for profit and commit fraud. Known by the name HackTown, it prepares and equips professional cybercriminals. It promises the knowledge and skills needed to hack an individual or company successfully. Little or no coding experience is required of the applicants.
The rise of this university carries the rapid professionalization of cybercriminal organizations one step further. It also demonstrates that just as in the field of cybersecurity, there are skills gap that are being sought to fill up by cybercrime leaders. This presents a threat to careers in legitimate cybersecurity.
HackTown begins by offering a few free courses that cover everything from operational security to network attacks, Wi-Fi hacking and carding. It then opens the lid on further training for a fee. These range from skills for accessing router admin panels, discovering targets inside a compromised network, brute force attacks, man-in-the-middle attacks and so on.
The university holds out the promise of fast tracking the trainee’s cybercriminal hacker career. An excellent staff, support and assistance for course progression are offered. HackTown ensures the students will be able to use their new-found skills to deploy ransomware and remote access trojans (RATs) for personal profit. A resource shop is being developed moreover for sale of malware, keyloggers, and password stealers needed as tools of their trade.
It ought to surprise and shock that there is an underground cybercrime training and recruitment push. Reason says otherwise. The initiatives are simply mirroring the drive of the security community to provide greater access to cyber careers. It ought not to happen though, that cybercrime becomes more appealing and within reach. In floundering economies, there is a real danger of cybercrime winning over a career in legitimate cybersecurity.
Young adults and teenagers are a target market for hacker universities. The idea is to have them become part of cybercrime activities in the roles of money mules and social engineering calls. Those tempted need to be aware of the motivations of the cybercriminals who by nature would like to maximize their success while minimizing their exposure. These universities would appear easy grounds to recruit pawns who can take the fall for them.
Just as the global universities began to teach remotely, the cybercriminals jumped on, their task made easier with straightforward payment systems and content access such as exploits and proof of concept code. YouTube is crawling with beginner level hacker information anyway, all that is needed is a pair of young, restless and idle hands on the keyboard. And even though, this is a game of earning mailbox money and advertising malware and tools, the threat of destruction is real. Several database breaches have been the result of user-friendly tooling and online guides to means of identifying vulnerabilities.
At this time, the modern cybercrime industry is ahead in organizational efficiency. The reason? Unlike cyber start-ups that keep receiving venture funding even when losing money, the cybercriminals do not have the luxury of making mistakes. But what precisely is ethical hacking? It is an authorized attempt to gain unauthorized access to a computer system, an application, or data. An ethical hack duplicates the ways and means of malicious attackers. It is an anticipatory practice to identify security vulnerabilities that can be resolved before being exploited.
The ethical hackers, also known as “white hats” carry out assessments that are diametrically opposed to those carried out by the malicious hackers. They stay legal, respect the approved boundaries, report the vulnerabilities along with remedial advice and are committed to non-disclosure. In contrast to the cybercriminals, ethical hackers use their expertise to secure and improve organizational technology. Their service is essential to preventing security breaches. Malicious hackers on the other hand, will deface websites, crash backend servers, cause damage to reputation and financial loss.
Some of the most common vulnerabilities ethical hackers find are injection attacks, broken authentication, security misconfigurations, sensitive data exposure and use of components with known vulnerabilities. There are limitations to ethical hacking however. The scope, resource constraints of time, computing power, budget and denial of test cases that can lead to server crash hold back the White Hats many a time.
The new wave of cyberattackers from Generation Z (born 1996 to 2012) are concentrating on Discord, the gaming chat service. They work behind the scenes to both infiltrate organizations as well as prevent others from doing it. These hackers are younger, their access to resources is more which makes them far more formidable than those gone before. Social media platforms such as Discord and Telegram are the stealth hotbed for them through which they can spread extremely sophisticated ransomware and malware with little chance of being caught.
Cybersecurity and a seamless protection have become critical in the hyper-distributed era of work-from-home where everyone is distanced, mobile and unsecure. The exposure points are too many given the cloud-enabled workforces.
What can the regular folks do to protect themselves? The oldest and simplest computer fix to keep hackers off track is to turn a device off and then back on again. Phones have become digital souls for users. They are always within reach; they are rarely turned off and they hold huge stores of personal and sensitive data. It is little wonder therefore that they are top targets for hackers looking to steal text messages, contacts, photos, locations. At a time of widespread digital insecurity, rebooting phones will not stop the cybercriminals completely but will make them work harder. It imposes cost on the malicious mischief-makers. For this reason, it is recommended that the phone be rebooted every week.
This advice stems from the rise of a new technology hackers use today to break into mobile devices. Called the “zero-click” exploits, they do not need the user to open any shady link that is secretly infected. Once access is gained, the hacker will instal malicious software to a computer’s root file system so as to be able to stick around. Fortunately for the uninitiated and hapless users, phone manufacturers such as Apple and Google protect their core operating system with strong malware resistant security protocols.
But technology is an ongoing race. It is a matter of time before Hacker University’s students graduate from hacking systems to hacking people, then the planet.
The author is a former teacher/journalist, published author and professional speaker on generational diversity with a background and training in media, having worked in advertising, public relations, documentary film making, and feature journalism. She can be reached at
neerja@neerjasingh.com and https://neerjasingh.com.