Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Wednesday, 13 March 2013
Hacker Traits
The word Hacker has different meanings to different people. Part of the problem is that they can be classified in different ways depending on the research intent, point of view, and desired use. Psychologists may need to classify them according to motivation, law enforcement may classify them according to damage inflicted, or security experts may classify them by skill level. Rogers noted the problem for researchers attempting to study hackers and tried to consolidate many theories by categorizing hackers in his work A New Hacker Taxonomy. His proposed taxonomy divides hackers into seven categories according to their technical abilities (Rogers, 2003a). Rogers noted previous methods for categorizing hackers such as “…a classification system based on the activities the hacker was involved in” or “…hacker’s activities, their prowess at hacking, their knowledge, motivation, and how long they had been hacking” (Rogers, 2003a). Even the hacking community has its own “loose hierarchy” (Rogers, 2003a). Rathmell classifies attackers into three categories, “…hackers, criminals and politically motivated sub-state groups” (Rathmell, 1997). He further divides the hacker category into amateurs and professionals differentiating the two based on their background and motivation. (Rathmell, 1997)
Although many different types of hackers exist, with different motives, skills and outcomes, "Hackers say they are particularly concerned that computer security professionals and system managers do not appear to understand hackers or be interested in their concerns. Hackers say that system managers treat them like enemies and criminals, rather than as potential helpers in their task of making their systems secure. (Denning, 1990)
The military has been concerned with any entity that attempts to penetrate the network or its resources without the proper authority. Schneier verbalizes the concerns. "I don’t buy the defense that a hacker just broke in a system to look around, and didn’t do any damage. Some systems are fragile, and simply looking around can inadvertently cause damage. And once an unauthorized person has been inside a system, you can’t trust its integrity. You don’t know that the intruder didn’t touch anything. (Schneier, 2000) In the past, the importance of learning and knowing about hackers has been to prevent them from gaining access to systems and programs and when they do get in, being able to find and remove them, and patch the holes they breached and any they created, and restore any data or systems that were damaged. Nissenbaum provides a definition of the hack that sums up what the military is concerned with, “To hack was to find a way, any way that worked, to make something happen, solve the problem, invent the next thrill” (Nissenbaum, 2004). In general, these attackers have some general characteristics; however, the attackers’ motivation and skill level may be useful in predicting what type of data and systems the attacker might target, what he may do with the data once access is gained, and what exploits and tactics he may use.
For our purposes and the sake of simplicity, we will differentiate between three types of attackers: hackers, crackers, and cyber terrorists. The purpose here includes identifying motives, skill level, and threat level. Hackers like to consider themselves social activists, fighting for the first and fourth amendments, encouraging system administrators, and programmers to better protect their networks and software, respectively. “… one hacker says that the ease of breaking into a system reveals a lack of caring on the part of the system manager to protect user and company assets, or failure on the part of vendors to warn managers about the vulnerabilities of their systems” (Denning, 1990).
“Hackers say that system managers treat them like enemies and criminals, rather than as potential helpers in their task of making their systems secure” (Denning, 1990). Hackers do break into systems but not for gain beyond demonstrating their skills to be able to break in. They rarely steal, copy or destroy data, unless that makes their point, as in a web site hack. Their intent is to prove to others within and external to their community that they can beat the security that is in place. This type of hacker is actually offended by those they refer to as crackers. Crackers are those who break into systems, not for the enjoyment and challenge it provides, but to steal, copy or damage data to incur financial gain for themselves. “Hackers say they are outraged when other hackers cause damage or use resources that would be missed, even if the results are unintentional and due to incompetence” (Denning, 1990).
Some of these motivations include doing something illegal just to do it, escape from reality, to cause harm, lack of consequences, the anonymity of it, because it feels good, or because they are bored (Jordan & Taylor, 1998). Another noteworthy reason not
often cited is because “[Hackers] want to help system managers make their systems more secure” (Denning, 1990).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment