Wire shark, Keylogging, phishing, white hat hacking, dark net; all terms most of us are not familiar with. But if you’ve completed the Cyber Security associate degree from Pine Technical and Community College (PTCC), you would not only know these terms but also know how to use them.
Chris Morgan, Cyber Security Instructor, retired from the Air Force after 26 years and began his work at PTCC where he developed the Cyber Security program. Morgan took his experience from the Air Force in programming, web development, network design, and working with classified and unclassified systems to create a program that would teach students to defend the data assets of corporations or work in IT (Information Technology).
As technology advances, so do black hat hackers (hackers with malicious motivations) in their ability to infiltrate networks. In a response to malicious hacking, cyber security students will become ethical hackers and learn white hat hacking skills, skills that will help them protect systems and people.
Lawrence is a current student at PTCC double majoring in network administration and cyber security.
“So far, my favorite class is Network Intrusion,” said Lawrence. “We learn how to break into networks and perform penetration testing on networks. This is called “White Hat hacking” because
everything I find, I will report back to the company and explain their weak and strong points.”
One particular class project of interest for Lawrence involved donating their time to a nonprofit organization in need of network rebuilding. “We helped put in a new router, a new switch and Wi-Fi extenders,” recalled Lawrence.
A recent graduate of the Cyber Security program, Tucker, just landed a sweet job white hat hacking. While finishing the program at PTCC, Tucker interned in the IT department at a local hospital. Because of this internship, his new certification and skills gathered on his own, he was the ideal candidate for a private information security business that consults for hospitals and banks, both primary targets for black hat hacking.
“Part of the interview involved me showing them I could hack into a system,” said Tucker. He was successful and was offered the job which includes a nice salary and benefit package.
While in school, he learned the four reasons for hacking are for profit, prank, terrorism and personal gain. He is about to begin work on his next certification called Offensive Security Certified Professional (OSCP).
“A lot of what I do as an ethical hacker is reporting what network weaknesses I find to a company,” said Tucker. “I do a lot of offense. We are hired to find vulnerabilities within a system to help fix them. We will work for a company and go in and perform many tests. We then advise them on how to better secure their networks so malicious attackers do not target their company. Banks and hospitals generally are the most secure.”
Tucker explained the process in a “non-techy way.” “You work to see how far you can get and keep yourself anonymous through certain methods,” said Tucker. “The first step is reconnaissance (gathering of information), then you scan their networks and find weak points. After the first two steps, we would gain access to the network, maintain access, and clear all tracks like we were never there. All this information is documented and reported to the client so they may fix any vulnerabilities found.”
When in the network, Tucker said he would try to access as many important systems as possible with the intention of gaining administrative access.
This, among several other things that are difficult to explain, is a process that can be used to good or evil. When a black hat hacker hacks a system, they can put in a “back door” to a system disguised as a program that appears normal although it really helps the hacker maintain access to a system.
Black hat hackers can also exploit systems using information they’ve gathered, find a vulnerability and compromise or shutdown a network, move, alter or delete files on a computer, clone a website, access a camera or sound on a computer, and many other malicious activities. What happened at Equifax was an example of black hat hacking.
Tucker said that one common thing black hat hackers do is get access to a system through email by sending the owner of the email address a malicious file. If they click on the file, the hacker is in. For instance, an excel spreadsheet with a malicious code written within it might be sent. When attacking companies, the hacker wants to know how the emails are structured as well as a high level executive email address to perform a spear phishing campaign (sending malicious files to targeted executives).
If the owner of the email doesn’t click on the link or attachment, a black hat hacker might try one of many different social engineering techniques (exploiting people in a company using a variety of media, including phone calls and social media). Black hat hackers will spend weeks to months gathering information and trying techniques as mentioned.
Both Lawrence and Tucker have similar advice for protecting cyber information.
“The easiest way to protect from an attacker in cyber security is to change your passwords every few months and don’t ever make all your passwords the same for every device,” said Lawrence. “You don’t want to make it easy for an attacker to get into your personal stuff. I know it’s hard for people to remember passwords, but it is necessary to protect yourself.”
Tucker had the same advice but said that it’s necessary to use two factor authentication (a two-step verification process where a code is texted to the owner of the account when a new login is attempted) on everything and always have a passcode on your phone. Adding a phone passcode is an easy way to prevent unwanted access to personal information, especially if a phone is lost or stolen.
“This field is just starting to come into its own with all the press in the past few years on security breaches,” added Morgan. “You have to be constantly learning new things to keep up with not only technology, but the hidden threat behind it. The market growth is not going to stop anytime soon.”
“If someone is motivated and looking for a career where you can constantly learn new technology and truly make a difference in a company, then networking and cyber security are for you,” added Morgan.