“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
– Sun Tzu, Art of War
The Irish Honeynet Project has been actively researching and deploying the technologies that allow us to monitor and profile the blackhat community here in Ireland for nearly two years. Considerable time and effort has been spent understanding and analysing their tools, their tactics and their behaviour. Much of our reporting to date has focused purely on the “what” and “how” of the blackhat community, specifically the technical tools, their use andimplementation. This article explores the “why” – the motivation and psychology of the blackhat community.
The image of the malicious hacker that has been prevalent in popular media for some time is that of a gifted but socially inept teenager. Generally they are visualised as male, loners with poor self-esteem and a greater ability to interact with computers and technology than with other people. Typical of this stereotype is the image that Hollywood has propagated in movies such as Sneakers, Hackers and more recently the Matrix trilogy.
Those who insist on clinging to this view of hackers tend to split the hacker taxonomy into four distinct groups. Firstly, there is the “Script-Kiddie”, consisting mainly of young males who download pre-written, pre-compiled scripts or ‘hacks’ and seem intent on vandalising or disrupting systems.
Secondly there is the professional criminals or ‘crackers’, organised groups who make a living from breaking into computer systems and selling the information.
Third comes the virus writers’ and ‘Coders’, who perceive themselves as the elite of the blackhat community. Although they may write the code themselves, they tend not to use it themselves leaving this to the script-kids.
Finally there is the old school hacker. These tend to see themselves as hackers in the original sense of the word – through a clever trick (the hack), getting a piece of technology to perform a task it was never designed to do or overcome its design limits. Interestingly, many of the Honeynet volunteers worldwide would consider themselves hackers in this sense of the word.
As with all stereotypes this one doesn’t truly reflect reality. There is a proliferation of hacking conferences, from Defcon (Defence Conference) to Hope (Hackers On Planet Earth) to Blackhat (Blackhats Conference) to Infowarcon (Information Warfare Conference). This simple observation dispels the loner myth.
Like any other subculture, they are self-organising, gathering together to pursue their common interests – hacking and overcoming computer security systems. Max Kilger, resident psychologist on the Honeynet’s team, points to groups such as the Cult of the Dead Cow and other black-hat organisations that pool resources and maintain exclusive memberships, as examples of hacker organisation. “It’s pretty scary stuff to the uninitiated,” Kilger argues. “But in fact, they’re pretty predictable because social structure to a great degree shapes their behaviour. Because there’s a meritocracy, there’s a lot of status struggle. Your role or status in the community depends on how good you are.”
Despite the lack of empirical data, the industry hasn’t stopped making what behavioral psychologist Marc Rogers calls “sweeping generalisations” about computer criminals. Fear, uncertainty and doubt–better known as FUD–help sell security, which is the name of the game. But those with a handle on the hacker culture say such labels are premature and, perhaps, inaccurate.
A quick look through the ranks of the world’s most famous hackers also belies many of the other myths.
Perhaps the most popular myth of all is that hackers are social misfits incapable of developing or maintaining normal relationships. Studies of computer criminals found no significant difference between the number of convicts who were married or single. As Marc Rogers says, “Their marital status indicates they may not be as socially dysfunctional as we thought.” Similarly by observing whitehats, it’s readily observed that they are as likely to be married and have kids as the rest of us.
Does knowing the enemy help? “Absolutely. That’s a critical component and one that hasn’t been emphasised enough in information security. Knowing who you’re up against is critically important,” Kilger says. “To a degree, you can anticipate their behaviours, shape their behaviours, which are important things to do.”
Kilger is currently writing a book on computer underground, with chapters devoted to different components, such as social control, status, magic and religion. “They really have a very strong, resilient social structure, which surprises a lot of people,” he says. “They see hackers and they look disorganised and dishevelled and a bit on the fringe of society and anarchistic. But the actual social structure of the hacker community itself is strong, interesting and resilient.”
The Irish Honeynet project is growing rapidly. We are seeking new members who would like to be actively involved in the research and analysis of compromised systems. If you find this article interesting and have a passion for computers and computer security in particular we want to hear from you. Please email firstname.lastname@example.org and request an application form. Active members of the Irish Honeynet project will participate in regular meetings, will contribute to on-going Honeynet configuration and maintenance, and assist with data analysis and reporting on findings and developments. For more information please visit www.honeynet.ie and request an application form.
The Irish Honeynet, set up by Espion, Deloitte, and Data Electronics, operational since April 2002, is designed to mimic the Internet infrastructures commonly used by organisations, but it is ‘wired’ with detection sensors that capture all activity to and from the system. The Honeynet is not advertised in any way so any traffic to it from the Internet is suspicious by nature, as it arises from hackers and crackers who are deliberately attempting to identify and attack systems that are vulnerable.
Headquartered in Dun Laoghaire, Espion Ltd. is the leading supplier of best-of-breed new security technology products and services including, Security Products, leading edge security products distributed through a network of resellers and partners. Security Training provided to clients to gain knowledge of how hackers work and how best to secure existing systems.
Irish Honeynet Project a research project which, monitors and reports on the number of hacking incidents against a number of computers presented anonymously to the internet. This project is an attempt to learn the tools, tactics, and motives of the blackhat community and share those lessons learnt as well as to qualify the hype and provide an Irish perspective with local knowledge and yet participate in a global initiative Security Services & Consultancy including, Security Overview & Assessment, Consultancy, Implementation Services, Security Audit & Penetration Services, Forensic Analysis & Forensic Investigation, Incident Response Planning & Training, Computer Incident Response Team (CIRT)
For more information, please contact: Jim Lehane Espion 087 234 9286