[ISN] Who Are the Hackers?

From: InfoSec News (isnat_private)
Date: Tue Sep 17 2002 - 23:52:16 PDT

  • Next message: InfoSec News: "[ISN] Sygate Personal Firewall IP Spoofing Vulnerability"

    By Masha Zager
    NewsFactor Network 
    September 17, 2002 
    Once there were "black hat" hackers and "white hat" hackers -- bad 
    guys who broke into computers to wreak havoc, and good guys who tried 
    to find and plug loopholes before the bad guys found them. Today, as 
    opportunities for hacking have increased, the ranks of hackers have 
    grown, and their activities and motivations are more diverse than 
    "The term hacker doesn't even mean anything any more," said Michael 
    Rasmussen, research director for information security at Giga 
    Information Group, in an interview with NewsFactor. Still, security 
    experts like Rasmussen try to profile hackers and divide them into 
    broad categories. 
    Casual and Political Hackers 
    Casual hackers are by far the most numerous, according to Richard 
    Stiennon, Gartner research director for network security. While most 
    of these intruders are "exploratory hackers" motivated by curiosity or 
    by the challenge of outwitting security systems, some hope to cause 
    mischief, steal money or use subscriptions that other computer users 
    have paid for. 
    Politics motivates other hackers, although, according to Stiennon, 
    many hackers who identify themselves as political "use their infantile 
    perspective on world politics as justification, while their real 
    motivation is demonstrating that they can take over a Web site." 
    Genuine hacker-activists are relatively rare. Some of them infiltrate 
    Web sites of competing political organizations, while others help 
    dissidents living under totalitarian regimes exchange information more 
    The political category also may include cyber terrorists -- hackers 
    who attempt to cause massive damage for political reasons -- but even 
    though the FBI's National Infrastructure Protection Center issued a 
    cyber terrorism alert last month, evidence of such attacks is not 
    widely accepted. Still, some critical infrastructure is vulnerable to 
    damage by hackers, Stiennon told NewsFactor. 
    Political attacks may be directed against private organizations as 
    well as governments, as was the case in the recent denial-of-service 
    attacks and Web site vandalism against the Recording Industry 
    Association of America in retaliation for its support of antipiracy 
    legislation. In fact, any highly visible organization may find itself 
    a target, according to Giga analyst Rasmussen. 
    Inside Agents 
    Insiders, though outnumbered by casual hackers, pose more serious 
    threats to corporations. Company employees and trusted third parties, 
    such as consultants or suppliers, can cause enormous damage to 
    corporate systems. "With complex business partner relationships, this 
    can be a mess to deal with," Rasmussen said. 
    Insider attacks may be motivated by curiosity -- for example, 
    employees may try to find out how much their colleagues are earning -- 
    but insiders also can steal credit card numbers and trade secrets. 
    Vandalism is far less common than theft among insiders, according to 
    Gartner analyst Stiennon, although one insider vandalism case -- in 
    which an Australian bent on revenge against his former employer hacked 
    into a computer system and caused it to pump raw sewage into public 
    waterways -- was widely reported in news media last year. 
    Organized Crime 
    The final category of hacker is peopled by professional criminals. 
    According to Giga's Rasmussen, organized crime rings in former Soviet 
    countries already are breaking into U.S. computers to steal credit 
    card numbers. 
    And Stiennon said he believes criminal use of the Internet may 
    increase dramatically in the future. "Criminals are sometimes the last 
    to take advantage of new technology," he noted. "Today, there is no 
    Lex Luthor of the Internet, but there are opportunities to do serious 
    damage. Because of lag between technology being available and 
    criminals taking advantage of it, corporations have a breathing space 
    to protect themselves." 
    Cycle of Discovery and Exploitation 
    According to Stiennon, software vulnerabilities tend to follow 
    standard life cycles. At first, a sophisticated hacker discovers a 
    vulnerability in a piece of code. If he is responsible, he brings the 
    vulnerability to the software vendor, which announces the 
    vulnerability along with the patch for it. 
    Soon afterward, others write and publish programs that exploit the 
    vulnerability. In the final phase, viruses or worms are created to 
    spread the exploit code, and even unskilled hackers can use them to 
    create large-scale mischief. "These sophisticated tools have turned 
    the Internet into a dangerous zone with a background radiation level 
    of hacking," Stiennon commented. 
    Keeping Ahead of Hackers 
    Understanding hackers and their motives can help IT security managers 
    stay one step ahead of them. Everyone is at risk from casual hackers, 
    but well-known security best practices are usually enough to foil 
    casual hack attacks. 
    For example, last year's devastating Nimda worm infected hundreds of 
    thousands of computers, even though code to protect against it was 
    available. Afterward, corporations became more diligent about security 
    practices. "In the end, Nimda will have provided a valuable service in 
    helping corporations shut the doors," Stiennon said. 
    Organizations also need to consider whether they are likely to be the 
    object of targeted attacks, either for political reasons or because 
    they have information of value to criminals. If the probability of 
    attack is high, they should take heightened precautions. Finally, all 
    organizations need to take insider hacking seriously, and prevent 
    against it by instituting adequate password control and access 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 02:05:23 PDT