Wednesday, 13 March 2013

Hacker Traits

The word Hacker has different meanings to different people. Part of the problem is that they can be classified in different ways depending on the research intent, point of view, and desired use. Psychologists may need to classify them according to motivation, law enforcement may classify them according to damage inflicted, or security experts may classify them by skill level. Rogers noted the problem for researchers attempting to study hackers and tried to consolidate many theories by categorizing hackers in his work A New Hacker Taxonomy. His proposed taxonomy divides hackers into seven categories according to their technical abilities (Rogers, 2003a). Rogers noted previous methods for categorizing hackers such as “…a classification system based on the activities the hacker was involved in” or “…hacker’s activities, their prowess at hacking, their knowledge, motivation, and how long they had been hacking” (Rogers, 2003a). Even the hacking community has its own “loose hierarchy” (Rogers, 2003a). Rathmell classifies attackers into three categories, “…hackers, criminals and politically motivated sub-state groups” (Rathmell, 1997). He further divides the hacker category into amateurs and professionals differentiating the two based on their background and motivation. (Rathmell, 1997) Although many different types of hackers exist, with different motives, skills and outcomes, "Hackers say they are particularly concerned that computer security professionals and system managers do not appear to understand hackers or be interested in their concerns. Hackers say that system managers treat them like enemies and criminals, rather than as potential helpers in their task of making their systems secure. (Denning, 1990) The military has been concerned with any entity that attempts to penetrate the network or its resources without the proper authority. Schneier verbalizes the concerns. "I don’t buy the defense that a hacker just broke in a system to look around, and didn’t do any damage. Some systems are fragile, and simply looking around can inadvertently cause damage. And once an unauthorized person has been inside a system, you can’t trust its integrity. You don’t know that the intruder didn’t touch anything. (Schneier, 2000) In the past, the importance of learning and knowing about hackers has been to prevent them from gaining access to systems and programs and when they do get in, being able to find and remove them, and patch the holes they breached and any they created, and restore any data or systems that were damaged. Nissenbaum provides a definition of the hack that sums up what the military is concerned with, “To hack was to find a way, any way that worked, to make something happen, solve the problem, invent the next thrill” (Nissenbaum, 2004). In general, these attackers have some general characteristics; however, the attackers’ motivation and skill level may be useful in predicting what type of data and systems the attacker might target, what he may do with the data once access is gained, and what exploits and tactics he may use. For our purposes and the sake of simplicity, we will differentiate between three types of attackers: hackers, crackers, and cyber terrorists. The purpose here includes identifying motives, skill level, and threat level. Hackers like to consider themselves social activists, fighting for the first and fourth amendments, encouraging system administrators, and programmers to better protect their networks and software, respectively. “… one hacker says that the ease of breaking into a system reveals a lack of caring on the part of the system manager to protect user and company assets, or failure on the part of vendors to warn managers about the vulnerabilities of their systems” (Denning, 1990). “Hackers say that system managers treat them like enemies and criminals, rather than as potential helpers in their task of making their systems secure” (Denning, 1990). Hackers do break into systems but not for gain beyond demonstrating their skills to be able to break in. They rarely steal, copy or destroy data, unless that makes their point, as in a web site hack. Their intent is to prove to others within and external to their community that they can beat the security that is in place. This type of hacker is actually offended by those they refer to as crackers. Crackers are those who break into systems, not for the enjoyment and challenge it provides, but to steal, copy or damage data to incur financial gain for themselves. “Hackers say they are outraged when other hackers cause damage or use resources that would be missed, even if the results are unintentional and due to incompetence” (Denning, 1990). Some of these motivations include doing something illegal just to do it, escape from reality, to cause harm, lack of consequences, the anonymity of it, because it feels good, or because they are bored (Jordan & Taylor, 1998). Another noteworthy reason not often cited is because “[Hackers] want to help system managers make their systems more secure” (Denning, 1990).

Information Security in Nigeria

The development and competitiveness of the information society and protection of privacy within it in Nigeria depends largely on the capacity to protect the nation's knowledge capital. The importance of information security has increased now that knowledge whether possessed by individuals or organizations has become an essential resource. Rapid Technology Development and the widespread use of Networked IT equipment has generated risks that are difficult to for see. AT the moment , it is even possible to paralyze central functions in society using information networks. As the nation becomes more dependent on technology and cyberspace, it becomes more important to protect and defend it and ensure its security and availability. "Although the importance of cyberspace to our nation is accepted, “… the healthy functioning of cyberspace is essential to our economy and our national security” (Bush,2003) Information security is understood to refer to protecting protection, services, systems and communication in whatever form with appropriate measures to manage the risks threatening them. Information security is a concept wider than the technical security of IT and communication technologies. Information security is considered to have been implemented when 1. the confidentiality 2 the integrity 3the availability of information are ensured. information security is a component of all functions of society. Seven mega trends affecting information security Globalization and global competition, promotion of integration and transparency expansion of network and interaction Greater emphasis on information as a factor of production, and increasing less balances distribution of competence and capital changes in working(life) rapidly changing technology and growing dependence on technology growing need for standardization and harmonized regulation changes in methods of doing business and in the related expectations The information security vision focuses on trust. trust indicates that information management and communication in society are functioning as they are expected to. The safe management and communication of information includes the production, storage , communication, use and deletion of information. At Cyberinfocts we guarantee a return on Information Security Investment contact us for you IT Security Solutions.