[ISN] What's in a hacker?

From: InfoSec News (alerts@private)
Date: Thu Oct 05 2006 - 01:43:49 PDT


http://star-techcentral.com/tech/story.asp?file=/2006/10/3/itfeature/15592912&sec=itfeature

October 3, 2006

Whats in a hacker?

TWENTY years ago, Raoul Chiesa went by the nickname nobody -- but at 13 
years old, he was already known amongst the security community as one of 
the first hackers in Italy.

Now, Chiesa is the director of communications at the Institute for 
Security and Open Methodologies (ISECOM) and he is on a mission to 
uncover the mysteries of hacker types. According to Chiesa, hackers were 
generally unknown to people and ignored by researchers back when the 
usage of computers became popular in the eighties.

Today, researchers and analysts are becoming more interested in hackers, 
he said, though these parties often have a misconception about hackers 
because they do not have proper research methods to define the group.

In their minds, there is only one type of hacker, who is seen as 
physically ugly, have bad moral values and are unethical or anarchic in 
nature, he said.

Unhappy with the stereotype, Chiesa and project partner Dr. Stefania 
Ducci, who works for the United Nations Interregional Crime and Justice 
Research Institute, embarked on a project called Hacker Profiling 
Project (HPP) to discover the typologies of hackers basically how 
different hacker types think and function.

Chiesa said that profiling hackers are important because of the rise of 
high-tech crimes today.

There is a continuous increase of dependence between national stability 
and IT security issues. There are dangerous synergies among 
technologically advanced personalities, classic criminality and 
terrorism, Chiesa said. But often, cybercrime is still being analysed in 
the wrong manner.

Basically, we want to help the government and police realise and 
understand the different types of hackers, so that they will know when 
to pursue an actual criminal and when not to waste resources chasing 
after script-kiddies, he said.

The HPP aims to analyse the hacking phenomenon from four principal 
perspectives: technological, social, psychological and criminological.

There are eight phases in the HPP (see story Delving deep into the 
hacker culture, In.Tech Sept 14), one of which involves going directly 
to the source letting hackers answer questionnaires about themselves.

Sorting hackers

Chiesa said the results from the questionnaires, collected since the HPP 
kicked off in September 2004, revealed that hackers are generally 
intellectually brilliant, creative, decided and resolute.

Those with a low-level of skills usually target easier operating 
systems, such as Windows or Linux, while the more elite hackers prefer 
to stimulate their minds with *BSD, Solaris, HP/UX, IOS or Symbian 
operating systems.

If these hackers manage to break into a system, they would mostly lay 
the blame on its system administrators or designers for not keeping 
their own turf secure.

For bona fide hackers, hacking is used as a technique or way of life to 
satisfy curiosity or to challenge themselves, Chiesa said. Or it can be 
used as a tool of power to raise peoples awareness on political and 
social problems.

Generally, hackers are motivated by their love for knowledge, Chiesa 
found, but some are motivated by lucrative purposes so they may practice 
phishing or get involved in industrial espionage.

Many hackers are also rebels, especially towards authorities and people 
they consider narrow-minded or a menace to civil liberties.

The different types

According to the study, there are nine types of hackers, which are: 
Wannabe lamer, script-kiddie; cracker; ethical hacker; the quiet, 
paranoid and skilled hacker (QPS); cyber-warrior; industrial spy; 
government agent; and military hacker.

The wannabe lamer, usually aged from nine to 16, are the most harmless 
of the lot.

They generally claim to be a hacker to brag or to be seen as cool, 
though most are rather clueless about what hacking really is.

Script-kiddies (10-18 years old), however, are a little more informed in 
that they know how to search and download hacking tools but most have 
limited knowledge on how these tools work.

The harm they cause is mostly low impact, but they would do it anyway to 
either rebel or attract attention from the mass media.

Ethical hackers (15-50 years old), who are usually part of hacker 
communities, would probably frown on this. Seen as the most selfless of 
the hacker lot, they are usually motivated by curiosity and generally 
have altruistic intentions.

Ethical hackers would usually advise system administrators if they find 
vulnerabilities in a companys security system, but would generally do 
that only after communicating their discoveries with peers in their 
underground community first.

Also, this group would likely not cause damage to a violated system but 
instead help defend and secure it against attacks.

Crackers (17-30 years old), on the other hand, may possess less 
technical skills than the ethical hacker, but are viewed as a bigger 
threat because they have malicious intentions to cause damage.

Like script-kiddies, they may hack to attract attention or to 
demonstrate their prowess.

The QPS (16-40 years old), like their name suggests, are quite the 
opposite. Preferring to keep a low profile, they possess high technical 
skills that allow them to enter and leave computer systems undetected.

This type might hack into a system because there is something that he 
needs, Chiesa noted. The QPS might be more dangerous than ethical 
hackers as they have their own agenda. Theyre the type who you will 
never realise have even entered your system.

More dangerous than crackers with malicious intent, however, are 
cyber-warriors.

This group, aged 18-50 years old, are the ones who are into hacking 
solely for financial gain.

Industrial spies (22-45 years old) are also motivated by similar means, 
in that they are professionally employed by businesses to hack for 
profit.

Low profile

Higher on the hacker chain are government agents and military hackers.

These groups, usually aged 25-45, are hired by the government to 
monitor, defend or provide counter-attacks on a national level.

As it is unlikely that these last few low-profile groups would 
voluntarily take part in the HPP questionnaire, Chiesa said he collected 
data about them through the use of honeypots traps designed to appear 
like it is part of a legitimate network, but is not.

But these findings are not the final conclusion, as we are still in the 
process of collecting data, Chiesa added. We still have a lot of work to 
do and we need support. HPP is currently self-funded and based on 
independent research methodologies.

He said that HPP is open to collaboration and research partnerships and 
is looking for contributors, volunteers as well as sponsors.

Interested in participating? Get the questionnaire at 
http://hpp.hackinthebox.org.


_________________________________
Donate online for the Ron Santo Walk to Cure Diabetes!
http://www.c4i.org/ethan.html



This archive was generated by hypermail 2.1.3 : Thu Oct 05 2006 - 02:03:27 PDT