Jul 31, 2013

Different Types of Hackers and Their Motives

In today's Whiteboard Wednesday, Chris Kirsch will talk about the different types of hackers and the motives behind their attacks. Learn more about the three major hacking groups and who they target. Chris will also help you understand which group of hackers you should be worried about the most.

Read Video Transcript

Hello and welcome to this week's Whiteboard Wednesday. My name is Chris Kirsch. I'm the Product Marketing Manager here at Rapid7. Today, I'd like to talk about different types of attackers and what their motives are, what their targets are, and which ones you should be worried about.

So let's start with the state-sponsored ones. Typically, those are embedded in a government organization. Their typical motives are either regular espionage, trying to figure out what's going on in other governments, especially the military parts of those governments, but also kind of getting an informational advantage there and undermining their networks.

The second one is industrial espionage, where they might be trying to find out blueprints for new technology in another company, or even trying to figure out the information about mergers and acquisitions, who's buying whom. There was a recent case with an American soft drink company that was trying to acquire a Chinese fruit juice vendor or manufacturer, and there was a strong indication that the Chinese side knew very much about how far and how much the American side was going to go in the bidding process. Of course, the Americans didn't get a very good price in the end. So, in this case, the state-sponsored attackers may have obtained that information and passed it on to a part of the domestic industry to bolster their own company.

Then, also, they will look at critical infrastructure, because in a cyber war, what's really powerful is without sending any troops in, you can actually take down the critical infrastructure. We saw that in Korea. There was some indication there when the ATMs in the country didn't work for a couple of days, I think it was. If you think about these kind of things, taking down the financial system, taking down a water supply, power supply, and so on, that's very, very powerful and in a sense also very scary. So state-sponsored attackers will typically go after governments, after critical infrastructure - I think Stuxnet is another example of this - and then enterprises as well in the case of intellectual property and mergers and acquisitions.

The second group that I'd like to talk about are hacktivists. And here, these guys really have political motives. They want to make a political statement. They will go after governments that have policies they don't agree with or enterprises that have policies that they don't agree with. One example here is a couple years ago, some financial organizations no longer accepted payments for donations for WikiLeaks, and some hacktivists attacked them with a denial of service attacks to bring down their systems and cause them harm for their decision not to support them. That was clearly a political statement. They might also deface a company's or an organization's website to make a strong statement there.

The third group that I'd like to talk about is organized crime, and these guys have one motive, and it's money. They will make a very economic decision about all of the attacks that they're making. Essentially, they're trying to find the softest target and the cheapest target to breach, and then looking for information that they can monetize. In most cases, this will be credit card numbers that they get out of a database. They sell those credit card numbers on to other people who can monetize them. Here, the targets are typically enterprises that process credit cards, to some extent also governments if they process credit cards, but also private citizens because sometimes they will install a piece of malware on the machine, get the banking login of that private person, or they will simply make that private person's laptop part of a botnet for a denial of service attacks to cover their tracks by routing information through that computer, or in a simple case, simply by using the computing power on that machine to mine bitcoins, for example.

Now, who out of the three should you be the most worried about? I think in most cases organized crime is probably the one that you should focus on first because they make economic decisions. So if you are more secure than the next guy, you will probably keep these guys out. It's a little bit like the story that probably everybody knows, about the guy getting chased by a bear and he's thinking, "All right, I don't need to outrun the bear. I just need to outrun my friend." It's the same thing here. If you're safer or more secure than the next company out there, you're going to be good. So focus on organized crime first. These guys also usually won't use zero days. They'll use publicly available exploits where the vulnerabilities are known, where maybe patches are available and so on. So, here, these guys are probably the easiest to defend against.

Hacktivists, you need to figure out, are you a potential target for hacktivists or not? Are the actions that your organization is taking controversial in any way? In that case, you should probably have a look here and see if hacktivists might try to get in. State-sponsored really applies if you are a government organization, or if you are running critical infrastructure that includes the financial system, or if you're running an enterprise that is making international acquisitions or has very valuable intellectual property.

All right. That's it for today. Thank you for joining me for this Whiteboard Wednesday, and I'll see you next week.

Free Metasploit Download

Put your network's defenses to the test

Download Now