Understanding attackers

People who attack systems are a diverse and varied crowd. Their ages, economic status, and intellect all run the spectrum from one extreme to the other. Their reasons also vary from the paranoid sci-fi approach of reining in Big Brother to the outright malicious intent of information warfare and espionage. Still others, and by far the majority, seem to take outfoxing security systems and computer defenses as a hobby -- a cool thing to do simply because it can be done.

Attackers are not often the hell bent for leather "cyber terrorists" that they are painted to be. Much of their antics are very annoying and some can be damaging to an organization's bottom line and reputation, to be sure, but many attackers really do attempt to follow the "hacker ethic" established in ages gone by at MIT and other such bastions of technical free thinkers. Many of them follow the sometimes unclear path of "open disclosure" to work toward what they see as better security and privacy for the masses.

Now, I am certainly not condoning attacking systems. Criminal acts are criminal acts whether they involve a computer or a gun, but I do believe that many technical managers and administrators would be better served by understanding a bit more about the attacker community, its goals, its beliefs, and its membership. To do this, I recommend reading of Web sites that cater to the attacker crowd (http://www.2600.com and http://www.packetstormsecurity.com). Read through the security research newsgroups and mailing lists (Bugtraq and alt.hackers.*). Lastly, if you are truly interested, attend a convention such as DefCon (http://www.defcon.org) or a local 2600 (http://www.2600.org.au) meeting and actually meet those who may be banging on your firewall from time to time.

Remember that attackers may have their point and purpose. They may actually be improving security through research and following an ethic of exploration without harm. Try to give them a chance to prove their stance and keep the opportunity open to help mentor someone who might just be walking the fence today but, with some guidance, could be a shining star tomorrow.

Join the newsletter!

Or
Error: Please check your email address.

More about MITSecurity Systems

Show Comments