Who Are the Hackers?

[InfoSec News <isn () c4i org>]

http://www.newsfactor.com/perl/story/19419.html

By Masha Zager
NewsFactor Network 
September 17, 2002 

Once there were "black hat" hackers and "white hat" hackers -- bad 
guys who broke into computers to wreak havoc, and good guys who tried 
to find and plug loopholes before the bad guys found them. Today, as 
opportunities for hacking have increased, the ranks of hackers have 
grown, and their activities and motivations are more diverse than 
ever. 

"The term hacker doesn't even mean anything any more," said Michael 
Rasmussen, research director for information security at Giga 
Information Group, in an interview with NewsFactor. Still, security 
experts like Rasmussen try to profile hackers and divide them into 
broad categories. 

Casual and Political Hackers 

Casual hackers are by far the most numerous, according to Richard 
Stiennon, Gartner research director for network security. While most 
of these intruders are "exploratory hackers" motivated by curiosity or 
by the challenge of outwitting security systems, some hope to cause 
mischief, steal money or use subscriptions that other computer users 
have paid for. 

Politics motivates other hackers, although, according to Stiennon, 
many hackers who identify themselves as political "use their infantile 
perspective on world politics as justification, while their real 
motivation is demonstrating that they can take over a Web site." 
Genuine hacker-activists are relatively rare. Some of them infiltrate 
Web sites of competing political organizations, while others help 
dissidents living under totalitarian regimes exchange information more 
freely. 

The political category also may include cyber terrorists -- hackers 
who attempt to cause massive damage for political reasons -- but even 
though the FBI's National Infrastructure Protection Center issued a 
cyber terrorism alert last month, evidence of such attacks is not 
widely accepted. Still, some critical infrastructure is vulnerable to 
damage by hackers, Stiennon told NewsFactor. 

Political attacks may be directed against private organizations as 
well as governments, as was the case in the recent denial-of-service 
attacks and Web site vandalism against the Recording Industry 
Association of America in retaliation for its support of antipiracy 
legislation. In fact, any highly visible organization may find itself 
a target, according to Giga analyst Rasmussen. 

Inside Agents 

Insiders, though outnumbered by casual hackers, pose more serious 
threats to corporations. Company employees and trusted third parties, 
such as consultants or suppliers, can cause enormous damage to 
corporate systems. "With complex business partner relationships, this 
can be a mess to deal with," Rasmussen said. 

Insider attacks may be motivated by curiosity -- for example, 
employees may try to find out how much their colleagues are earning -- 
but insiders also can steal credit card numbers and trade secrets. 

Vandalism is far less common than theft among insiders, according to 
Gartner analyst Stiennon, although one insider vandalism case -- in 
which an Australian bent on revenge against his former employer hacked 
into a computer system and caused it to pump raw sewage into public 
waterways -- was widely reported in news media last year. 

Organized Crime 

The final category of hacker is peopled by professional criminals. 
According to Giga's Rasmussen, organized crime rings in former Soviet 
countries already are breaking into U.S. computers to steal credit 
card numbers. 

And Stiennon said he believes criminal use of the Internet may 
increase dramatically in the future. "Criminals are sometimes the last 
to take advantage of new technology," he noted. "Today, there is no 
Lex Luthor of the Internet, but there are opportunities to do serious 
damage. Because of lag between technology being available and 
criminals taking advantage of it, corporations have a breathing space 
to protect themselves." 

Cycle of Discovery and Exploitation 

According to Stiennon, software vulnerabilities tend to follow 
standard life cycles. At first, a sophisticated hacker discovers a 
vulnerability in a piece of code. If he is responsible, he brings the 
vulnerability to the software vendor, which announces the 
vulnerability along with the patch for it. 

Soon afterward, others write and publish programs that exploit the 
vulnerability. In the final phase, viruses or worms are created to 
spread the exploit code, and even unskilled hackers can use them to 
create large-scale mischief. "These sophisticated tools have turned 
the Internet into a dangerous zone with a background radiation level 
of hacking," Stiennon commented. 

Keeping Ahead of Hackers 

Understanding hackers and their motives can help IT security managers 
stay one step ahead of them. Everyone is at risk from casual hackers, 
but well-known security best practices are usually enough to foil 
casual hack attacks. 

For example, last year's devastating Nimda worm infected hundreds of 
thousands of computers, even though code to protect against it was 
available. Afterward, corporations became more diligent about security 
practices. "In the end, Nimda will have provided a valuable service in 
helping corporations shut the doors," Stiennon said. 

Organizations also need to consider whether they are likely to be the 
object of targeted attacks, either for political reasons or because 
they have information of value to criminals. If the probability of 
attack is high, they should take heightened precautions. Finally, all 
organizations need to take insider hacking seriously, and prevent 
against it by instituting adequate password control and access 
control. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.