When they call David Conde urgently, bad. Typically, the call comes from a company, large or small, whose systems have just been invaded by hackers and are on the brink of collapse. He knows what he’s going to find because he’s seen it many times, he says: the company is paralyzed, the IT security manager is overwhelmed, the bosses are overwhelmed, the employees are confused, and everyone is calling each other, wondering what’s going on, how to get on. fix this. The criminals, who generally entered the bowels of the company days ago, have calmly walked through the data banks of the company and its employees, have tied up the computer system and have obtained all the access codes. and with the home addresses and mobile phones of those who wanted to. They are now ready to unleash chaos at the touch of a key. “When they are bored or already have what they were looking for, they encrypt everything (encrypt and block the system) and send a note informing them of what they want.” The note is in English and in very correct terms and after conventional – and somewhat ironic – headings such as “Dear friend”, “Hello friends” or “Hello dear”, they ask for money in exchange for not making those data public and returning the system command. “That’s when the company calls us, desperate,” says Conde.
Conde, 40, is head of operations at the cybersecurity company S21Sec, part of the Thales group. He has been in this position for seven years, but he has been glued to a computer all his life. He is aware of the growing wave of cyber attacks that is sweeping the world and that, in his opinion, is not going to stop. The global sum of all this business is equivalent to the third economy on the planet. And Spain is no exception. The recent assaults on Banco de Santander, Telefónica, Iberdrola or the DGT are just an example.
Conde usually responds to the SOS call with a team of three people, all computer experts, armed with equipment equipped with barriers and special structures immune to the virus that corrodes the company they are going to clean. It is not uncommon for them to work seven days in a row in the same place, at an average of 15-17 hours a day in a fight against time. Conde advises not to negotiate and not to pay. “First because it is a crime; Second, because nothing guarantees that once you have the money, others will return the data,” he says.
He says that some time ago a small Spanish industrial company was the victim of a cyber attack orchestrated from India. They had entered through the credentials (username and password) of an employee who, months ago, had responded to a massive fraudulent email from the so-called phishing (fishing in English). It was a random email sent to nearly a million users around the world and was stung by this inadvertent employee. The credentials ended up in the hands of someone who, for seven dollars, sold them in the dark web (the territory of the internet not accessible to conventional search engines). They were acquired by the group that operated in India.
“Maybe they were Russian, who knows, but what we do know is that they operated from India,” recalls Conde. Using the employee’s credentials as a key, the hackers took over his computer and with him as leverage, they escalated until the company’s entire operating system was rendered useless. They asked for 200,000 euros to bring the computers back to life and not make public all the data they had in their possession. “They gave an account number in the United Kingdom and the company deposited the money there. They disappeared, the money disappeared and we then had to get to work to recover the system from scratch because the criminals did not return anything,” recalls Conde.
This expert has fought against cyberattacks on hotels in which the reservation center is blocked and employees do not know who has booked and who has not, rendering everything useless; or against television channels in which, suddenly, a note appears on the screen saying that nothing is being broadcast due to technical problems; or against hospitals in which, in addition to obtaining the data and medical records of patients, cyber-thieves dismantle the entire network of appointments, destroying the immense agenda of the medical center. Sometimes he has to cancel the simple robbery attempt of a 16-year-old boy who tries to take over the computer system of a small company from his living room and ask for 5,000 euros in ransom; But other times, he says, he has dealt with hundreds of hackers-coordinated spies attacking at the same time a company that manufactured an engine part that will fit in a United States fighter and that they acted, as he believes, under the supervision of the Chinese Government.
To restore a damaged computer system, what Conde’s team typically does is go back through the company’s network until it rebuilds the system to a date before the attack. What technicians call a backup. And from there they try to expel the invader. That is why it is vital to act quickly. And, according to Conde, it is advisable to prevent and have a response prepared for a cyber attack. “Because this one will come, sooner or later,” he adds.
There are cyber gangs that break into a company, enter, steal and then, instead of asking for a ransom, they sell access to another cyber gang so that these seconds are the ones in charge of the blackmail. As if they left the door open for them. The former take the data and sell it on the black market on the web. The latter will deal with extortion. Other groups serve as mediators between the attacked company and the attacking hacker gang. The intermediary assures the company that is the victim of blackmail that if it pays it will see its data and system returned without problem and without damage, and the intruding gang promises that the company will pay. All for a percentage from one side to the other.
In an accelerated and changing world such as that of cutting-edge technology, Conde also comes across, from time to time, a technical innovation, a new trick or a new way of violating a security barrier. Months ago he discovered that there are hackers capable from India of violating an American mobile phone to which the owner accessed with a username and password and, in addition, a particular code. Other times, his job is to become a digital Sherlock Holmes: a retail company realized long ago that in all the offers he planned to make, it was ahead of the competition in a matter of days. He suspected that it housed a spy inside who was passing information. But he had no idea who he could be. And he hired Conde so that, by scrutinizing the company’s computer data, he would discover who the traitor was. And he did it.
Sometimes everything becomes very disturbing: one night when Conde was working from home defusing an attack on a client, he noticed that his computer suddenly slowed down. He soon discovered, with some astonishment, that the Russian gang that he was trying to block by short-circuiting his access to the data of the company that had hired him had in turn entered his own computer and was trying to block him from accessing it. he. The mouse was suddenly chasing the cat. Knowing that the Russians were good and that they could beat him at least that night, Conde reacted quickly: he isolated the computer and reset all the devices in his house that could have been invaded: the modem, the rest of the computers and the television. Then he thought about the refrigerator, a typical normal refrigerator of those that have sensors and digits to report the temperature, a technological minutiae of an operating system. But that was enough for the Russians to enter and attack the rest of the domestic network later, perhaps months later. Only when he reset the refrigerator did he go to sleep.
Follow all the information Economy and Business in Facebook and xor in our weekly newsletter
Subscribe to continue reading
Read without limits
_
#Dear #friend #hacked #company #cyber #gangs #work