“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”Sun Tzu, The Art of War
In defending your systems against an attack, it is essential that you understand the enemy. Not all hackers want the same thing or have the same level of experience. Instead, hackerdom is made up of a variety of different groups, each with a different agenda and likely to launch a different type of attack. To mount a sound defense it is important to know what you can expect from each hacker type. There are vast differences, which determine both the strength and the probable consequences of an attack.
One thing that is important with all categories of hackers is that they are in communication with each other, particularly within categories. This means that there is an enormous amount of shared information. More experienced hackers develop tools and methods that are then taken up by less experienced hackers, and everyone shares passwords and access information. It is a true community. Information developed for any reason tends to be shared by all.
For the purposes of this series, we will break down the hacker community into five different types of actors:
5. Terrorists and infowarriors
In this piece we will look at the ‘benign’ hacker groups – the Kids and Crusaders, including the ‘Gurus,’ who act as a special type in the Crusader category. The malicious hackers found in the remaining three categories will be covered in our next article.
The Kids are the apprentices of the hacker community. Often called ‘script kiddies,’ they tend to be teens or pre-teens, hacking for the thrill of it rather than for a specific objective. They are armed with powerful tools and sensitive information left by more experienced operators, and they are avid consumers of hacking information in chat rooms, message areas, on bulletin boards and in online and offline publications.
The Kids can cause severe damage to corporate systems from accidents, by weakening security through leaving Trojans behind, and by executing complex payloads (the part of a virus designed to do actual damage) created by more experienced hackers.
It is important to realized that hacker tools, from ‘password busters’ to virus generators, are available for free on the internet, and they are constantly developing in power, sophistication and ease of use. This lowers the entry barrier, making it easier and easier for children to enter the arena. Because hacking is considered ‘cool’ and internet-connected computers are ubiquitous, the numbers of young hackers are likely to rise considerably in future. Nowadays, hacking at the entry level requires neither intelligence nor years of study, and Kid hackers evolve into the Crusaders and malicious hackers of the future.
The Crusaders, on the other hand, are an entirely different breed. These are serious professionals armed with extensive systems knowledge and an aptitude for cracking security. They are often the source of knowledge for others in the hacking community, disseminating information on common security holes and entry techniques, as well as developing tools used to launch attacks.
Despite serving as the fountain of hacking knowledge, Crusaders see themselves as a force for good. Many believe that they are performing a service in breaking into systems and publishing the results, because this will lead to security improvements and greater attention given to security implementation. Others are of the slightly more dangerous ‘information anarchist’ class, believing that all computer systems should be open and all information should be free. In either case, they are motivated by creeds that prevent them from causing actual damage to systems by releasing viruses or Trojans, damaging sites or stealing data themselves.
Crusaders are motivated in part by the desire to expand their own knowledge and prove their expertise. They are aided by experts who don’t hack themselves, but develop and share systems information for the same reasons.
Crusaders are dangerous both because their expertise permits them to attack a wide variety of systems, and because they publicize the security faults that they discover. Malicious hackers can then use the holes that they discover and publicize to enter systems for their own reasons. Worse, companies are often slow to correct faults, so publicized faults may persist for years in many systems on the internet, leaving them open to anyone who is aware of the fault and has the tools to exploit it.
Some of the better-known publications from this group include: 2600: The Hacker’s Quarterly, Masters of Deception and Phrack Magazine.
There are numerous others, and Crusaders also tend to be very active in online chat groups and on bulletin boards. There is a pecking order based on knowledge, and active participation in discussions is one way to establish credentials.
At the top of the pecking order are the Gurus, a particularly dangerous sub-category of Crusaders. True Gurus are rare, with only perhaps 50 existing in the world. They are experts in operating systems, applications and networking and able to break into any system, usually in a matter of minutes. They generally have more than 20 years of experience in computer systems, often with systems level programming experience. Among these individuals are those who know enough about how the internet operates to bring down any portion of it within just a few minutes.
Luckily, the Gurus, as a whole, do not tend to publish or discuss cracks and cracking techniques. Nor are they generally interested in breaking into systems themselves. They seldom need to, as they are now often employed as security consultants. If circumstances required, however, they could wreak major havoc with the entire network-connected computer environment. But then, their high profiles would also tend to make them immediate suspects.
The hacker groups we have discussed here are largely benign. The damage that they cause is mainly accidental, or a result of distributing information rather than the outcome of an evil agenda. But these groups feed, hide, and occasionally, become the cybercriminals that we will discuss next time.
Darren Thomas is a security expert at NetIQ Corp (www.netiq.com).