Motivations of an Attacker

Previous page
Table of content
Next page

Although a lot of literature has been written about the technical aspects of securing a network, not much is available about who your enemies are and what motivates them to attack you. Before you can determine how to protect your organization, you must learn to think like a hacker, figure out where you’re vulnerable, and then develop a game plan to reduce your exposure. If you can understand who would want to do you harm and what they would gain from such harm, you can better protect your company and your information. You must make the following assumptions:

  • You do have enemies.

  • You are on their target list.

  • You will be attacked some day.

  • You cannot afford to be complacent.

One of the most difficult realities for an organization to accept is the presence of enemies who might attempt to harm them by using technology. Every organization has enemies. This is not an overstatement. It does not matter how noble or sincere your efforts and goals are: somebody in the world doesn’t like what you are doing and could decide to cause you harm by compromising your network.

The motivations of hackers can be varied and complex. Hackers are often motivated, in part, by their invisibleness. On the Internet, a hacker can “peek” into a company’s private world—its network—and learn a lot while remaining anonymous.

Some individuals are just curious to see what they can learn about your company or individuals within your company. These hackers often don’t have any malicious intent and are unaware that their actions violate security policy or criminal codes.

Others hackers are simply trying to help. You’ve probably been in this category once or twice yourself. In your zeal to be helpful, you bypass security policies to fix problems or accomplish emergency assignments. You might even believe that your efforts are more efficient than following established guidelines and policies. Nevertheless, the bypassing of known security policies is one element of hacking a network.

Some individuals act with malicious intent, engaging in acts of sabotage, espionage, or other criminal activities. They can become moles, stealing information to sell to competitors or foreign groups. Some simply enjoy destroying the work of others as well as their own work. Others act out of revenge for a real or perceived wrong committed against them, or believe they are acting in line with a strongly held belief system. Still others are more methodical and hardened and turn hacking into a career: they might even take employment just to do your company harm.

Although their motivations for invading the privacy of your company are varied, most hackers share certain personality traits. According to the Diagnostic and Statistical Manual of Mental Disorders IV, published by the American Psychiatric Association, the motivations just described are often triggered by traits that psychologists say are part of the Anti-Social personality. The essential feature of this personality is a pervasive pattern of disregard for, and violation of, the rights and sensibilities of others. These people are characterized by the following traits:

  • Failure to conform to lawful behavior by repeatedly performing acts that are grounds for arrest

  • Deceitfulness, evidenced in acts such as repeated lying, use of aliases, or conning others for personal gain

  • Impulsivity

  • Irritability and (in some cases) physical aggressiveness

  • Consistent irresponsibility

  • Lack of remorse, as indicated by being indifferent to or rationalizing the hurt and damage they have caused others

In addition, most hackers feel a sense of entitlement, and think they should be treated differently because they perceive themselves as being special or above the rules. They are typically bright and curious, and enjoy a challenge.

Individuals exhibiting these traits might be working in your organization. Such people can be, at times, nice, enjoyable, funny, witty, and pleasant, so don’t classify people based on one or two incidents.

start sidebar
Real World—Think Globally When Diagnosing a Security Problem

Recently, a US firm with national visibility in its industry was attacked by a group based outside of the US. The attacking group used its Exchange Server to send out spam messages (in its own language) to addresses all over the world. At first, this problem looked like a virus, but then the company realized the attackers had planted a program on the Exchange server that was launching the outgoing e-mails.

By the time the US firm had figured out the problem, outbound SMTP queues had nearly 100,000 messages sitting in them, ready to be sent.

end sidebar



Previous page
Table of content
Next page
Microsoft Exchange Server 2003 Administrator's Companion
Microsoft Exchange Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735619794
EAN: 2147483647
Year: 2005
Pages: 254
Authors: Walter Glenn, Bill English
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Managing Enterprise Systems with the Windows Script Host
The Complete Cisco VPN Configuration Guide
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Special Edition Using Crystal Reports 10
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy