A tycoon businessman, Mr. Sanjay was having a two-minute conversation with the kidnappers regarding the ransom and location to rescue his son, a 5th-grade student – Raghav. Mr.Sanjay wondered how the kidnappers got the new family code. The family code changes every month and kept secret within the close aides. He suspects the inside job. He conducts a meeting with his security group, “WHITEHAT” to proceed with the investigation.
Nobody turned up to pick up Raghav from the school for nearly 20 minutes. A stranger approached him and said that his mother has sent to pick him. Raghav asked the stranger for a family code. The stranger responded in a soft-spoken tone, “The ice cream was white yesterday and today it is pink. Tomorrow it will be green”. The secret family code was correct and Raghav followed him to the car. The stranger blindfolded Raghav and took him to a hideout.
There are a couple of members in the gang. The lead of the gang is the “BLACKHAT”. He was the most wanted criminal in the state. He has hired other gang members for this operation.
The stranger who kidnapped the boy was the middle person. He was not very much recognized in any records. He does the middle job whether good or bad intentions for any well-known gangs like the Blackhat for his personal gain. The blackhat hired him to research the security gaps to avoid any faults in this plan and report the same. He is the “GREYHAT”.
One of the members is a woman. They call her “GREENHAT”. She is an amateur and is eager to learn and have full experience in the future. The gang decided to hire a newbie to avoid a shortfall of one person. She is inspired and wishsed to work with the Blackhat passionately. She prefers to learn new tricks, unlike any plagiarist gang.
After an hour, the Blackhat went to the location to collect the ransom. There was a new twist. The operation was foiled by the rival gang. The rival gang leader is a very ruthless person with an eagle eye. He is called “REDHAT” who was after the Blackhat for years only to ruin their operations every time in their own way. Redhat researched every movement of Blackhat even before the kidnapping plan. The Redhat’s team also rescued Raghav from the hideout.
It was revealed that the operation was funded by the Bluehat who thus was the ex-business partner of Mr.Sanjay. He was fired from the business for fraudulent attempts. The Bluehat revealed that the family butler was the insider job who leaked the family code to the Greyhat for an unknown price. All the kidnappers and the ex-business partner were arrested except the family butler.
The LESSON LEARNED
Truth to be told, the family butler was part of the other operation as the bait (Honeypot trap) for the kidnappers. The operation was the master plan by the WHITEHAT Security group, who in turn also hired the Redhat team to foil the Blackhat’s plan in case the family code is leaked out. The lesson learned is the new mitigation plan to avoid any outside or staff except parents to pick Raghav. The operation BLACKHAT was successful with new lesson learned.
There are different types of hackers in the cyber-security. Their characteristics, traits and targets are similar to s the characters of the kidnappers in the analogical story. The types of hackers are the following: BLACK-HAT (Bad-guy), WHITE-HAT (Good Guys), GREY-HAT (middle person), RED-HAT (Vigilante) , GREEN-HAT (Novice), BLUE-HAT (Vengeance), and SCRIPT KIDDIES (Plagiarist).
Reel Vs Real life
In reel life of “Live free or die hard”, Bruce wills, the cop works with WhiteHat Hackers and hires a nerd kid (Red-Hat hacker) to save the country from the black hat hackers trying to blow something up remotely through the internet.
In real life, you all know about the founder of Wikileaks, Julian Assange – the top-most BLACK HAT HACKER
A person for life or lesson for life?
Raghav trusting a stranger with the correct password, was an example of PHISHING. PHISHING is the cyber crime that lures the individuals into providing sensitive data. It is very important to be very cautious with personal information including usernames and passwords. Everyone need to protect the personal information like a own child to avoid the PHISHING attack.
Risk never sleeps
Risk never sleeps. We cannot afford to ignore the slightest smell. Everyone should foresee the identified risk and report it. If you fail to invest in risk management, it can become a soft target for all the hackers. Everyone needs the practice of identifying potential risks in advance, analyzing them, and taking precautionary steps to reduce/curb the risk.
Here is the blog about why risk never sleeps. https://blogs.perficient.com/2019/03/12/risks-never-sleep/
Everyone should report the detailed list of any deficiencies and prioritized based on its threats. We need to develop , implement and monitor to assess the effectiveness of the action plan frequently and ensure that the lessons are learned and upgraded every time. If the lessons are not learned, then the hackers will leave a mark on your hat.