[ISN] Hacker Profile Becomes More Social, Adds Women

From: InfoSec News (alerts@private)
Date: Thu Dec 20 2007 - 23:19:10 PST


http://www.informationweek.com/news/showArticle.jhtml?articleID=205101618

By Thomas Claburn
InformationWeek
December 20, 2007

Most people involved in computer crimes are nameless and faceless to the 
organizations they attack, with the obvious exception of insiders. A few 
become known as a consequence of getting caught.

There's Adam Sweaney, 27, of Tacoma, Wash., who pleaded guilty in 
September to running a botnet. There's Azizbek Takhirovich Mamadjanov, 
21, a Florida resident who was sentenced to 24 months in prison for a 
phishing scheme that led to millions of dollars in losses for a 
financial institution in the Midwest. There's Jason Michael Downey, 24, 
of Dry Ridge, Ky., sentenced in October to 12 months in prison for 
operating a botnet.

What's notable about these young men and other cybercriminals isn't so 
much their identities as their community. "I don't think the hacker is a 
loner anymore," said Don Jackson, senior security researcher at 
SecureWorks. "People that author malware feel like they have their own 
community now, their own social circles. They have their own social 
networks."

In contrast to people like Theodore Kaczynski, the Unabomber, who 
schemed in isolation to blow people up, cybercriminals today have plenty 
of support for their attacks and scams. They can buy automated attack 
kits or information about undiscovered exploits. They can rent botnets 
-- groups of compromised computers -- to spam, steal personal data, or 
conduct denial-of-service attacks. Their questions about breaking into 
other people's computers can be answered through IRC chats or Web 
forums. They're part of a thriving underground economy that's expected 
to grow in 2008.

And as cybercrime becomes an even bigger business, the profile of the 
cybercriminals is broadening beyond young men with computer skills. 
Jackson said that cybercriminals still appear to be predominantly male, 
"but we see a lot more women and girls involved in hacking."

One explanation for that may be that malicious hacking in the name of 
nationalism is tolerated, or even encouraged, in some parts of the 
world. It's socially acceptable.

"I've been really amazed at the way people defend their actions," 
Jackson said. "I've had people argue that it's not a bad thing."

Jackson recounted an article he'd had translated from a small-town 
Russian newspaper that lauded two local hackers for sticking it to 
"those Capitalists." Russian nationalism appears to be the motivation 
behind the massive distributed denial-of-service attack that hit Estonia 
in April. Attacks traced to China are also often attributed to 
nationalism. But more often than not, the real motivation is money.

Dave Marcus, security research and communications manager at McAfee 
Avert Labs, said that before 2000, the profile of the hacker was 
different, more "the pimply kid in the basement." Today, there's more 
professionalism, he said, because there's money in hacking in many 
countries.

While Marcus couldn't say whether more women were getting involved in 
criminal hacking, he did note that those in the security field tended to 
be exceptionally talented. "Most of the women in security and malware 
tend to have a lot higher skills than the guys do," he said. "They're 
considered much more elite."


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Thu Dec 20 2007 - 23:37:05 PST