Know you Enemy
Does he really know them?
First, I want to excuse me for the lack of posts in the last 4 days, I had other things to do and had a shortage of time. So, the article that I’ll comment is 5 days old but I want to comment it anyway.
There is an article that I need to comment on. The problem with it is that he doesn’t focus on his subject, go everywhere and try to cover a wide question in a little article. The title is “Know your enemy” — cliché. He writes on 3 main subjects: Companies resources (new network technologies), third world hackers (money as motivation) and others obscure ones (custom software and social engineering). There is what he said about the second subject and I want to comment on:
Should US companies worry about hackers in Russia and other countries?
Hackers from countries where the economy is less developed than the US
are more motivated by money than by pride when they start trespassing
on US companies – as opposed to US hackers, who are motivated more by
pride than money. (There are many other ways that you can make money
in the US.)
Also, money is a stronger motivator than pride. That’s why people
motivated by money are more dangerous. Hackers are businesspeople [if
they are motivated by money]. In most cases, they are probably just
having difficulties in their countries finding and exploring
opportunities to work.
If a company that is hacked into can explore with a hacker his or her
talents in a more peaceful way, the victim can only benefit. If these
hackers are businesspeople, they can be redirected by being offered a
better deal than the one they might get by creating pressure through
hacking.
I deeply believe in this point. It is hard, however, to generalise too
much because every case involves different kinds of people and
different circumstances.
What security measures offer the best protection against hackers?
Keep the hackers occupied if you recognise them as a threat. This
might be similar to what some countries have done with their nuclear
scientists – Russia, for example, keeps them under close supervision
and treats them well, but above all keeps them busy professionally.
The problem is that he make too emphasis on the typical hacker of Hollywood. Really, he is not a threat. The real threats are the criminal groups. They begin to see benefits with cyber crimes and they exploit it. They exploit the internationalisation of the Internet and the lack of law applicability of many countries. This is the real problem. It’s true that the motivator is the money in this case too, but good luck to employ them after. I think that he talk about a minority of cases, and by doing so, he’ll not get rid of the real problem, the real danger, the criminal groups implication in the cyberspace.
It’s my 2 penny to the discussion.
[In addition to the post: 12 October 2004]
—————————————————
I just read Bruce Schneier’s October blog posts. He talks about this subject the 4 October with Bill Brenner from SearchSecurity.com. It’s interesting to see that I’m not alone to share this view. I know that many other people do too. There is the excerpt from his post:
“What’s the biggest threat to information security at the moment?
Schneier: Crime. Criminals have discovered IT in a big way. We’re seeing a huge increase in identity theft and associated financial theft. We’re seeing a rise in credit card fraud. We’re seeing a rise in blackmail. Years ago, the people breaking into computers were mostly kids participating in the information-age equivalent of spray painting. Today there’s a profit motive, as those same hacked computers become launching pads for spam, phishing attacks and Trojans that steal passwords. Right now we’re seeing a crime wave against Internet consumers that has the potential to radically change the way people use their computers. When enough average users complain about having money stolen, the government is going to step in and do something. The results are unlikely to be pretty.”
———————————————–
Iang
June 19, 2005 — 5:01 pm
I agree with that! I also found the comment that the best thing to do is employ the hacker slightly odd. Once someone has spent a lot of time hacking a company, I think the last thing that a company should do is offer him a job. Certainly, the hacker has every incentive to drift over to the other side of the tracks, but that’s up to the hacker.
Fred
June 19, 2005 — 5:02 pm
Hello Iang! Exactly, it’s like this: Will I employ a child molester as a warden for my childs? Answer to this question is an answer to the upper question. Last weeks the subject was in the news because a German enterprise had employed an ex-virus writer… this is their choice but I’ll not buy any of their products for sure.
Thank for the post, It’s always appreciated!
Salutations,
Fred