Faye Morton, Marketing Copywriter at Proact UK
Most of us know about the misadventures of Jack Skellington, Halloweentown’s beloved Pumpkin King. But what would happen if Jack lived in today’s world, a place where some of our biggest fears stem from our reliance on technology? Instead of fearing dastardly ghosts and ghouls, we now panic about stolen credentials, data leaks and a lack of WiFi signal. Let’s take a look.
The story we all know and love starts because Jack becomes bored of his annual routine of frightening people on Halloween. He seeks a new lease of life and his interest sparks when he accidentally stumbles upon the bright colours and warm spirits of Christmastown. To leverage his existing fear-mongering skills, he plots to bring Christmas under his control by kidnapping the King of Christmas himself, Santa Claus.
Now let’s flip this scenario. Jack works at sizeable law firm in a role which involves testing internet infrastructures to research loopholes in systems. He creates algorithms and performs multiple methodologies to break into environments, only to strengthen them. Basically he’s a white hat hacker – an ethical security expert that specialises in penetration testing.
During his lunch hour on a very average Wednesday, Jack skims through news sites and reads about the latest cyber-attacks. As always, he sniggers slightly as he learns about the vulnerabilities that have been exploited. They’re obvious weaknesses to a pro like Jack.
He then looks down at his phone and opens his online banking app. The outcome is bleak. His bills have come out and he’s left with very little money to do anything fun or exciting. Peering up at his computer screen he sees that the hacker in the latest news story sold data on the dark web for millions. Yes, millions. Jack then has the ever-so-common daydream about what he’d do with that money. Houses, holidays…
Money, money, money
Then it struck him. The guy that stole this personal information in the news is no more skilled than he is. And he isn’t living pay check to pay check in a 9 – 5 job. The possibilities.
Jack Skellington leaves work that day with more energy than usual. He has a spring in his step because he has a plan, a plan to make a quick buck through some simple online trickery. Just the thought of beating the system is making Jack excited.
Like in the film, Jack thinks he’ll gain satisfaction out of spreading mayhem (albeit in very different circumstances), but that isn’t quite what occurred…
In his first act as a black hat hacker – criminals who want to break into computer networks with malicious intent – Jack intends to steal databases from a rival law firm. He does a bit of research and sees that they are looking to employ a security consultant. This screams to Jack that security is on the firm’s agenda, but they aren’t quite there yet.
As he approaches their systems, little does Jack know that the organisation doesn’t have significant security resource in-house, but they do have a partner monitoring their environment 24/7.
Phishing, reconnaissance & password spraying
Jack knows how successful phishing can be so sends some users phishing emails. He sets up a fake log-in page and hopes that some users give away their credentials. No success. The company has a mechanism in place that highlights suspicious emails to their managed security service provider (MSSP). The partner then investigates and removes them.
Undeterred by his initial misfortune, Jack tries some reconnaissance and scans the company’s websites and firewalls. He aims to find a vulnerability that hasn’t been patched yet that lets him in. Again, no success. The MSSP also completes vulnerability scans on their behalf.
Now frustrated, Jack tries a brute force password spraying attack. This is easily spotted by the MSSP, too. Consequently, the proverbial shutters come slamming down.
Not only is Jack locked out, but he feels worse than he did before. Maybe his comfy white hat hacker life wasn’t so bad after all?
In the film, Jack is shot down while delivering his Halloween brand of Christmas, and his failure makes him realise that he’s made a horrible mistake. In my cyber age edition of the tale, Jack also sees the error of his ways and promises to never commit such actions again (it is a Christmas story after all).
Moral of the story
There’ll always be opportunistic hackers with malicious intent out there – they may act alone or might be part of powerful groups. Either way, you need to make sure that you have a security strategy in place which helps to protect your data round-the-clock. The law firm in this example leverages the skills of an external security partner/MSSP to aid their security efforts, beyond the 9 – 5 hours of the internal IT team.
Proact can do just this. Read more about our managed security services here.