For the last couple of days, I’ve been at home sick. Here I am all hopped on cold medicine and surfing the seemingly 500+ streaming services I now pay for instead of just having cable because the leaches I live with "need it". Eventually I stumbled across a film that I first saw when I was about 14 or so. Young and impressionable me was so enamored with the movie it most likely shaped my future. That movie is obviously, Hackers.
Is the movie a masterclass in acting, or does it set realistic expectations for cyber defense? Oh, God! not even close...
Why the hell is Penn Jillette wearing dark sunglasses in the “war room”? It’s so dark in there already…
Is the film overall fun to watch? It sure is. Does my current medication regimen have something to do with this feeling of fulfillment? Quite possibly. Regardless of its accuracy Hackers will always have a special place in my heart.
Historically, there has been one thing that Hollywood has done consistently, (I'm sure there has been more than just one thing, but I'm not writing about those things now, am I?) and that one thing is over-sensationalizing hackers. For many people it’s a type of magic, they don’t have to understand what we do, or how we do it. They just know it’s been done. I’ll admit, this gives Hollywood the ability to play fast and loose. Because the layman, doesn’t know better, or care for that matter. It’s theatre. The hacker is always cool looking, probably wearing black, in a far too dark room (see Penn Jillette comment above), sitting behind a myriad of monitors, mysteriously typing maniacally. (now that’s some alliteration there…) Then as the camera zooms on to one of the monitors and you see the words typed out.
From here it’s all over for the titular hero… villain… victim. I don't know who I'm supposed to root for in some of these movies honestly. Regardless, the hacker now has access to their computer and full control over everything within.
Clearly this is myth, right?
Yeah, not so much, well kind of... Is it that easy? no. Can an attacker take full control of a remote system? You betcha.
Among the myriad of threats lurking in the digital ocean we call the internet, Remote Access Trojans (RATs) stand out for their stealth abilities and their potential for damage. A RAT is a type of malware that can allow an attacker to hijack and control a device remotely. All without the user's knowledge, and if done properly, completely undetected.
Imagine this, someone has the keys to your house, they can come and go as they please regardless of if you’re home or not. They snoop around undetected; they are looking in your closets, pantry, they know what's in the back of your freezer, and they are 100% digging through your underwear drawer.
That's what RATs allow an attacker to do to your computer. I’m sure, like most people, you don’t want anyone looking through the underwear drawer we call browser history.
How Do RATs Work?
Generally, RATs infiltrate systems through deceptive means—phishing emails, malicious links, or bundled in and hidden with legitimate software. Once inside, the RAT can grant cybercriminals the ability to steal data, monitor user behavior, and even activate cameras and microphones for espionage purposes. More pressing is that RAT’s are commonly used among some ransomware groups to maintain persistence on an infected network.
**Persistence references a technique for an attacker to maintain their access to a computer or network.
Why Should You Care?
The implications of a RAT infection are wide-ranging. Remember the underwear drawer reference from earlier? Let’s reframe that, let’s go back to the home intruder reference. They have access to your house, as if that isn’t bad enough. But they’re going through your photo albums, Bank statements, all your mail. They make copies of important information, and take notes of anything of interest. They have found your address book. Now they know where your kids, and sweet aunt Millie live too.
She’s old, sweet, makes a mean coffee cake, has a big heart, and doesn't understand computers that well. She’ll make a great victim for them. They will take aunt Millie for every dime she has, in the process they'll make her feel so embarrassed about the whole ordeal she'll never tell a soul.
Think about that. Do you want that on your conscience?
To add insult to injury, not only do they have the ability to lock you out of your home permanently, but they have the ability to hold everything inside of your home ransom unless you pay them.
**BTW: If you let them in on a work computer, they now may have access to the entire neighborhood.**
If you don’t pay the ransom, they take everything of value and sell it online to the highest bidder… Everything else is either trashed or given away for free. Regardless, you’re not getting your stuff back, unless you can find it on the dark web, and trust me. You don’t want to fight people on the internet for the contents of an underwear drawer, even if it is your own.
From personal privacy breaches, corporate espionage, or ransomware attacks that can bring any organization to its knees. The damage can be profound. Sensitive information, financial data, and private conversations can fall into the wrong hands, leading to financial loss, reputational damage, and even legal consequences.
Protecting Yourself from RATs
Stay Informed: Knowledge is your first line of defense. Be aware of the common tactics used by cybercriminals to distribute RATs. Be wary of emails, especially those that contain attachments or links. If you’re not 100% sure of the validity of an email’s contents, get a second opinion. Only download trusted software online. I feel like this should go without saying, but I’ll say it anyway. If you find a piece of software, that is usually paid for, listed somewhere for free, don’t download it.
Use Antivirus/EDR Software: A robust antivirus or EDR (Endpoint Detection and Response) can generally detect and remove RATs before they nestle into your system.
Update Regularly: Keep your software and operating system updated closes security loopholes that can be exploited. No one likes to reboot their computer in the middle of the day, but it’s better than the alternative.
I hope that despite my Sudafed fueled stupor I’ve managed to drive home the point that not all things we think, or hope, are fantasy actually are fantasy. Sometimes the worst imaginable thing is in fact based on real events. Sometimes the boogieman is real.
The existence and frequent use of RAT’s are one of those things, at least for me anyway. We live a large part of our lives in the digital world, and to think of someone having full access to that part of us should make us all a little more cautious.
P.S. The amount of A.I. Generated images of RATS going through underwear drawers I now posses is staggering... I should feel ashamed. Instead, I'm heading back to bed.
Stay safe out there.