Our network was hacked — now what?
By Paul Russell, AdvocateDaily.com Contributor
“We need to get to the scene before any potential evidence is destroyed,” he tells AdvocateDaily.com.
“If we get there after the IT guys try to reset and reinstall everything, we will not be working with good crime scene evidence, and that limits our ability to find answers.”
Hatch says hacking can start with a simple phishing email, that appears to be from someone the receiver knows, or an institution that person trusts, urging them to click on a link.
“It’s basically a numbers game,” he says. “Once the hacker finds someone willing to click on the link, the bad guy could have access to the front line of your network.”
Once inside, Hatch says the hacker scans the network, looking for vulnerability.
“This is where they can do real damage,” he says. “They can either exfiltrate data from your network and sell it on the nefarious places of the internet, or encrypt your network and shut it down.”
The firm will be contacted and told it has to pay a ransom for a “key” to unlock the encryption, Hatch says, with the payment requested in an untraceable cryptocurrency, such as Bitcoin.
“It’s a very locked-down, sophisticated game once they have you,” he says. “It puts you in a very bad situation — they know it, and you know it.”
Paradoxically, successful hackers are typically “honest criminals,” Hatch says, who almost always provide the key to unlock the system once the money is paid.
“That encourages people to pay the ransom,” he says.
Hatch says insurance agents have told him that they will pay a ransom if it is more cost-effective than rebuilding the client’s IT network from the ground up.
“It’s a tricky game,” he says, “and it’s nearly impossible to track down who is doing it.”
Big firms were once the primary target of hackers, but Hatch says cybercriminals are now turning their attention to small and medium-sized enterprises.
“Many small businesses don’t have the budgets to prevent attacks,” he says.
“When their network is taken over, they panic, as they can’t take or fulfil orders, or email their customers,” he says. “They often will pay anything to get the key.”
Hatch says when it comes to cybersecurity, prevention — for both companies and individuals — is critical.
The most readily available security measure is two-factor authentication, he says, which involves having a code sent to a cellphone number, that must be entered before account access is allowed.
“It will set you back by about three seconds from getting into your account,” Hatch says, “but it is well worth it. I’ve seen people lose their entire iCloud account because they didn’t have two-factor authorization set up.”
Firms or individuals that think they were hacked, but aren’t sure, should call a cyber forensics firm, Hatch says.
“Most people in this industry love to help others out, and educate them on cybersecurity practices,” he says. “If I can solve the issue in a free half-hour phone call, and perhaps gain a future client, that’s great.”
Hatch can also help them determine if their computer really was hacked.
He gives the example of people who receive a message anonymously, telling them: “You have been viewing adult material, and you have been recorded on your webcam, pleasuring yourself.” A payment is then requested to not send the video to all of the victim's contacts.
“Some people, especially prominent people, freak out when they get this message,” Hatch says. “They are not sure if it is real.”
By checking the date and time stamps in the electronic log built into the computer, Hatch says he can pretty much tell when the webcam was last used.
If that doesn’t align with the information given in the threatening message, “We know the chances are slim they have a compromising video of you,” he says.
“So you don’t need to resign your high-profile position or throw yourself on the sword,” he adds.
Since cybercriminals prey on human emotion and fear, “In a five-minute telephone call, I can alleviate your concerns,” he says.