PRIVACY – Who are hackers and what do they want from you?
Pop culture would have us believe they live in dank basements, wear black leather from head to toe and have pseudonyms such as Warlock or Neo.
Hacking and film have long gone hand in hand. Pre-internet we had the appropriately-named Gene Hackman in The Conversation, a 1974 movie focusing on the violation of people’s privacy.
Post-internet, the names trip easily off the tongue: The Matrix; The Score; Swordfish; GoldenEye; Tron; Hackers – each one revisits the theme of hacking, reworks it, reinforces the same key imagery.
Perhaps the film that most inspired the modern hacker genre was WarGames, the 1983 film in which a teenage hacker, played by a dew-faced Matthew Broderick, inadvertently leads the world to the brink of nuclear war.
A real-life echo of this comes in the shape of Gary McKinnon, the Scottish systems administrator who faces charges of hacking into 97 US military and NASA computers over a 13-month period between 2001 and 2002.
And then of course there’s Julian Assange, the WikiLeaks founder, who has graduated from one-time teenage hacker to (notorious) world celebrity.
Who’s hacking who?
Governments, private companies and criminal organisations are all involved in hacking to some extent and for different reasons.
Certain newspapers, as we’ve learned recently, are not immune to the charms of listening in to the private affairs of others.
The wild, wild web
In terms of corruptibility, the digital network we now take for granted is like the American Wild West of the 1860s.
It was designed to facilitate information flow over digital links and the idea that these links could be used for illicit activities may not even have crossed the minds of the engineers who built it.
In some ways, the current system is extremely hacker-friendly, and there would need to be a major infrastructure rebuild before hacking could be stamped out.
Colour-coded hacking
Broadly speaking, hackers fall into three camps:
1) White hackers
A so-called “white-hat” will inform an organisation if a security weakness is found in that organisation’s systems.
Organisations such as the Australian Computer Emergency Response Team (AusCERT) fill a white hat role in the hacker world. In one sense, they perform a defensive role: they are the good-guys of the hacking world.
2) Grey hackers
These are less clear-cut than the above (hence the fact they occupy something of a “grey” area in the hacking world).
Often, they act on the spur of the moment. Depending on the situation, they might exploit or warn an organisation if a weakness is found in their system. Are they our friends or enemies? That just depends.
3) Black hackers
These will act to exploit any weakness in a network or an organisation’s systems for gain. This could mean collecting and selling intellectual property or personal information.
It could also mean infecting an organisation’s systems with a malicious virus. Black hackers may be individuals, organisations or governments.
And then there’s something quite different, known as:
Crackers
For many, hacking is about learning new skills to gain a better understanding of how the digital network operates. Hacking, to crackers, is a hobby, a chance to be part of a group activity.
Will they graduate one day to black leather pants and dank basements? It’s perfectly possible.
Sadly, for every “good” hacker there are countless others who act from less than noble motives, and follow well-worn paths to reach their goals.
Hack attacks
The most common types of these are:
1) Distributed Denial of Service or DDoS
Simply put, this involves hackers overloading a site’s server with too many requests. There’s nothing particularly sophisticated about this type of attack, but it’s one of the most effective if executed on a large scale.
2) Website hacking
This involves hackers bypassing the security parameters of a website, gaining access to its administrator panel, then adding or removing information (e.g. adding a page that carries a personal message from the hacker, or adding sexually explicit images on a site’s landing pages).
Viruses are, in their own way, a form of hacking.
Stuxnet
A particularly frightening example of these types of attacks was last year’s “Stuxnet” attacks.
This highly sophisticated computer worm infection infiltrated systems in Iranian nuclear plants, halting scheduled operations between June and September.
Which, in some way, brings us back to WarGames and, in my mind at least, the Wild West.
In the Wild West, destruction caused by outlaws, over many years, led to the introduction of new laws, and the end of a free-for-all mentality to shared and relied-upon resources.
Has the time now arrived to impose tougher laws on hacking?
Read more on this topic:
Join the conversation
Comments (11)
Stephen Lehocz
Mr (logged in via email @bigpond.net.au)
Very good article. It begs the question, were the recent NAB network meltdowns caused by a hacker or virus?
Craig S Wright
(PhD; Adjunct Lecturer in Computer Science at Charles Sturt University)
"Has the time now arrived to impose tougher laws on hacking?"
We have laws, the issue is enforcing them. Try even tracing them...
Mark Gregory
(Senior Lecturer in Electrical and Computer Engineering at RMIT University)
Craig, the point is to take action, which is what reasonable people do when confronted by crime and attacks on civil society. You may even contribute by publically providing your own suggestions on how to stop the crime occurring on the digital network. I would be very interested to read an article by you on this website with your suggestions - you should contact the editors immediately.
regards, Mark
Craig S Wright
(PhD; Adjunct Lecturer in Computer Science at Charles Sturt University)
No Mark, the point is not to simply take action.
Action costs money, action with no effect is a waste of resources and lowers the actions others take, so no.
The point is to do actions that are economically effective and actually make a difference.
I suggest you look up some of my papers, there are many even if most are highly technical in nature.
As for:
"major infrastructure rebuild before hacking could be stamped out."
No. Simple controls are actually effective. Statements such as this make the impression that you need complex expensive systems, that could not be further from the truth.
Virii are not a form of hacking. I presume you have confused Worms and Trojans with this initial form of malware.
Wasting good money at bad solutions just makes things worse Mark. It does nothing to help anyone.
Please see http://www.gicsr.org
Thing is Mark, I actually do take action.
Craig S Wright
(PhD; Adjunct Lecturer in Computer Science at Charles Sturt University)
"Has the time now arrived to impose tougher laws on hacking?"
Please explain how you will enforce these tougher laws. After all, we have computer crime laws that can result in 20 years for some crimes.
Explain to me how this will stop a Dragon in Central Europe? The local script kiddie is hardly the problem.
Tell me how you will stop actions with tougher laws that are taken by a Colombian crime syndicate? A Chinese espionage group? Lithuanian child pornographers?
The laws already exist Mark. But what is a law other than a feel good item when it is not enforced?
Maybe more technically flawed solutions such as the one just introduced here in Australia will help?
Craig S Wright
(PhD; Adjunct Lecturer in Computer Science at Charles Sturt University)
"Broadly speaking, hackers fall into three camps:"
Not even 20 years ago.
Cyber crime has moved from this to a highly organized structure well over a decade ago.
Those who write malware do not run the black markets for its sale. Those who deploy it rent their botnets.
Specialization has occurred long ago in cyber-crime. The notion of the hacker from WarGames was wrong even when the movie came out.
Mark Gregory
(Senior Lecturer in Electrical and Computer Engineering at RMIT University)
Hi Craig,
I have looked at this website and cannot find any whitepapers or any other information with actual descriptions on how to solve the problem of SPAM and associated internet crime. I can see lots of requests for funding for more research.
You mention that you have written papers, so please write an article on how you would stop SPAM and internet crime and submit it on this website. Be bold and express what you would do on a global scale. I will be happy to read it and to provide constructive criticism.
regards,
Mark Gregory
Craig S Wright
(PhD; Adjunct Lecturer in Computer Science at Charles Sturt University)
Mark,
The average (not a large example, just a normal operation) pharma SPAM operation makes revenue of the order of $1million to $2 million per month.
They have net (not gross) profit margins in the order of 20-30%.
They have little concern for law enforcement right now, they care about their competition.
There is a "simple" reason for this. People, those you say care so much click on the SPAM and buy it.
Internet pornography (much of which is SPAM driven) is a $57 billion dollar industry in the US.
The "simple" answer to crime online as with elsewhere is economics. Basically, crime happens as it is profitable. Internet crime occurs as it can be carried out across international boarders with little risk.
If people "cared" as much as you suggest, they would not be supporting these industries.
Umer Khan
(logged in via Facebook)
Good article Mark. It touches key points of the subject.Specially DDOS and TCP SYN attacks are causing big headaches for ISPs and forcing to upgrade Caches, DNS and firewall devices.
Ananda Tapasvi
(logged in via Facebook)
good article with enough insight on hacking and hackers. Very important to understand the basics of hacking with everything going online, emphasising the importance of security
Saqib Taj
(logged in via Facebook)
Very informative article. Well written Mark