Unmasked: the six hacker ‘tribes’ you need to avoid

Hackers fall into one of six tribes: secret agents, voyeurs, hacktivists, white hats, glory hunters and cyber thieves

 

Defending yourself against cyber threats can sometimes seem like an impossible task, but knowing what you’re up against is a good place to start.

Cyber security firm Cloudmark has identified six different hacker « tribes », each of which has their own “typical” attributes such as background, location, methods, motivations and potential targets.

By understanding the personalities and the methods these hackers use, as well as countermeasures across the board, businesses and individuals will be better placed to protect against them.

Here, The Telegraph offers a breakdown of each of the different tribes, according to Cloudmark, and provides a glimpse of what could be coming next:

1. The Secret Agent

Age demographic: Young and middle-aged male

Geographical location: Camp Williams, Utah. Cheltenham, UK. Beijing, China. Moscow, Russia.

Target organisations: Government, defence, energy, pharmaceuticals, individual dissidents, and private communications.

Motivation: International politics, high value trade secrets and intellectual property

The secret agent is employed by a nation state to spy on individuals, companies and governments. Commercial and military information hold the same value to the modern secret agent, although the sheer volume of data is often more important than the quality. In most cases secret agents gather information that can be shared, but they have been known to commit acts of sabotage and cyber warfare.

Methods: Zero day vulnerabilities, spear phishing, generic and custom malware, advanced persistent threats. For example, in a zero day exploit, the secret agent will look for a hole in software that is unknown to the publisher or users of that software. This hole can then be exploited within a certain time frame before the publisher becomes aware of it and works to plug the gap. Meanwhile, the attack can be used to send malware, spyware or grant access to user information.

Real-life examples: Stuxnet, Sandworm, Regin Malware

Countermeasures: Strong encryption, data segregation on a need to know basis, network monitoring for data exfiltration and advanced persistent threat (APT) activity.

2. The Voyeur

Age demographic: Young males

Geographical location: US, Western Europe

Target organisations: Female celebrities, women in general

Motivation: Sex, sexism and bragging rights

The voyeur will look to own sexually explicit images of naked women and female celebrities without consent. If the picture was not intended for publication, this often adds to the image’s appeal. Typically young, male and lacking in morals, the voyeur may use a variety of techniques to hack into private cloud storage in the hope of finding such images. There are also voyeurs who will attempt to groom, persuade and dupe women into sharing their private photos. Once the images are in their hands, the voyeur will seek to contribute images to porn websites or revenge porn websites featuring photos of other women. These images are then open to be shared by others, spreading to multiple sites.

Methods: Phishing and dictionary attacks on cloud storage accounts. In a dictionary attack, the voyeur will run a program to try logging into an account with every word in the dictionary in turn, as well as popular passwords like “password123” and “qwertyuiop”.

Real-life examples: The Fappening, revenge porn, cyber bullying.

Countermeasures: Use strong passwords, be careful about what you place in cloud storage and make sure that anyone you share personal pictures or videos with is ethical and security conscious. Don’t rely on ephemeral messaging services to delete your messages.

 

3. The Hacktivist

Age demographic: Young males, with a few females

Geographical location: North America, Western Europe, Middle East

Target organisations: Government, law enforcement, big business, media

Motivation: Personal politics and/or ethics. The hacktivist will target those that they see as doing wrong or something immoral and will aim to expose or embarrass their perpetrator.

Hacktivists often work in groups where mutual reinforcement will convince them that they are righteous in their actions. However, hacktivists are not in for the long run and will refocus their attention to the next hack quickly. There are different forms of hacktivism. Some whistle blowers are hacktivists who take action to lift the lid on what they consider to be unjust, targeting employers, the military or secret government initiatives.

Methods: DDoS attacks, publication of stolen data, defacing web sites, DNS hijacking. In a recent DNS hijacking attack, the Syrian Electronic Army managed to redirect the DNS records for Gigya, a service used by a number of leading news websites. Visitors to those websites then saw a popup notice saying they had been hacked by the SEA.

Real-life examples: Anonymous, Syrian Electronic Army, LulzSecEdward Snowden.

Countermeasures: Good corporate ethics, DDoS protection, DNS security, penetration testing, law enforcement.

 

4. The White Hat

Age demographic: Young and middle-aged male

Geographical location: North America, Western Europe

Target organisation: Social networks, popular websites, large businesses

Motivation: Improving Internet security, bragging rights.

A security researcher or White Hat hacker may want to find the vulnerabilities in your system, mostly to show you how much smarter than you they are. What happens next can vary widely, but these days most researchers will follow the rules of responsible disclosure, which means they will tell you and give you a chance to fix the problem before they tell anyone else.

Methods: Finding and potentially publishing vulnerabilities in your systems. This can be by inspection of code (if it is open source), reverse engineering protocols, fuzzing, and generally doing things that the developers of the software weren’t expecting.

Real life examples: Dan Kaminsky, Andrew Auernheimer aka Weev, Alex Holden.

Countermeasures: Rapid response when notified of a bug, automated updates of installed software. You can help this along by having a generous bug bounty program that gives cash rewards for people who report bugs. For example, Google’s top bug bounty is $15,000.

 

5. The Glory Hunter

Age demographic: Young male

Geographical location: North America, Western Europe

Target organisation: Gaming companies, insecure web sites, anything that will get attention

Motivation: Bragging rights.

The Glory Hunter would like to be a White Hat security researcher but they are not smart enough, so they concentrate on brute force DDoS attacks and exploiting simple known vulnerabilities. This is the cyber equivalent of attacking a plate glass window with a sledge hammer and claiming you have found a vulnerability in the building. Luckily they are not smart enough for good operations security, either, so the more annoying ones end up in prison.

Methods: DDoS attacks, SQL Injection, defacing websites, publishing stolen data, DNS hijacking. The DDoS attack that Sean McDonough used on Spamhaus involved DNS amplification, where open DNS resolvers and IP address spoofing are used to direct a large amount of Internet traffic at a single IP address.

Real life examples: Lizard Squad, Sean McDonough, zone-h.org.

Countermeasures: DDoS protection, DNS security, penetration testing, law enforcement

 

6. The Cyber Thief

Age demographic: Young male

Geographical location: Russia, Nigeria, China, everywhere

Target organisation: Retail businesses, large and small enterprises, individuals, banks

Motivation: The cyber thief is purely money motivated and is simply trying to make a living by stealing resources or money. There are multiple ways to do this, from bombarding the world with spam selling fake viagra to stealing credit card data. On many occasions the first act of cybercrime will be to send email phishing spam.

Methods: Phishing, malware, ransomware, extortion, con tricks, social engineering, identity theft, forgery, credit card theft, spam. The fastest growing cybercrime sector at the moment seems to be ransomware, in which a victim is tricked by a spam email or malicious web site into installing malware which encrypts all the data files on their computer and charges a ransom, usually in bitcoins, to decrypt them.

Real life examples: Albert Gonzalez, Igor Gusev, Evgeniy Bogachev

Countermeasures: Messaging security, anti-virus software, a healthy dose of scepticism.

 

Read more: http://www.telegraph.co.uk/technology/internet-security/11568376/Unmasked-the-six-hacker-tribes-you-need-to-watch-out-for.html

Cyber Crime, La cyber-sécurité, Mises à jour et nouvelles de l'industrie