We've Been Published!
Nick Espinosa recently wrote an article for SmartFile
Herding Cats: Understanding the Hacker Mentality
In my line of work, we see breaches and attacks constantly. Sometimes they’re minor intrusions and sometimes they’re so large it can effectively put an organization or institution out of business. Attack methods vary, as do the results, however, the universal constant in all attacks is the damage to the psyche of the business or organization hit.
Leadership fears the loss of sensitive data, as well as more frequent attacks; and employees may begin to distrust the network they’re using if the breach is big enough. Inevitably, when we are called into fix the breach, we always (literally, I mean always) get the same question, “Who would do something like this?”
I’m writing this to answer that very question and help you understand the hacker mentality.
Hackers are a diverse community, coming from all corners of the globe and all backgrounds. There are rich hackers, poor hackers, serious hackers and silly hackers and every one of them holds every kind of political and social belief you can think of.
Imagine 10 people stuck in an elevator and one person says, “I think candidate X (feel free to insert the lesser of two political evils here) is the best possible choice for president this election.” The ensuing close-quarters argument between 10 people with 10 different opinions will soon rage out of control. With hackers, the only real difference is that most of them will actually go beyond the argument and attack the candidate that is the greater evil. Or both if they’re that motivated.
To help you understand the hacker mentality, I’ve tried to be as complete as I can when breaking down the different types of hackers in this diverse community. Some may fit into more than one category, although the vast majority easily fit into one, and there will always be a few outliers within the system that have their own motivations. So, let’s begin!
This is, perhaps, the most public group of hackers out there. As the name implies, they’re hacker activists, who believe in a cause usually relating to some form of social justice. The most well-known example of this is the group Anonymous. This group has hacked and broken into systems in the name of furthering transparency and social justice. They’re able to call upon large numbers of hackers and affiliates to join together and attack targets they deem a negative influence in the world.
In 2008, Anonymous launched Project Chanology, which was an online attack directed at the technological infrastructure of the Church of Scientology. The church had tried to forcefully remove an interview of their highest profile member, Tom Cruise, from the internet and sued YouTube. Anonymous was able to collectively attack the Church with Directed Denial-of-Service (DDoS) attacks, black faxes, automated prank calls and other forms of mischief, all of which hinder the Church’s ability to operate.
Anonymous has been very active since then, hitting other institutions in the name of social justice and data freedom. They hit Zimbabwe’s government over their stance on censorship of Wikileaks documents. They launched “Operation India” to support a civil rights movement there. They launched “Operation DarkNet” to combat child pornography and took down 40 child porn sites getting 190 pedophiles arrested in the process. More recently, they’ve gone after the police force in Ferguson, Missouri, and declared war on ISIS and Syria. This is a group that has a core membership dedicated to their beliefs and causes. They are the quintessential hacktivist group. Love them or hate them, they do affect change in society and that is exactly what they strive for.
The "Mount Everest" Hacker
This is a term I use to explain myself at 14-15 years old, though I believe it fits many hackers out there. Why does one climb a mountain? The patent answer: because it’s there! When I was a teenager, I was your typical nerd when it came to computers and networks. I wanted to know literally everything about technology and what it could do.
I began hacking and penetration testing at this age. I wasn’t interested in harming anyone or institution, nor did I want to cause damage. I just wanted to know if I could do it. There are many hackers out there today that are looking for the Mount Everest of hacks just to see if they could do it.
A brilliant 15-year-old hacker named Cosmo was able to effectively bypass Google’s entire two-factor authentication (2FA) system and gain control of the Google accounts of some fairly large tech industry players. While Cosmo and his hacker group UGNazi often had malicious intentions, like stealing credit cards and other similar hacks, there was also an element of climbing the tallest mountain. Google’s 2FA system, given that it services hundreds of millions of users worldwide, is viewed as a Mount Everest level hack. This earned Cosmo a new title: Cosmo the God.
The Hired Gun
What many do not understand about the Dark Web is that a virtual arms bazaar exists for malware, malicious code and other “weapons” that anyone with a little bit of knowledge can purchase and use for their own, usually nefarious, purposes. Naturally, this inevitably leads to hackers marketing their skills online. If I don’t have the requisite skills to accomplish a hack or attack against my target, I can pay someone who will gladly do it for me.
I have seen advertisements that will allow me to hire someone to: break into a Facebook or other social media accounts, disrupt systems of a business or institution, steal data, fake or plant incriminating evidence against someone, up to and including child pornography. The Russian Mob is the largest supplier and employer of hired guns, as well as a ton of malicious code for sale. Recently, they were even able to break Oracle’s MICROS point-of-sale systems to live-capture credit card data as cards are being swiped. This type of hacker is one of the most dangerous, because ethics and scruples are left at the door. If they’re doing their job right, they’re very hard to trace and identify when they’ve breached a system.
This type of hacker is a total nightmare for companies and organizations because it doesn’t have to include actual hackers. As the title implies, this type encompasses anyone who feels they have been wronged in some way, usually by their employer. These are the people who will bring the flash drive to work to copy sensitive files before they’re let go, change passwords to lock personnel out of systems, destroy or delete data and backups, and generally cause aggravation and strife for everyone around them.
This type is fifty times worse when it’s the IT person being let go who feels wronged. He or she has the proverbial keys to the kingdom in that they have administrative access to the network, know all the passwords, can change things at will, and even embed software into the network to create havoc or give the employee remote access after they’re fired.
Recently, an IT admin in Texas deleted a slew of files from his former employer’s infrastructureand was caught. He’s now facing felony charges. Reddit has an entire section dedicated tocompany takedowns and the stories are amazing. One of the most critical things we do for our new clients is secure their systems away from their previous IT personnel or provider. It is often far too tempting for people with both knowledge and anger to keep their emotions in check; the results can be disastrous.
The White Hat
This is a category that many hackers, including myself, evolve into. Basically, this is the hacker that wants to ply their trade for what they believe is the greater good; helping others out. Cybersecurity companies are full of White Hats who are constantly, like every other hacker, developing new methods and techniques for hacking into systems. The difference, though, is that a White Hat will disclose to the general public the vulnerabilities they discover so that regular companies can defend themselves and technology companies can update their products.
There is an entire industry promoting and advertising to hackers in an attempt to turn into White Hats. Tech companies offer “Bug Bounties” to hackers for finding and disclosing vulnerabilities in their products. Usually there is a reward of recognition, swag and sometimes money if the hack is important enough. Typically, a White Hat hacker will discover a vulnerability, disclose it to the tech company who owns the product and then, after a grace period which allows the tech company to patch or fix the issue, they’ll disclose the vulnerability to the general public through one of the many public sites that collect this kind of information.
White Hats sometimes have a hard road to walk. Those that first left communities that are notorious for shunning those who don’t adhere to some kind of anarchy is tough. They essentially become “The Man” and can no longer be trusted. It can also be tough to leave the risk and excitement of breaking the law behind, or the access to easy money for some (hackers tend to not pay taxes on their income as it’s all unreported).
Bonus Type: The Government Employee
No, I’m not talking about the person punching the clock at your local DMV. I’m talking about major governments creating, sustaining and growing their own hacker teams and collectives. The NSA, for example, is probably the largest group of hackers dedicated to espionage and spying on the planet.
These large institutions have the resources to create and pull off some of the most spectacular and precise hacks ever. Recently, I wrote an article that included a joint operation between CIA and Israel to take out Iran’s secret nuclear program in the mid to late 2000s.
Their infection, known as Stuxnet, was so precise that the Iranians had no idea they were hacked until it was far too late. The NSA pioneered hacking the BIOS in a computer by inserting code directly into the hardware platform to capture data. This means that you can wipe out and reinstall all data and the operating system in the computer and the infection will remain.
Since they’ve created this, other hacker teams have caught up and now hardware infections are becoming more prevalent. Other governments have large dedicated divisions that spend their time trying to break into other government network infrastructures. China’s “Unit 61398” has been alleged to have broken into large corporations and government facilities in the USA and has been indicted by the US Department of Justice over these crimes. The North Korean funded “Guardians of Peace” (GOP) were identified as the culprits who broke into Sony and stole movies and other intellectual property.
There is great appeal for a hacker to join their government’s cyberwarfare outfit. Aside from the fact that it’s incredibly interesting work, these hackers are given a job where they can ply their trade without fear of arrest and also are given virtually unlimited resources in terms of bandwidth, computing power and electricity. Aside from the pay, which is decent but nowhere near what a good Hired Gun can make, and potentially spying on their own citizens (think Edward Snowden here) there are no real downsides here beyond working for “The Man.”
Know Thy Self, Know Thy Enemy
With any diverse population, you will find all types, including those who are excellent at playing their craft and those who are not. What you cannot say, though, is that the work of a hacker is dull even though the attacks themselves are usually pretty easy to execute and can be rather mundane in execution. For example, hacking WiFi passwords may seem sexy in the movies but if you want to see how it’s actually done, drink a gallon of caffeine to stay awake and watch this video.
Concluding thoughts on the hacker mentality: diverse group, good and bad guys, governments are majors players and make sure to fire your IT person the right way!
See other publications Nick has written or been quoted in at: BSSi2 In The News