Hackers, a need for cyber security

Pierluigi Paganini January 03, 2013

Ten years, that is the time interval that has totally changed the worldwide perception for the role of hacker, these specialists were once seen as shady individuals to avoid, today they are highly sought professionals in both private business and government sectors.

Which are the reasons for their success?

The world has acquired awareness on the risks related to the exploit of a vulnerability in any computing systems, no matter if we are speaking of our browser or of a SCADA system inside a nuclear plant, the damage could be serious and must be prevented. In the last decade, security community has assisted to a rapid evolution of technology which is not paid a rise in the level of application security. New paradigms have been adopted in the IT world such as mobile, cloud computing and social networks, millions of people and devices are connected to the network, a unique opportunity for groups of cyber criminals and state sponsored hackers.

Both categories of attackers, although motivated by deeply different intents, are skilled hackers, they are professionals that spend their time trying to discover vulnerabilities to exploit in any architecture. We have learnt that these vulnerabilities have a commercial value that intelligence agencies and private companies are willing to pay, their knowledge in fact could open the door to richest businesses.

The only way to prevent a cyber attack is try to think with the mind of an hacker, common persons that are able to watch a system under different perspective, in many cases we are speaking about inborn capabilities, but several enterprises and governments have discovered that is possible to exploit and target young talents for this delicate profession.

The trend is to hire young hackers due to their knowledge, hacking techniques you learn with practice and dedication, you have to be driven by passion and by the desire to compete with peers.

Hacking, how to play a video game

Just like in video games where you must complete a level to advance to the next one, in the same way, hackers try step by step to break the defense mechanisms of the target avoiding to be detected, but in a different way from what happened in the past, they are now aware of the economic value of their knowledge.

Hacking is a profitable work, these professionals have only to choose if they assume the role of good or bad, let consider that a hacker that sells a zero day vulnerability in the underground or that create an exploit pack can earn relatively easily several hundred thousand dollars. Zero day vulnerability is a basic component to create a powerful cyber weapon, it is the equivalent of uranium in the production of a nuclear weapon

Many hackers usually hide a dark past, the revaluation of the role of hackers represents a great opportunity to change road, to make a profit working in the legality, but is not so simple. The conventional crime is expanding its interests in cyberspace, cybercrime pays and is relatively less risky and complex to manage, but for a young hacker in countries where institutions are replaced by the organized crime is difficult to escape the control of powerful and dangerous organizations that have set up the parallel economies.

To distinguish the various categories of hackers the global security community has coined the following terms:

  • Black hat – A “black hat” hacker is a hacker who “violates computer security for little reason beyond maliciousness or for personal gain” (Moore, 2005).
  • White hat – refers to an ethical hacker, or a IT security expert, specialized in penetration testing, vulnerability assessment and other testing methodologies to measure and ensure the security of an IT infrastructure..
  • Grey hat – A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee. (Wikipedia)

Hackers and legality

Figure hacker is controversial, today practically every private company is ready to forget his past illegality, sometimes more problems they had in the past with Justice the more credit is provided them. Rehabilitation of hackers raises serious concerns but it is a valid opportunity for external collaborations, a hacker could be hired to try to test security measures of a target architecture or they could be employed to train internal personnel, this second option is often adopted by governments that desire to create new cyber units. US governments, but also British and Chinese ones collaborate with external hackers to form their cyber armies.

Private and public sector agree on the need to know the techniques used by hackers to protect their assets, but hire an hacker is not prudent, the best option is represented by renting of hacking services typically provided by specialized companies.

Hackers represent a precious source mainly for law enforcement and secret services that in the years have infiltrated the underground world of computer hackers, according to a row estimation one in four hackers secretly reports to the authorities on their peers. The collaboration is profitable, intelligence agencies and law enforcement work with hackers to map underground hacker communities and acquire useful information on new techniques of attacks, on the sale of malicious code and on the arranging of coordinated cyber attacks.

The most famous case of collaboration between law enforcement and the hacker is the case of Adrian Lamo, the hacker who revealed that Bradley Manning provided secret documentation to WikiLeaks. In many cases, the same hackers manage hacking forum to attract peers and acquire information to pass to law enforcement and to acquire a sort of immunity, the technique, for example, had been useful to track cyber terrorist cell in homeland security context.

Eric Corley who publishes the 2600: The Hacker Quarterly, an American publication that specializes in publishing technical information and news concerning the computer “underground”, has estimated that 25% of US hackers work for federal authorities.

John Young, the creator of Cryptome, added:

“It makes for very tense relationships,” “There are dozens and dozens of hackers who have been shopped by people they thought they trusted.”

Today is known that FBI and other intelligence agencies are trying to infiltrate the group of hacktivists such Anonymous to prevent the attacks of the dangerous collective. Kevin Poulsen from Wired magazine believes that the collective has been already infiltrated, he declared:

 “We have already begun to see Anonymous members attack each other and out each other’s IP addresses. That’s the first step towards being susceptible to the FBI.”

FBI is making anaard work with its cyber units cooperating with underground hackers to catch any useful information from forums and social networks, it’s practically impossible to distinguish hackers from informant and agents.

The elements provided and the considerations made on the role of hackers have demonstrated how much useful is the figure of hacker for any sector, their contribute is precious in cyber warfare scenarios as in private enterprise…in the future the importance will be increasingly.

[adrotate banner=”9″] [adrotate banner=”12″]  

Pierluigi Paganini

(Security Affairs – hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment