written by: Steve Mallard•edited by: Ronda Bowen•updated: 5/27/2011
What motivates hackers to do what they do? How do they do what they do? And what is Leet Speak? Who are the people who break into, modify or steal data. Read this article for a look into the inner workings of a hacker's mind. How can you protect yourself?
slide 1 of 6
Bright Hub is the gathering of professionals. 8RIght hu8 i5 +H3 G4th3RINg OF pROF3$51oN@l5. (Leet – a hacker’s language) -The psychology behind hacking and the social networking of hackers will always be a mystery. The research behind this study comes from several websites and personal experience.
Looking in a hacker's mind, you have to be open to the social aspects behind the way they think. Often portrayed as loners, hackers can be socially involved and fit into what is considered 'normal' everyday lives.
There appears to be a commonality of 'power' for hackers. The solving of 'puzzles' and the 'see what I can do' attitude is most apparent. By talking to 'wannabees' and individuals who have hacked, the 'power' of finding exploits and 'showing' the 'bigger' entity how they are not secure is the most outstanding trait you will find in these people. There doesn't appear to be a criminological theory or 'true' understanding 'why' they hack. The motivation of hackers will always be a mystery.
Hackers usually use social engineering to gain most of their knowledge. Social Engineering is the act of getting someone to tell you about sensitive information through trust. This unadulterated trust becomes a weakness for most companies.
Brute Force, Exploit and dictionary attacks are usually started through the use of software on the hacker's computer. To avoid detection, the hacker's may use proxies or zombie machines so that their location cannot be determined. This is just a small list of the different attacks hackers can use.
slide 2 of 6
Who are the Hackers?
Hackers can be a disgruntled employee, help desk technician, network technician, an individual, a group or organization.
The disgruntled employee may destroy files or read confidential documents. The help desk or network technician may use their power to read, modify or destroy information. An individual may be motivated by 'power'. A group or organization may see how far they can go They may modify websites or commit industrial espionage.
Enterprise security relies on everyone in any organization. Looking at trends, reading magazines, obtaining certifications is sometimes not enough. The security director and the security team in any organization should study the social details behind hacking and hackers.
Hackers ethics can vary and most believe that information and computer unauthorized access are o.k. as long as no harm is done. Visiting forums and IRC channels you will learn that this information on the hack or crack is shared and often bragged about.
Most hackers are young teens to their early thirties. They are often academic underachievers, analytical thinkers with above average intelligence. Hackers generally have handles or nicknames they use when communicating. Communication can take place by using an alternate language called LEET. (http://www.albinoblacksheep.com/text/leet)
slide 3 of 6
Events and Organizations
Several events and organizations study the art of hacking and have social events that bring these individuals together. Defcon (www.defcon.org) is an annual hacker convention that brings every type of hacker in the world together. With events on hacking, security lectures, and other sessions, hackers can hon their skills.
PhreakNIC (www.phreaknic.info) is a Nashville, Tennessee based hacking group that gets together to study skills and share ideas.
Another organization that sells hacker items and has a quarterly newsletter is 2600.org
Certifications that teach Ethical Hacking are becoming more and more popular. One of the best in the industry is ECCouncil (www.eccouncil.org). According to ECCouncil, their Certified Ethical Hacking (CEH) certification is one of the fastest growing in the industry.
Virtual Private networking to Domain Servers with Student Information Systems Software from staff workstations
Periodic control of Operating System Service Packs
Anti-virus software installed on each workstation to include student work stations
Spyware/malware / Malware control measures
"Pop up" control measures
Application updates (i.e., Microsoft Office and related)
Software Update Services Server installed to push updates approved by administration Documented Policy and Procedures school level Documented Policy and Procedures board level Active Directory Server login for staff to establish IT Policies Applications with logging of activities (customized) Application and Security Logs running on Servers Network Address Translation used at firewall level DMZ (demilitarized zones) used on web server Hardware firewall (three honed) used with logs and specific port number restrictions. IDS (Instruction Detection Server) in place and monitored Traffic monitor in place to monitor inbound, outbound and intranetworking packets Disaster recovery plan in place These tips are listed in the bright hub articles: ThE r4vEN
slide 6 of 6
Ethics and Certification
I obtained my CEH (CNDA - Certified Network Defense Architect for government) several years ago. You have to KNOW the material. One of the best and fastest growing certifications by ECCouncil. The CEH certification is currently going to version 7. Every aspect of hacking is covered including the 'social' behavior of a hacker. It is one of the most difficult to obtain and respected certs in the industry.
All industries and businesses should study network defense and understand how hackers think and what motivates hackers.
Do I have a handle? My wife chose Gaagii (Raven). Do I hack? No, but I do study security, hackers and the new threats coming out in the information technology industry.