Lessons from the Dark Side: What Entrepreneurs Can Learn from Hackers
On the dark side of the World Wide Web resides a hidden economy with a global impact of more than $500 billion and still growing, the economy of cybercrime. Cybercrime is a major problem we face in our digital society. Nevertheless, we need to admit one thing: the hackers are extremely successful. They must be doing something right.
During my Masters studies in computer security, my professor wanted us to “join the dark side” and gave us the assignment to obtain a protected asset from the university. I had to be a cybercriminal for a day. In my daytime job as a cybersecurity consultant, I continuously benefit from one particular lesson learnt from this assignment: to truly be effective, you need to position yourself in the shoes of your target group.
A Trip to the Dark Side
Over the first couple of days after receiving the task, a friend and I started with carefully observing the researcher whose asset we needed to obtain—a file on his laptop. This meant spending hours lurking around in the building, until we physically felt sick from all the coffee we had been drinking in the breakroom next to the researcher’s lab. Simply sneaking into the office where the laptop was safely stored in his desk was not going to work, so we had to come up with another plan.
We agreed that entering the office unseen would be most convenient at night. As the building was only accessible with special keycards, our social engineering skills were put to the test. With great attention for detail, we drafted a phishing email to convince the building manager that there was a security issue with the spare key cards. A student would drop by to take them for an update. The email faked the address of the security office, making it almost indistinguishable from genuine.
Our efforts proved to be valuable. When I dropped by later that day and mentioned I came to collect the spares for an update, the building manager happily handed them over. I even had him sign a mock work order.
That evening, we went over to the labs with the spare security badges. However, when we held them against the scanner nothing happened, as the office turned out to be in a different security zone than we initially thought. The next day, we borrowed a card reader to examine the RFID signals produced by the card, switched it to send-mode and had it imitate a range of security cards we estimated to be valid. After performing this brute force attack at a rate of a few cards per second, we heard a rewarding click. The doors slid open, and we were in.
Once inside, we found our way to the lab in a heartbeat. For the second time, we had judged our target correctly. The door was locked tightly. Luckily, the university did not equip strong locks. Armed with a pair of paperclips and a YouTube guide on lock-picking, we were able to get in.
Once we cracked open the locked cabinet containing the laptop, the only thing that remained was breaking into it. It was not encrypted, so simply removing the hard disk and attached it as an external drive to a different laptop did the trick. Mission accomplished. We had found the protected information.
The Importance of Understanding Your Target
As we were on our way to hand in our final report, I realized the importance of understanding our targets. If we had not slipped into the mind of the building manager, we would not have had the security badges. If we had not taken care in understanding the researcher, we would not have known where to look.
Fast forward to the present day, I still take a major lesson from my mischievous adventure on campus. To truly be effective, you need to position yourself in the mind of whoever you are trying to reach. In my daytime job, that is thinking like a cybercriminal. As a writer, that is feeling your audience. In business, that means understanding the interests of whoever you are negotiating with.
Entrepreneurship demands passion—and a lot of it. Being deeply passionate about your idea and business may at times let you forget to take a step back and look at things from one of the most crucial perspectives: the one of your clients. While it may be a no-brainer for you what benefits your product or service brings to your clients, they may have a very different view on the world. It is therefore necessary to regularly re-evaluate your added value and approach from their perspective.
Every time I pursue a new venture, I work to step in the shoes of my audience. Who am I trying to reach? What is important to them, their employer, or their business? How can my product or service make their lives easier? Once you know more about them, you can adjust your strategy, marketing or even your product or service to perfectly fit your target group’s actual needs—and make a successful business more likely.
One final thing I learnt from the university assignment is to be adaptable. The easiest or most obvious way is not always the right one to reach your goals. Do not let yourself be limited by push-backs, but be flexible and open to try new angles, even if they may take longer or are not the most comfortable ones.
Entrepreneurship is a permanent state of re-invention—regardless whether you make your money legally or on the dark web.
Interested in reading 99 other stories just like this? Grab The Better Business book here.