Portrait of Hackers

In order to properly defend against an attacker, one should understand the profile and motivation of the potential attackers that stand against you. Here is a brief profile of persons that are against you (you can use these profiles in internal training)

Hacker wannabes

  • Age - Younger teens, 13-17.
  • Gender - mostly male
  • Expertise level - After watching a lot of movies and knowing how to bypass the parental control on their browser, they like to think of themselves as hackers.
  • Motive - They openly brag about their abilities and hope to achieve some social popularity through their skills
  • Posture towards their skills - They openly brag about their abilities and hope to achieve some social popularity through their skills.
  • Tools - In their actual hacking efforts they rely on howto's and "for dummies" books, and usually use prepackaged and downloaded attack tools to perform their "hacks".
  • Organization - acting mostly individually
  • Threat level - LOW - because they are employing standard prepackaged tools, even automatic defences (firewalls, IPS) will deflect such attacks. All it takes is an up-to-date protection system

Hackers

  • Age - Older teens and young people (16-25)
  • Gender - even distribution between both genders
  • Expertise level - strong expertise in programming, TCP/IP protocols and operating systems. Regularly updating their knowledge through advisories and exercising on real or demo targets. Some posses good social skills (social engineering).
  • Motive - Identifying vulnerabilities so they can be remedied. In certain cases, uncovering or making available to general public of corporate secrets for ethical reasons.
  • Posture towards their skills - Very proud of their knowledge, and sharing with a limited group. They know the risks they take is present, since their targets may not always appreciate the efforts.
  • Tools - Any number of off-the-shelf products always combined with custom written flexible code, viruses or worms.
  • Organization - They tend to be organized in loose groups similar to guerrilla squadrons, but while the group works for a common interest, it's still every man for himself. Very often petty squabbles emerge in these groups and there is a large human resource rotation (some leaving, other joining).
  • Threat level - HIGH - with broad knowledge and customized attacks, they can defeat some automatic defences (firewalls, IPS). Additional levels of protection are needed, regular patching, employee education especially against social engineering, as well as good audit trail log and review.

Criminal Hackers (crackers)

  • Age - Varies from older teens to middle-age (17-45)
  • Gender - even distribution between both genders
  • Expertise level - strong expertise in programming, TCP/IP protocols and operating systems. Regularly updating their knowledge through advisories and exercising on real targets. Some posses good social skills (social engineering).
  • Motive - Financial gain through crime or politically motivated disruption.
  • Posture towards their skills - Very secretive of their knowledge, not sharing with anyone. They know the risk they take is large, and that should they be discovered their victims will go after them with a vengeance.
  • Tools - Any number of off-the-shelf products always combined with custom written flexible code, viruses or worms.
  • Organization - Can act individually or in an organized criminal group.
  • Threat level - VERY HIGH - since they have criminal motives as well as broad knowledge and customized attacks, they will use multiple criminal vectors in parallel or to support each other. They will most frequently act as customers to gain access and trust and collect information on weaknesses. To protect against them, a full collaboration of physical and IT security is needed. Also, employee education and segregation of duties assist in mitigating these attacks.

Disgruntled IT personnel

  • Age - Varies from young persons to middle-age (25-50)
  • Gender - mostly male
  • Expertise level - strong expertise in one area (programming, TCP/IP protocols or operating systems). Knowledge of other areas. Insider knowledge of systems and pass codes. Updating their knowledge of current infrastructure
  • Motive - Financial gain through crime or dissatisfaction motivated disruption.
  • Posture towards their skills - Skills are generally well known within the company. No effort to conceal them, since it's in their job description.
  • Tools - All internally available tools for their everyday work, any number of off-the-shelf products always combined with custom written flexible code, viruses or worms.
  • Organization - Usually act individually. It is very unlikely that several IT persons are engaged in the same disruption.
  • Threat level - VERY HIGH - by default they have unlimited or very broad access, so the most difficult part of the attacker job is done for them. There is no foolproof technical solution for protection from these attackers. A good audit trail which is not administered by the Sysadmins helps significantly. Also, HR and line managers must be trained to identify employee dissatisfaction and to react in time to possible negative breaches.

Related posts

8 Tips for Securing from the Security experts

Control Delegated Responsibility

Talkback and comments are most welcome

2 comments:

paan said...

how about this?
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/14/BAOS11P1M5.DTL&tsp=1

what's not stated in the report is that the guyis actually the goto geek there and he doesn't allow anyone in the network because apparently he thinks that most of them don't know what they are doing and he's afraid they' mess up the system..

the irony of this is that a lot of us sort of know how he feels and more often than not he is right and the other people ARE idiot and they ARE going to mess the system up...

so, which category does he falls into?

Bozidar Spirovski said...

Definitely the last one. I've been a personal witness of much the same scenario, but the person who did it wasn't blackmailing anyone, he just wanted a revenge because he did not get promoted when he thought he should.
There is no excuse for proper organization of network management and proper expertise of the admins - this is a mistake of management.
But the person who locked out everyone out of the network is both unethical and unprofessional. Regardless of his level of expertise, he has been given the trust and confidence to operate this network. Abusing this trust should never happen, because now no-one will trust the other admins for a long time.

Designed by Posicionamiento Web