Profiling modern hackers: Hacktivists, criminals, and cyber spies
by Corey Nachreiner - Director of Security Strategy at WatchGuard - Thursday, 30 May 2013.
Sun Tzu, the renowned military strategist and author of The Art of War, was known for the saying, “Know thy enemy and known thyself, and you will not be imperiled in a hundred battles.” While the true intention of this quote is likely to remind us that knowing our own strengths and weaknesses is equally important to knowing those of your enemy, I can’t help but simplify it to the rudimentary, “know thy enemy.”

I suspect most security professionals, me included, spend much more time analyzing the technical and mechanical aspects of cyber crime than the social and psychological ones. We dissect attacker’s malware and exploit tools, analyze their code and exploit techniques, but don’t always study who they are and why they do what they do. According to General Tzu, this is a good way to lose many battles.

In order to better understand the nature of the cyber threat, security professionals need to act more like criminal investigators, and consider means, motive, and opportunity. We’ve got the means down (tools and techniques), but some of us may need to work a bit on motive. One of the ways to do that is to understand the different hacker profiles.

Over the last few years, the general hacker profiles and motives have changed quite a bit. We no longer live in a world of fame seeking hackers, script kiddies, and cyber criminals—there are some new kids on the block. It’s important for you to understand these motive and profile changes, since they dictate what different types of hackers are ultimately after, whom they target, and how they tend to do business. Knowing these things can be the key to helping your understand which of your resources and assets need the most protection, and how you might protect them.

With that in mind, I’d like to share some quick highlights about the three main type of attackers I think plague us today:

1. The Hacktivist

Simply put, hacktivists are politically motivated cyber attackers. We’re all familiar with traditional activists, including the more extreme ones. Over the past five years, activist have realized the power of the Internet, and have started using cyber attacks to get their political message across. A few examples of hacktivist groups include the infamous Anonymous, and the more recent Syrian Electronic Army. Most hacktivist groups tend to be decentralized and often not extremely organized. For instance, there can be cases where one factor of Anonymous may do things another factor doesn’t even agree with.

As disorganized as they may sound, these activist groups can cause significant problems for governments and businesses. They tend to rely on fairly basic, freely available “Skript Kiddie” tools. For instance, their most common weapon is a DDoS attack, using tools like HOIC or LOIC. However, the more advanced hacktivists also rely on web application attacks (like SQLi) to steal data from certain targets, with the goal of embarrassing them—something they like to call Doxing.

While hacktivists are arguably the least worrisome of today’s attackers, they still have succeeded in causing havoc for many big companies and governments. Since these hacktivist’s political agendas vary widely, even small businesses can find themselves a target depending on the business they are in or partnerships they have.

2. Cyber criminals

You’re probably most familiar with the cyber criminal hacker profile, since they’ve been around longer than the other two. This group’s motive is pretty obvious; to make money using any means necessary.

Cyber criminal groups can range from a few lone actors who are just out for themselves, to big cyber crime organizations, often financed and headed by traditional criminal organizations. They are the group of hackers responsible for stealing billions of dollars from consumers and businesses each year.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th