http://star-techcentral.com/tech/story.asp?file=/2006/10/3/itfeature/15592912&sec=itfeature October 3, 2006 Whats in a hacker? TWENTY years ago, Raoul Chiesa went by the nickname nobody -- but at 13 years old, he was already known amongst the security community as one of the first hackers in Italy. Now, Chiesa is the director of communications at the Institute for Security and Open Methodologies (ISECOM) and he is on a mission to uncover the mysteries of hacker types. According to Chiesa, hackers were generally unknown to people and ignored by researchers back when the usage of computers became popular in the eighties. Today, researchers and analysts are becoming more interested in hackers, he said, though these parties often have a misconception about hackers because they do not have proper research methods to define the group. In their minds, there is only one type of hacker, who is seen as physically ugly, have bad moral values and are unethical or anarchic in nature, he said. Unhappy with the stereotype, Chiesa and project partner Dr. Stefania Ducci, who works for the United Nations Interregional Crime and Justice Research Institute, embarked on a project called Hacker Profiling Project (HPP) to discover the typologies of hackers basically how different hacker types think and function. Chiesa said that profiling hackers are important because of the rise of high-tech crimes today. There is a continuous increase of dependence between national stability and IT security issues. There are dangerous synergies among technologically advanced personalities, classic criminality and terrorism, Chiesa said. But often, cybercrime is still being analysed in the wrong manner. Basically, we want to help the government and police realise and understand the different types of hackers, so that they will know when to pursue an actual criminal and when not to waste resources chasing after script-kiddies, he said. The HPP aims to analyse the hacking phenomenon from four principal perspectives: technological, social, psychological and criminological. There are eight phases in the HPP (see story Delving deep into the hacker culture, In.Tech Sept 14), one of which involves going directly to the source letting hackers answer questionnaires about themselves. Sorting hackers Chiesa said the results from the questionnaires, collected since the HPP kicked off in September 2004, revealed that hackers are generally intellectually brilliant, creative, decided and resolute. Those with a low-level of skills usually target easier operating systems, such as Windows or Linux, while the more elite hackers prefer to stimulate their minds with *BSD, Solaris, HP/UX, IOS or Symbian operating systems. If these hackers manage to break into a system, they would mostly lay the blame on its system administrators or designers for not keeping their own turf secure. For bona fide hackers, hacking is used as a technique or way of life to satisfy curiosity or to challenge themselves, Chiesa said. Or it can be used as a tool of power to raise peoples awareness on political and social problems. Generally, hackers are motivated by their love for knowledge, Chiesa found, but some are motivated by lucrative purposes so they may practice phishing or get involved in industrial espionage. Many hackers are also rebels, especially towards authorities and people they consider narrow-minded or a menace to civil liberties. The different types According to the study, there are nine types of hackers, which are: Wannabe lamer, script-kiddie; cracker; ethical hacker; the quiet, paranoid and skilled hacker (QPS); cyber-warrior; industrial spy; government agent; and military hacker. The wannabe lamer, usually aged from nine to 16, are the most harmless of the lot. They generally claim to be a hacker to brag or to be seen as cool, though most are rather clueless about what hacking really is. Script-kiddies (10-18 years old), however, are a little more informed in that they know how to search and download hacking tools but most have limited knowledge on how these tools work. The harm they cause is mostly low impact, but they would do it anyway to either rebel or attract attention from the mass media. Ethical hackers (15-50 years old), who are usually part of hacker communities, would probably frown on this. Seen as the most selfless of the hacker lot, they are usually motivated by curiosity and generally have altruistic intentions. Ethical hackers would usually advise system administrators if they find vulnerabilities in a companys security system, but would generally do that only after communicating their discoveries with peers in their underground community first. Also, this group would likely not cause damage to a violated system but instead help defend and secure it against attacks. Crackers (17-30 years old), on the other hand, may possess less technical skills than the ethical hacker, but are viewed as a bigger threat because they have malicious intentions to cause damage. Like script-kiddies, they may hack to attract attention or to demonstrate their prowess. The QPS (16-40 years old), like their name suggests, are quite the opposite. Preferring to keep a low profile, they possess high technical skills that allow them to enter and leave computer systems undetected. This type might hack into a system because there is something that he needs, Chiesa noted. The QPS might be more dangerous than ethical hackers as they have their own agenda. Theyre the type who you will never realise have even entered your system. More dangerous than crackers with malicious intent, however, are cyber-warriors. This group, aged 18-50 years old, are the ones who are into hacking solely for financial gain. Industrial spies (22-45 years old) are also motivated by similar means, in that they are professionally employed by businesses to hack for profit. Low profile Higher on the hacker chain are government agents and military hackers. These groups, usually aged 25-45, are hired by the government to monitor, defend or provide counter-attacks on a national level. As it is unlikely that these last few low-profile groups would voluntarily take part in the HPP questionnaire, Chiesa said he collected data about them through the use of honeypots traps designed to appear like it is part of a legitimate network, but is not. But these findings are not the final conclusion, as we are still in the process of collecting data, Chiesa added. We still have a lot of work to do and we need support. HPP is currently self-funded and based on independent research methodologies. He said that HPP is open to collaboration and research partnerships and is looking for contributors, volunteers as well as sponsors. Interested in participating? Get the questionnaire at http://hpp.hackinthebox.org. _________________________________ Donate online for the Ron Santo Walk to Cure Diabetes! http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Thu Oct 05 2006 - 02:03:27 PDT