Thursday, July 26, 2012

The 'hacker' in today's society

People as words

The terms associated with the security community have long been hotly debated by the community members themselves. The 'media' (whoever that actually is) has had a field day by scaring the otherwise generally non-technical viewers who further misconstrue the term 'hacker' to mean 'that shady looking guy who is going to steal my money'. I've heard it a hundred times from different members of the security community and I'm sure we all will continue to but why?


The paradigm shift

For those readers who might remember, at the end of the phone phreaking days, the same sort of motivation shift appeared to be occurring. Back in the days of 2600Hz tones and schematics for interesting devices made by those reverse engineering an otherwise black-box system such as the phone system the motivations were much simpler and amatuer: the passionate drive to understand how something truly works. In the past few years, this motivation has given way to a much more contemporary one: money.

 This has been posited by others (see the first chapter of Gray Hat Hacking: The Ethical Hacker's Handbook) namely, that understanding the true motivation an attacker has is paramount to understanding what that attack is capable of and, simply put, how they think. I think this is an important point to keep in mind for the security professional today. If you do not understand your opponent, how can you defend yourself against him?


The distinction

Given this, what is the best way to solve this otherwise mundane vocabulary problem? The word 'hacking' has been hijacked by contemporary society but by using instead 'criminal hacker' or something of the sort, it becomes much more clear which group of people are being referred to.


Conclusion

There is a lot of great information out there about how to protect your network assets, mitigate complex threats and anything else technical you could think of but much of it falls on deaf ears (or is simply lost among the noise of voices of others screaming for security). None of this helps the next victim of a financially motivated criminal hacker if he doesn't understand that the attacker isn't going to be mounting an attack that might be more appropriately launched against a government but instead will sneak in, attempt to accomplish their financially motivated goal and sneak out.

Thoughts?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)