An analysis of hacker mentality

Why people hack is a subject which is often discussed. Some say the explanation is the same as the one given by people who climb mountains: ‘because they [computers] are out there’. Others claim that by highlighting vulnerabilities, hacking helps increase computer security. And finally, there is the explanation most often put forward: criminal intent.

Whatever the reason, as long as computers exists there will be hackers – white hats, black hats and grey hats. And because there is no way of predicting which kind of attack (‘curiosity’ versus ‘malicious’) will hit your computer first, it is always best to be prepared for the worst.

The truth is that in hours of a machine being connected to the Internet, somebody will scan it with an automated vulnerability probing tool, looking for ways to get in. It may be somebody who is just curious to see what is on the machine, or a white hat from the other side of the world checking to see if the computer is secure. Of course, in real life you wouldn’t want passing strangers stopping to check if your house or car were locked, and, if not, to go inside, look around, go through your possessions and leave a note saying ‘Hi, I was here, your door was open, but don’t mind me and BTW, fix your lock’. If you wouldn’t want someone to do this to your house, you wouldn’t want someone doing it to your computer. And there is no excuse for doing it to someone else’s computer either.

Premeditated, criminal, hacking is obviously even worse. In the real world, somebody walks by, breaks your lock, gets inside, disables your alarm system, steals something or plants listening devices in your phone or surveillance equipment in your living room. If this happens you call the police, they look around, write a report, and you wait for the thieves to be caught. Unfortunately, this is a rare luxury in the computer world; the culprit may be far, far way, downloading your confidential files while sitting in his personal villa or sunbathing by his huge pool, nicely built with stolen money. Or, in a business environment, many large corporations prefer not to report hacking incidents at all, in order to protect their company image. This means that the criminals remain unpunished.

Another hacker motivation may be hooliganism, or digital graffiti, which can be summed up as hacking into systems to cause damage. Web site defacement is a very popular form of digital graffiti and there are some hacking groups which focus on this task alone. Just as in the physical, non-cyber world, catching the hooligans is a tedious task which usually doesn’t repay the effort or resources expended.

Whatever the reasoning, be it ‘to help others’, ‘security heads-up!’, ‘hooliganism’ or ‘criminal intent’, hacking is a phenomenon which is deeply rooted in the world of computing and will probably never die. There will always be people immature enough to abuse public resources, self-proclaimed ‘Robin Hoods’ and criminals hiding in the dark alleys of cyberspace.

backdoors-in-d-links-backyard

Backdoors in D-Link’s backyard

If you want to make the world safer, start with the smart things in your home. Or, to be more specific, start with your router – the core of any home network as well as an interesting research object. And that router you got from your ISP as part of your internet contract is even more interesting when it comes to research. Read Full Article

it-threat-evolution-q1-2018

IT threat evolution Q1 2018

In January, we uncovered a sophisticated mobile implant Skygofree that provides attackers with remote control of infected Android devices. Network worm OlympicDestroyer attacked on the Olympic infrastructure just before the opening of the games in February. Read Full Article

apt-trends-report-q1-2018

APT Trends report Q1 2018

In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. Read Full Article

threat-landscape-for-industrial-automation-systems-in-h2-2017

Threat Landscape for Industrial Automation Systems in H2 2017

Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to incident response teams, enterprise information security staff and researchers in the area of industrial facility security. Read Full Article