Understanding the Modern Hacker

Security is one of the few fields in technology where the problem and the solution both deal with human beings. We do not simply beat a router to death because its protocols are not functioning. Rather, we deal with other people who, like us, have the capacity to be incredibly cunning and dynamic. So, just as a networking engineer must have an understanding of routers, so must a security engineer have an understanding of hackers.

As a general rule, stereotyping is to be avoided. After all, a hacker is human and has feelings as well. In deference to all the friendly computer criminals I have met and known over the years, the following section is meant as no offense. For the sake of education, however, I will lay down some of the more accurate stereotypes that have emerged over the years for they are quite useful in defining the individuals we see time and again.

Summertime Hacker

The summertime hacker is an average, run-of-the mill "Joe" who has spent a little too much time on the Internet and has read one too many Usenet postings on how to hack the FBI. Few technical people can honestly say they have never considered trying to hack into a computer or network. Search across all the homes and businesses in the world and you will most likely find a high number of L0phtCrack and NMAP installations on the systems of curious individuals. Most employees of an organization will, at some time, attempt to access resources they are not authorized to access.

Motivation

Hackology is a very interesting topic to many people. The summertime hacker is motivated by a general curiosity of the topic, the tools, and of his or her ability to execute them. Many summertime hackers are individuals exploring the world of information security, only without the permission of the groups they are attempting to exploit. Technical employees with extra time on their hands are the most likely to be summertime hackers.

Methods

Hacker tools are available left and right on the Internet. You may have to close a few hundred pornographic Web page advertisements before you actually get to where you are going, but it is quite simple nonetheless. Summertime hackers will use any readily available tool, most often without understanding its purpose or capabilities. These individuals are usually more interested in trying out a new tool than actually causing any damage.

Severity of Threat

Lucky for us, simple hacker tools used by an individual who does not have any particular motivation or hacking skills are a relatively minor threat in an environment that has applied good security practices. After one or two failed attempts, the hacker will have changed focus and become intrigued by something else. In an environment that lacks security, however, these individuals can be far more destructive than even they imagine.

Hacker tools acquired from the Internet are often loaded with back doors and Trojan horses that execute unknown to the hacker. In an environment where an administrator has downloaded Hacker Tool X to his or her workstation, there is a good chance that the tool will make the workstation vulnerable to attack from other hackers. Installing such a tool as an administrator can easily give administrative privileges to hackers all around the world. Thus, the summertime hacker often does much more damage than he or she intends. Additionally, since these individuals rarely spend the time to fully understand the tools they are using, there is a high probability that a tool will be used improperly and potentially cause far more damage than intended.

Script Kiddies

Generally speaking, script kiddies are bored individuals without girlfriends or boyfriends who can think of nothing better to do on a Saturday night than make people come into work to fix a failing system. Script kiddies can be good company for people awake at 3 a.m. who desire to play video games or debate which Open Source operating system is really the best. However, script kiddies are an incredible nuisance in the security world; this is mostly due to the fact that there are thousands and thousands of these individuals out there running around with dangerous tools and a general desire for chaos.

Script kiddies are usually teenagers and college students that have more of an interest in causing damage than actually learning about technology. The average kiddy preys on unsecured networks, home systems, universities and schools, and anyone they can find on the Internet.

Motivation

Not young enough to be innocent and not talented enough to be truly malicious, script kiddies are normally a mix of the curious and those desiring the sense of power that professional hackers feel. Most kiddies "hack" because it entertains them or makes them feel like they are being active in some particular cause. Often, it gives them a chance to show off their skills in a strange world where they have a chance of actually being admired by other script kiddies. Many also see it as a claim to fame, mostly among other kiddies and kiddie wanna-bes within the hacker community.

Methods

Sometimes, script kiddies will target a specific site; but more often, they will continue to roam from address to address, looking for that one unpatched server or unfiltered network. This process of hacking without a specific target in mind is a large contributor to their ultimate success (quantity, not quality). When a new type of vulnerability is discovered and an exploit is developed, a large number of these hackers will be inspired to try it out on random networks. The more advanced kiddies will use their skills in programming to chain together common exploits developed by skilled hackers. One in several hundreds of kiddies will actually program a good original exploit; in which case, the others will start using it as well.

Severity of Threat

With the exception of worms and viruses, script kiddies are probably responsible for causing most of the damage we see in information security. This is not due to any particular capabilities, but due to the sheer number of kiddies out there and their unfocused interest in doing damage. One of the major threats of the kiddies is that it is quite easy to become one, and thus the world is flooded with them. If you place a computer on an active Internet connection with a personal firewall, you will be lucky to go 15 minutes without at least one probe from a system controlled by a kiddie. If there is an unpatched and accessible device within the environment, eventually a kiddie will find it.

The majority of security measures that organizations put in place are geared to defend against this form of hacker. Firewalls and IDSs are at their best when battling against script kiddies.

Targeting Criminals

The main difference between a script kiddie and a targeting criminal is focus. Often, a targeting criminal will have more resources and a higher level of skill, but it is the focus and determination that end up devastating the target. When the average person hears the word "hacker," this is the type of individual that comes to mind.

Motivation

Most targeting hackers are focused because they have some form of real-world incentive. Frequently, they are looking for profit, attempting to steal valuable information, such as customer information, bank accounts, or credit cards. They may attempt to manipulate such information; for instance, they may try to change grades at a university, or add an extra million to their bank accounts.

Sometimes, these groups and individuals are motivated by the desire to hurt another person or organization. I have seen skilled hackers break into hospitals where family members have died. I have seen members of activist groups hacking into and causing millions of dollars in damages to organizations that are enemies of their cause. Often, enraged customers will attempt to hack into companies that they feel treated them unfairly. And, it is quite common to find an upset former employee using his or her newly discovered free time to exact revenge on the company that terminated him/her.

Methods

Anything goes for the methods used by this form of attacker. Normally, a series of events will take place, including a process of information gathering, exploiting development, and attacking. Such actions are not at all limited to programming and network-based measures, either. Dumpster diving for discarded access information, calling up employees, and visiting the facility usually yield enormous amounts of information. Low-cost methods that only require focus and determination are the tools of the average targeting criminal. This person will normally have all the time in the world to wait, plan, and attack.

Severity of Threat

The good news is that a hacker of this nature is not nearly as common as the script kiddy or summertime hacker. Of course, the larger the organization and the more active it is, the more tempting a target it will become. The bad news is that if a targeting criminal really wants to do some damage, it is extremely difficult to prevent it.

More often than not, someone intelligent enough to be a targeting criminal also has some sense beyond the desire to simply destroy everything in sight. The ultimate level of damage the individual inflicts will end up depending not only on his or her level of skill, but also on his/her level of motivation.

Employees (and Consultants)

Open any book or article on security published in the past five years and they all say the same thing: "Concerning digital security, your employees are the most lethal threat." It's not that employees are innately evil; it's just that they often have access to too many things, and we humans are a very curious species. In any case, employees are indeed a top security concern for most organizations.

Motivation

Motivations exist left and right for employees. Employees are most often summertime hackers and script kiddies operating from the inside of networks. This trait makes them more dangerous. Often, employees hack simply because of the "Could I?" thought. Downloading the latest hacker tool is so much more entertaining than filling out a boring time card. For some employees, it is simply a hacker power trip, having the capability to cause devastation within their own environment.

The far more serious threat comes from those who are motivated by ambition or anger. Such employees are similar to targeting criminals on the outside of the organization, only an employee is scheming, planning, and probing safely from the comfort of the inner keep of the castle. The employee hacker with strong motivation can be an extremely destructive element to any organization.

Methods

The sky is the limit for these individuals. It is not uncommon to find a wide variety of hacker tools installed on employee systems. Nor is it uncommon for an employee to look over the CIO's shoulder while a password is typed. Being on the inside of the organization, the individual will have access to systems on the LAN, file shares, email, and other employees. The advantages employee hackers have are further amplified by the inherent trust that is shared within the organization. If a support engineer wants to use your computer for a second to install some little application, why would you say no?

Employee hackers often plant Trojan horses, remote control applications, sniffers, and keyboard stroke recorders on systems in which they are interested. It does not take a great deal of effort for someone on the inside to learn everything there is to know about the organization through unauthorized information access. Even months and years after an employee has left a company, the tools can still be there, listening.

Severity of Threat

A normal hacker would have to accomplish 20 tasks breaking through an organization's security systems simply to get to the point where an employee already is. On top of this, an employee is there every day and knows far more about the company than an anonymous hacker. It is thus reasonable to say that an employee has far more power to unleash pain on company systems and networks than an outside hacker could ever dream of. There is no limit to the devastation a disgruntled employee can cause to an organization, especially if he or she has no fear of being caught.

True Hackers

If we follow the literal definition of a "hacker" as someone talented and knowledgeable concerning all aspects of a particular subject, and combine that with a streak of malice or a general lack of consideration for others, we get what is called a true hacker. Such hackers are extremely gifted in programming, as well as with knowing how to assemble and disassemble processes. Being at the top of their game, such hackers often crave finding something that will challenge them. They work to develop new worms or viruses, or develop new ways to break encryption patterns or exploit security applications. In any case, these individuals are a big threat to the world of information security and can cause billions of dollars in damage.

Accidental Hackers

Another extremely common type of hacker is the accidental hacker. These hackers are often employees, customers, and partners. They are individuals who are authorized to access systems and resources, but accidentally strike an unexpected key, trip over a cord, or delete a file that causes a device to crash or exposes information to the world. When we think of protective measures, we must think of the occasional mishap from the normal user community as well. Such hackers are often overlooked and can truly devastate an organization without any malicious intent.

The Hacker Community

An inspiring motivation for many hackers is simply to be a participant in the hacker community. There are thousands of Web sites, news lists, and mailing groups dedicated to the hacking and cracking of systems and networks. There are also many thousands of hackers who subscribe to such sites, submitting their ideas, new tools, and long tales of how they single-handedly cracked a federal mainframe or wrote something semi-clever on the front page of a high-profile Web site.

The hacker community also tends to attract some extremely intelligent and talented individuals who, to be quite honest, you would never want as enemies. While on an Internet chat discussion, these individuals tend to be quieter; they may interject comments and opinions on occasion, usually to reprimand the younger hackers for their "ignorant bantering."

The hacker world parallels the security world in many respects. Hackers have their own conferences held all around the globe. Some hackers make a living from selling their tools and techniques to other hackers, or selling books to the general public. All in all, the general hacker community is extremely active compared to many other digital organizations.

Community Wars

When looking into the world of the hacker, one should not be blinded into thinking the war has only two fronts. Hackers do not limit their attacks to professional organizations or remain true to some mystical hacker code of honor. Hackers have their own society, and as with any society, there are battles to be fought.

Hackers are continually attacking other hackers in a struggle for resources, fame, and pride. Many consider it to be a great accomplishment to destroy the site of a fellow hacker. Others may disagree with the political views or motivations behind opposing hacker organizations and thus, launch attacks. Many of these battles result in different hacker groups building up great forces on either side. Thousands of systems around the world launch attacks against other hacker sites without the system owners ever knowing.