I l @ ve RuBoard |
For the information security professional who is attempting to keep systems available, and maintain the confidentiality and integrity of the information they contain, his or her view of these hackers is somewhat different. These are attacks against systems, networks, and information. They are attacks against the profits of the company and the productivity of its employees . There is nothing noble about it; they are criminal acts which require a judicial response. Theft of InformationA hacker may want to steal information for himself, or to prove to someone that he can do it, or to sell the information for profit. Today, information is money. Every day more money changes hands electronically than in currency. The electronic funds transfer network is an inviting target but has remained very secure. Hackers will generally target easier systems. Criminals have found a variety of interesting ways to use computers to facilitate their access to financial information. They intercept bank card numbers and PIN numbers and acquire personal information, such as a Social Security number or mother's maiden name , and use this information to impersonate their victim to get access to their victim's accounts. This information can be converted directly into money.
Software PiracyTheft of software, or software piracy as it is called, is a major concern for companies who are in the business of producing commercial software. However, this is only one aspect of software theft; many organizations that do not produce software commercially still produce software for internal use. The production of this software is expensive and represents a large number of jobs. Often this software offers a competitive advantage to a company by being part of the organization's processes that make it more efficient, profitable, or unique. Other companies are hindered by the costs of producing comparable software. Many organizations' secrets are contained not only in the information they have, but are also imbedded in the software that they have created internally. Theft of an organization's proprietary software can disclose some of the organization's most private secrets. This theft may also deprive the organization of the ability to use the software if the original copy is destroyed in the process of the theft, leading to an inability to continue to do business.
Theft of software costs more than the cost of the software. It impacts the ability of the business to remain solvent and it affects jobs and people's lives. Theft of ResourcesTheft of resources may be difficult to prove to a court of law's satisfaction. There have been some cases where the hacker has been released because the prosecution was unable to prove the value of the lost resources. This is one of the hackers' favorite justifications. A hacker will say he is using only unused resources, and since they are spare and were not going to be used he did not actually steal anything since no one suffered any loss. There are many reasons that a hacker might have for wanting to use your resources. It is may be for personal gain, or to enable his hacking activities.
Compromising SystemsThe earliest illegal conduct was gaining access to systems without permission. Often these hackers think it's harmless since they usually don't "do" anything besides go in and look around. However, they do consume resources, such as network bandwidth and computing power, and can inadvertently cause damage. Most of the time hackers will leave a back door into the system so they can return at any time without concern for security measures. Compromised systems cost organizations even if the hacker did not cause any damage. The organizations have to spend resources determining the extent of the damage whether there is any damage or not. They have to determine how the system was compromised and repair the system to prevent further compromises. All of these activities take a great deal of time and manpower. Today, it is rare that a compromised system has no damage. Most hackers immediately apply a "rootkit" which changes the system's software so that it does not report the presence of the hacker or his tools. Even the most benign hackers want to "own" the system (i.e., to have super user privileges so they can completely control the system). Many of these are "collectors" wanting to "own" as many systems as possible to prove their power. These hackers may also have motives which are not as friendly.
Website VandalismWebsite vandalism has become the most visible of attacks. Dozen of websites are defaced daily. Stolen passwords account for most, but software vulnerabilities are also a significant cause. Compromised websites are often used as bragging rights. Both the number of sites and the visibility of the website are important to the prestige of the compromise. Sometimes website attacks are launching points to other systems or an attempt to compromise an e-commerce site, but most times defacing the website is the goal. Websites are generally selected because of the ability to exploit the system, but websites are also targeted because of their visibility or because of the organization whose site it is. Hactivism, which includes defacing websites of organizations with whom the hactivist has issues or posting political or social messages on compromised websites, is becoming more common. Website vandalism has been growing by leaps and bounds.
|
I l @ ve RuBoard |