Brighthub is the gathering of professionals. 8RIghthu8 i5 +H3 G4th3RINg OF pROF3$51oN@l5. (Leet – a hacker’s language) -The psychology behind hacking and the social networking of hackers will always be a mystery. The research behind this study comes from several websites and personal experience.
Looking in a hacker's mind, you have to be open to the social aspects behind the way they think. Often portrayed as loners, hackers can be socially involved and fit into what is considered 'normal' everyday lives.
There appears to be a commonality of 'power' for hackers. The solving of 'puzzles' and the 'see what I can do' attitude is most apparent. By talking to 'wantabees' and individuals who have hacked, the 'power' of finding exploits and 'showing' the 'bigger' entity how they are not secure is the most outstanding trait you will find in these people. There doesn't appear to be a criminological theory or 'true' understanding 'why' they hack. The motivation of hackers will always be a mystery.
Hackers usually use social engineering to gain most of their knowledge. Social Engineering is the act of getting someone to tell you about sensitive information through trust. This unadulterated trust becomes a weakness for most companies.
Brute Force, Exploit and dictionary attacks are usually started through the use of software on the hacker's computer. To avoid detection, the hacker's may use proxies or zombie machines so that their location cannot be determined. This is just a small list of the different attacks hackers can use.
Who are the Hackers?
Hackers can be a disgruntled employee, help desk technician, network technician, an individual, a group or organization.
The disgruntled employee may destroy files or read confidential documents. The help desk or network technician may use their power to read, modify or destroy information. An individual may be motivated by 'power'. A group or organization may see how far they can go They may modify websites or commit industrial espionage.
Enterprise security relies on everyone in any organization. Looking at trends, reading magazines, obtaining certifications is sometimes not enough. The security director and the security team in any organization should study the social details behind hacking and hackers.
With knowledge being power in the hacker culture, an Elite hacker is someone who has great technical skills. Hackers may and may not have ethics. This separates black hats, white hats, grey hats and script kiddies.
Hackers ethics can vary and most believe that information and computer unauthorized access are o.k. as long as no harm is done. Visiting forums and IRC channels you will learn that this information on the hack or crack is shared and often bragged about.
Most hackers are young teens to their early thirties. They are often academic underachievers, analytical thinkers with above average intelligence. Hackers generally have handles or nicknames they use when communicating. Communication can take place by using an alternate language called LEET. (http://www.albinoblacksheep.com/text/leet)
Several events and organizations study the art of hacking and have social events that bring these individuals together. Defcon (www.defcon.org) is an annual hacker convention that brings every type of hacker in the world together. With events on hacking, security lectures, and other sessions, hackers can hon their skills.
PhreakNIC (www.phreaknic.info) is a Nashville, Tennessee based hacking group that gets together to study skills and share ideas.
Another organization that sells hacker items and has a quarterly newsletter is 2600.org
Certifications that teach Ethical Hacking are becoming more and more popular. One of the best in the industry is ECCouncil (www.eccouncil.org). According to ECCouncil, their Certified Ethical Hacking (CEH) certification is one of the fastest growing in the industry.
I obtained my CEH (CNDA - Certified Network Defense Architect for government) this past summer. You have to KNOW the material. Every aspect of hacking is covered including the 'social' behavior of a hacker. It is one of the hardest certs in the industry. Do I have a handle? My wife chose Gaagii (Raven). Do I hack? No, but I do study security, hackers and the new threats coming out in the information technology industry.