http://www.newsfactor.com/perl/story/19419.html By Masha Zager NewsFactor Network September 17, 2002 Once there were "black hat" hackers and "white hat" hackers -- bad guys who broke into computers to wreak havoc, and good guys who tried to find and plug loopholes before the bad guys found them. Today, as opportunities for hacking have increased, the ranks of hackers have grown, and their activities and motivations are more diverse than ever. "The term hacker doesn't even mean anything any more," said Michael Rasmussen, research director for information security at Giga Information Group, in an interview with NewsFactor. Still, security experts like Rasmussen try to profile hackers and divide them into broad categories. Casual and Political Hackers Casual hackers are by far the most numerous, according to Richard Stiennon, Gartner research director for network security. While most of these intruders are "exploratory hackers" motivated by curiosity or by the challenge of outwitting security systems, some hope to cause mischief, steal money or use subscriptions that other computer users have paid for. Politics motivates other hackers, although, according to Stiennon, many hackers who identify themselves as political "use their infantile perspective on world politics as justification, while their real motivation is demonstrating that they can take over a Web site." Genuine hacker-activists are relatively rare. Some of them infiltrate Web sites of competing political organizations, while others help dissidents living under totalitarian regimes exchange information more freely. The political category also may include cyber terrorists -- hackers who attempt to cause massive damage for political reasons -- but even though the FBI's National Infrastructure Protection Center issued a cyber terrorism alert last month, evidence of such attacks is not widely accepted. Still, some critical infrastructure is vulnerable to damage by hackers, Stiennon told NewsFactor. Political attacks may be directed against private organizations as well as governments, as was the case in the recent denial-of-service attacks and Web site vandalism against the Recording Industry Association of America in retaliation for its support of antipiracy legislation. In fact, any highly visible organization may find itself a target, according to Giga analyst Rasmussen. Inside Agents Insiders, though outnumbered by casual hackers, pose more serious threats to corporations. Company employees and trusted third parties, such as consultants or suppliers, can cause enormous damage to corporate systems. "With complex business partner relationships, this can be a mess to deal with," Rasmussen said. Insider attacks may be motivated by curiosity -- for example, employees may try to find out how much their colleagues are earning -- but insiders also can steal credit card numbers and trade secrets. Vandalism is far less common than theft among insiders, according to Gartner analyst Stiennon, although one insider vandalism case -- in which an Australian bent on revenge against his former employer hacked into a computer system and caused it to pump raw sewage into public waterways -- was widely reported in news media last year. Organized Crime The final category of hacker is peopled by professional criminals. According to Giga's Rasmussen, organized crime rings in former Soviet countries already are breaking into U.S. computers to steal credit card numbers. And Stiennon said he believes criminal use of the Internet may increase dramatically in the future. "Criminals are sometimes the last to take advantage of new technology," he noted. "Today, there is no Lex Luthor of the Internet, but there are opportunities to do serious damage. Because of lag between technology being available and criminals taking advantage of it, corporations have a breathing space to protect themselves." Cycle of Discovery and Exploitation According to Stiennon, software vulnerabilities tend to follow standard life cycles. At first, a sophisticated hacker discovers a vulnerability in a piece of code. If he is responsible, he brings the vulnerability to the software vendor, which announces the vulnerability along with the patch for it. Soon afterward, others write and publish programs that exploit the vulnerability. In the final phase, viruses or worms are created to spread the exploit code, and even unskilled hackers can use them to create large-scale mischief. "These sophisticated tools have turned the Internet into a dangerous zone with a background radiation level of hacking," Stiennon commented. Keeping Ahead of Hackers Understanding hackers and their motives can help IT security managers stay one step ahead of them. Everyone is at risk from casual hackers, but well-known security best practices are usually enough to foil casual hack attacks. For example, last year's devastating Nimda worm infected hundreds of thousands of computers, even though code to protect against it was available. Afterward, corporations became more diligent about security practices. "In the end, Nimda will have provided a valuable service in helping corporations shut the doors," Stiennon said. Organizations also need to consider whether they are likely to be the object of targeted attacks, either for political reasons or because they have information of value to criminals. If the probability of attack is high, they should take heightened precautions. Finally, all organizations need to take insider hacking seriously, and prevent against it by instituting adequate password control and access control. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 02:05:23 PDT