How Do Hackers Think?

Bright Hub is the gathering of professionals. 8RIght hu8 i5 +H3 G4th3RINg OF pROF3$51oN@l5. (Leet – a hacker’s language) -The psychology behind hacking and the social networking of hackers will always be a mystery. The research behind this study comes from several websites and personal experience.

Looking in a hacker's mind, you have to be open to the social aspects behind the way they think. Often portrayed as loners, hackers can be socially involved and fit into what is considered 'normal' everyday lives.

There appears to be a commonality of 'power' for hackers. The solving of 'puzzles' and the 'see what I can do' attitude is most apparent. By talking to 'wannabees' and individuals who have hacked, the 'power' of finding exploits and 'showing' the 'bigger' entity how they are not secure is the most outstanding trait you will find in these people. There doesn't appear to be a criminological theory or 'true' understanding 'why' they hack. The motivation of hackers will always be a mystery.

Hackers usually use social engineering to gain most of their knowledge. Social Engineering is the act of getting someone to tell you about sensitive information through trust. This unadulterated trust becomes a weakness for most companies.

Brute Force, Exploit and dictionary attacks are usually started through the use of software on the hacker's computer. To avoid detection, the hacker's may use proxies or zombie machines so that their location cannot be determined. This is just a small list of the different attacks hackers can use.

Hackers can be a disgruntled employee, help desk technician, network technician, an individual, a group or organization.

The disgruntled employee may destroy files or read confidential documents. The help desk or network technician may use their power to read, modify or destroy information. An individual may be motivated by 'power'. A group or organization may see how far they can go They may modify websites or commit industrial espionage.

Enterprise security relies on everyone in any organization. Looking at trends, reading magazines, obtaining certifications is sometimes not enough. The security director and the security team in any organization should study the social details behind hacking and hackers.

With knowledge being power in the hacker culture, an Elite hacker is someone who has great technical skills. Hackers may and may not have ethics. This separates black hats, white hats, grey hats and script kiddies.

Hackers ethics can vary and most believe that information and computer unauthorized access are o.k. as long as no harm is done. Visiting forums and IRC channels you will learn that this information on the hack or crack is shared and often bragged about.

Most hackers are young teens to their early thirties. They are often academic underachievers, analytical thinkers with above average intelligence. Hackers generally have handles or nicknames they use when communicating. Communication can take place by using an alternate language called LEET. (http://www.albinoblacksheep.com/text/leet)

Several events and organizations study the art of hacking and have social events that bring these individuals together. Defcon (www.defcon.org) is an annual hacker convention that brings every type of hacker in the world together. With events on hacking, security lectures, and other sessions, hackers can hon their skills.

PhreakNIC (www.phreaknic.info) is a Nashville, Tennessee based hacking group that gets together to study skills and share ideas.

Another organization that sells hacker items and has a quarterly newsletter is 2600.org

Certifications that teach Ethical Hacking are becoming more and more popular. One of the best in the industry is ECCouncil (www.eccouncil.org). According to ECCouncil, their Certified Ethical Hacking (CEH) certification is one of the fastest growing in the industry.

What you can do to protect your assets:

• The identification of key weaknesses in computer systems, nodes on a network, clients, connectivity and training.
• Policies and Procedures that ensure all levels of the company are within compliance with standards set by the company.
• Activities include hierarchal structure, authorization, implementation, disaster recovery and planning.
• Information from vendors is archived.
• Information from customers (clients) is logged.
• Communication along internal paths of the company to insure all areas of protection are available.
• Assessment of hardware firewall.
• Assessment of Software Patches and Service Packs.
• Management of all personnel.
• Auditing of logs and change orders.
• Monitoring of performance of all nodes on the network.
• Monitoring of security alert sites of government and for profit sites.

Company Security and Auditing Controls:

• Communication
• Poor or lack of judgment
• Lack of training
• Lack of concern
• Disgruntled employees
• Lack of review

A small list of duties below is required to keep data protected:

• Periodic changes of passwords
• Updating of policy and procedures
• Auditing server logs
• Auditing firewall logs
• Researching new malicious threats at third party information sites
• Physical security
• Applying patches
• Applying service packs
• User management
• Monitoring spyware/malware
• Monitoring new installs
• Monitoring performance
• Monitoring IDS systems
• Monitoring anti-virus protection

Control, auditing and implementation of a network:

1. Periodic control of Operating System Patches
2. Virtual Private networking to Domain Servers with Student Information Systems Software from staff workstations
3. Periodic control of Operating System Service Packs
4. Anti-virus software installed on each workstation to include student work stations
5. Spyware/malware / Malware control measures
6. "Pop up" control measures
7. Application updates (i.e., Microsoft Office and related)
8. Software Update Services Server installed to push updates approved by administration Documented Policy and Procedures school level Documented Policy and Procedures board level Active Directory Server login for staff to establish IT Policies Applications with logging of activities (customized) Application and Security Logs running on Servers Network Address Translation used at firewall level DMZ (demilitarized zones) used on web server Hardware firewall (three honed) used with logs and specific port number restrictions. IDS (Instruction Detection Server) in place and monitored Traffic monitor in place to monitor inbound, outbound and intranetworking packets Disaster recovery plan in place These tips are listed in the bright hub articles: ThE r4vEN

I obtained my CEH (CNDA - Certified Network Defense Architect for government) several years ago. You have to KNOW the material. One of the best and fastest growing certifications by ECCouncil. The CEH certification is currently going to version 7. Every aspect of hacking is covered including the 'social' behavior of a hacker. It is one of the most difficult to obtain and respected certs in the industry.

All industries and businesses should study network defense and understand how hackers think and what motivates hackers.

Do I have a handle? My wife chose Gaagii (Raven). Do I hack? No, but I do study security, hackers and the new threats coming out in the information technology industry.

Image courtesy of sxc.hu/gallery/flaivoloka at http://www.sxc.hu/photo/1159615.