4 DISTINCT CATEGORIES OF HACKERS BY MOTIVATION
To understand how hackers think, how they operate: what any good doctor will tell you, what any criminal detective would tell you is: If you want to get into the mindset someone, you first have to understand their motivation. You have to get into their character
to understand what their motivation is. What they're going to be thinking. So far, for a hacker going after an application, there have been different motivations.
There are different types of hackers driving what they're doing for different reasons. And if we just focus on one type, then we leave orphan vulnerabilities. We're going to look at four different types of hackers and what their motivation is when they see your application. What are they looking for?
1. Academic
First on the list is the academic hacker. These are people that are doing it for the kudus. They're trying to find something that is theoretically possible? A vulnerability within your code, a weakness that they can publicize on their motivation is really the kudus they get from their peers for finding something interesting. So they want to spread it wide. They want to tell people about what they found. This could be pure academics working in the university. It could be security consultants. It could just be people playing in their bedrooms, trying to find vulnerabilities because they enjoy doing it. But they're looking for the kudus. That recognition of what we do? Why is this a problem for you? These aren't people going to defraud your system for millions of dollars, but they are going to publicize it. Publicity of witnesses gets picked up by the media. Media love seeing academic research say your app is weak and that leads to brand damage to your applications. People stop trusting what you're doing and how you're doing it.
2. Criminal
This second type is really the exact opposite: criminal. They're not doing it for the kudus. They don't want publicity. If they get publicity, they end up in jail so they want to keep secret. What the criminal was doing? It's very simple. They're doing it for the money and, like anyone that's doing it for the money, they need to get a good return of investment off their attack. This means they need an attack that can scale and generate lots of revenue. Criminal hackers are well resourced. They're bright. They’re intelligent people. However, resources need a return just like any other business. So the obvious risk is anything criminal from fraud on the ecosystem, fines due to breaches in privacy legislation, expensive reactionary mitigation and reputational damage when the attack makes the news. An example is the 7-Eleven in Japan, where there were lots of fraud on the ecosystem three a week on mobile applications. Aside from the first problem of fraud, there are also increasing legislation around privacy in keeping human data safe. Such as the GDPR in Europe. Bridging legislation results in expensive fines. It also means you've got to take expensive, reactionary measures. If you do put your security and after the event, it's always more expensive than doing it beforehand. And, of course, there's still that reputational damage. Often, the long-term impact of any fraud is not fine. It's not the money that was taken at the time, but long-term damage to your brand and your product. This is so because certain legislations require that you say publicly when you’ve had a data breach, no keeping that fraud secret anymore.
3. Government/Law enforcement
Farther away from our criminal organization, the next type of hacker is someone that is kind of working very legitimately. In their sense as the government or law enforcement agency, they are simply looking for intelligence. They are looking for information that they believe can help protect their citizens and their country from whom they deem to be their enemies. One of the arguments here is that these are people that believe the end justifies the means. So if we are looking at reputational damage, they don't care about it. Like it or not, they're making sure that they get the intelligence they need. Your users feel spied on. The users don’t feel the ends justified the means. The reason they don’t feel that is because of perspective and creates breaches on trust. Well, you can't just let-in the good government and if there is a weakness in your code, you are going to let-in the bad government (the ones you don’t want). So it is much better to work within the legal formulation and not allow the government to go in and hack your application.
4. Freeloader
Our final type of hacker is a freeloader. These are people that in years past would take a CD and copy onto tape (piracy) so they could listen to the music for free. The only trouble now is they're looking to stream movies free from Netflix while cheating in the latest online game amongst many. So they ruined the revenue stream of the content providers and movie services. They ruined the revenue stream of an online game because if you look at the revenue again. The game makes lots of money until it stops being fun. That’s when people start cheating in it. This happened when that concept of fear disappears from the game. People stop playing it to go and play the next big game. Freeloaders really damage your revenue stream, either directly or indirectly, by damaging the ecosystem. The other problem with freeloaders is when in the old days, they just copy to CD, and it was one piece. Now, they operate like emitters. Example, once they find a way to get that movie content for free, they published it back onto a third party so everyone else could get movie content for free as well. So it's not just one piece of piracy. No. The feeling is able to help everyone else help themselves.
Post a Comment
If you can't commemt, try using Chrome instead.