[BreachExchange] How to read a cyber hacker’s mind

Fri Feb 10 19:15:19 EST 2017

http://federalnewsradio.com/tom-temin-commentary/2017/02/
read-cyber-hackers-mind/

On the dark web, the undesirables devour one another.

The internet enthusiast press is full of stories about an incident in
recent days in which a hacker group invaded a dark web server and withdrew
dozens of gigabytes of data.

The term “dark web” brings a certain horror-movie sense. In reality, the
dark web is right on the same internet over which you’re reading. I’m
oversimplifying here, but essentially the dark part consists of encrypted
channels between a collection of thousands of servers accessible only by
the anonymizing Tor web browser. Your basic Google search won’t turn up
anything on the dark web because material there is designed to be immune to
indexing. But with a little fiddling, anyone can access it.

By hiding, hosts on the dark web can host things people wouldn’t dare host
on the surface web. Like child pornography or human trafficking networks.
Illegal weapons or drug sales. Stolen data offered for sale to organized
identity thieves. Basically, it’s the bad neighborhood with street signs
you can only read with special glasses. But it’s a big neighborhood.

What happened is this, and I’m summarizing from this account (
http://thehackernews.com/2017/02/dark-web-hosting-hacked.html) from The
Hacker News, which had it days before the mainstream press. Someone from
that wild and wacky group, Anonymous, hacked into a large dark web host
known as Freedom Hosting II. People who follow these things estimate FH II
hosts as much as 20 percent of everything on the dark web. Anonymous
defaced many hosted sites it claimed contained child pornography in
contradiction to Freedom Hosting II’s stated policy. The anonymous hacker
exfiltrated the data and encrypted it for a token ransom.

Hackers aren’t very nice to the hacked, and this case was no exception. The
boastful message left for those sites from which data was taken and access
denied show an exquisite blend of arrogance, moral superiority, and
intellectual vanity. Just about how Edward Snowden comes across — a caped
crusader with programming skills.

The yang to Snowden’s yin might be oddball Harold Martin, now under
indictment for taking and keeping at home and in his car 50 terabytes of
secret data from the National Security Agency over a nearly 20-year period.
No one knows for sure if he did anything with the data. According to one
published report, Martin’s public defender lawyer describes him as simply a
patriot suffering from a hoarding disorder.

By contrast, money-motivated attackers, or those working on behalf of
economic or military competitors who want to intellectual content, are apt
to try and leave no trace.

This makes me wonder if perhaps understanding hackers’ various psychologies
might somehow influence an organization’s approach to cyber protection.

Turns out I’m not the first to have this question. A simple search of
“understanding hacker psychology” turns up lots of work done on this topic.
It shows malicious hackers don’t all fit into any easy buckets. Only some
fit whatever stereotype you like best — Eastern European gangster,
boxers-wearing basement dweller or disaffected middle-aged loner. Probably
serial killers have more in common than people who break computer systems
for fun, revenge or profit.

In a 2015 SANS Institute paper, Sean Atkinson describes the use of forensic
psychology and behavioral analysis for better incident response. It has a
nice summary of the types and their characteristics — script kiddie,
malicious insider, activist, spy or organized criminal.

If you’re responsible for cybersecurity — and in some sense, we all are —
be aware of how many possible motivations there might be for those coming
at you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170210/42dd2b13/attachment.html>