Do you know what kind of hacker is hitting the companies’ access to the internet? It could range from the run of the mill script kiddy to the more elite and interesting corporate intellectual property thief. It is important to know, because this will help you arrange your corporate defenses better.
Most script kiddies unless they have some special zero day that no one knows about is only going to get in because someone at the office made a mistake. Most of the more stealthy intruders are probably already working on your network or on someone’s laptop so you won’t even know that they are there. But there are important differences in how hackers and the threat they represent.
One of the more important projects in profiling hackers is the Hackers Profiling Project that is a formal academic level interview/questionnaire on line that people who are really hackers (if you are not a hacker, don’t worry about taking the survey) and what they really think. There are some that think that this kind of process is a waste of time, which is unfortunate as profiling has helped catch some of the more interesting criminals worldwide. Even folks as important to the field as HD Moore do not agree with the idea of the project.
The truth though is that profiling has worked, and the closer we get to the criminal mind, the more we understand what they do, why they do it, and how best to counteract their influences. One way of looking at this is that we are continually at “cyber war” or “war” with a group of people who want into our networks to do what they want to do. If you read Sun Tsu, who in the part of war pointed out that:
He will win who knows when to fight and when not to fight. He will win who knows how to handle both superior and inferior forces. He will win whose army is animated by the same spirit throughout all its ranks. He will win who, prepared himself, waits to take the enemy unprepared. He will win who has military capacity and is not interfered with by the sovereign. Source: Sun Tsu
And while we might be nationally unprepared or under prepared for a cyberwar (we need many more security people to come into the field, and the really good ones, not ones chasing agendas) the Hacker Profiling Project might be one way to start to understand why people do some of the things that they do when they are on the internet. We profile serial killers and all sorts of other socially abnormal people, we should be doing something similar to this for hackers, and the good thing is that we are.
Some of the data has been released, but not enough to be of use to a business office or company yet. However, once it is in usable form (and you might want to ask them for what they have to date anyways) this should help businesses and law enforcement understand the underlying motivations for hackers and why they do the things they do. They are not all bored teenagers; they run the range of kids to old adults, from want to have fun to want to make money. The more you know the better decisions you will be able to make at home and at the company to secure the networks against attack.