Cracking the Hacker Mindset

Cracking the Hacker Mindset
In This Chapter

Understanding the enemy

Profiling hackers

Understanding why hackers do what they do

Examining how hackers go about their business
Before you start assessing the security of your own systems, it helps to
know something about the enemies you’re up against. Many information-
security product vendors and other professionals claim that you should
protect your systems from the bad guys — both internal and external. But
what does this mean? How do you know how these bad guys think and work?
Knowing what hackers want helps you understand how they work. Understanding
how they work helps you look at your information systems in a whole
new way. In this chapter, I describe what you’re up against, who’s actually
doing the hacking, and what their motivations and methods are so you’re
better prepared for your ethical hacking tests.
What You’re Up Against
Thanks to sensationalism, the definition of hacker has transformed from
harmless tinkerer to malicious criminal. Hackers often state that the general
public misunderstands them, which is mostly true. It’s easy to prejudge what
you don’t understand. Hackers can be classified by both their abilities and
underlying motivations. Some are skilled, and their motivations are benign;
they’re merely seeking more knowledge. At the other end of the spectrum,
hackers with malicious intent seek some form of personal gain. Unfortunately,
the negative aspects of hacking usually overshadow the positive aspects,
resulting in the stereotyping.
Historically, hackers have hacked for the pursuit of knowledge and the thrill
of the challenge. Script kiddies aside, hackers are adventurous and innovative
thinkers, and are always thinking about exploiting computer vulnerabilities.
(For more on script kiddies, see “Who Hacks,” later in this chapter.) They see
what others often overlook. They wonder what would happen if a cable were
unplugged, a switch were flipped, or lines of code were changed in a program.
These old-school hackers are like Tim the Toolman Taylor — Tim Allen’s character
on the late, great sitcom Home Improvement — thinking mechanical and
electronic devices can be improved if they’re “rewired.” More recent evidence
shows that many hackers are hacking for political, competitive, and even financial
purposes, so times are changing.
When they were growing up, hackers’ rivals were monsters and villains on
video game screens. Now hackers see their electronic foes as only that —
electronic. Hackers who perform malicious acts don’t really think about the
fact that human beings are behind the firewalls and Web applications they’re
attacking. They ignore that their actions often affect those human beings in
negative ways, such as jeopardizing their job security.
Hackers and the act of hacking drive the advancement of security technology.
After all, hackers don’t create security holes; they expose and exploit existing
holes in applications. Unfortunately, security technology advances don’t ward
off all hacker attacks, because hackers constantly search for new holes and
weaknesses. The only sure-fire way to keep the bad guys at bay is to use behavior
modification to change them into productive, well-adjusted members of
society. Good luck with that.
However you view the stereotypical hacker, one thing is certain: Some people
always will try to take down your computer systems through manual hacking
or by creating and launching automated worms and other malware. You must
take the appropriate steps to protect your systems against them.