|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Special Report: Cybercrime Down Under Part 2 By Philip Luces, ZDNet Australia May 14, 2001 URL: http://www.zdnet.com.au/news/security/soa/Special-Report-Cybercrime-Down-Under-Part-2/0,130061744,120221180,00.htm
What's a hacker, and are they the same as a cracker? What threat are these types of people to business in Australia? Are they the key to cyber criminal activity or could they be the first line of defence for your organisation? Discover what makes a hacker and what makes them want to hack in the second half of our special report on Cybercrime Down Under. Hackers: White-hat versus Black-hat Hacker education: Know your enemy Cybercrime Down Under Part 1 Hackers: White-hat versus Black-hatWhile it seems that the best way to prevent cybercrime is to ensure that your organisation's employees understand the risks, it's also important to understand what kind of people outside of your business might attempt to crack it. The term "hacker" has been used for years, erroneously or otherwise, to describe users who are intent on breaking into computer systems and secure networks. However, that term is experiencing a re-evaluation, particularly since hackers are becoming an important element in helping to secure organisations. A general breakdown between hackers separates them into two categories: white hat and black hat. White hat hackers are individuals who have specialist technical knowledge that is used to protect systems from intrusion. Generally, these sorts of hackers are more interested in learning about systems and networks for the sake of establishing a body of knowledge regarding those forms of technology. The black hat hacker, as the name suggests, are the "bad guys" of the hacker world. These types of hacker are more interested in cracking into systems for the kudos as well as for possible financial gain. The intent for these types of hackers tends to be more malicious and are regarded by those in the wider hacker community as giving them a bad name. In fact, many hackers prefer to refer to these types of people as "crackers" instead of as hackers. Although the threat from these crackers is real, they are less common than most people believe. "The predominant form of hacker out there today is what's referred to as 'grey hat'--they're 'white' in their motives, in that they don't seek to cause damage and don't seek unlawful financial gain," explains Grant Bayley, administrator for the hacker advocacy group 2600 Australia. "But they're intimately aware [of] 'black' methods of subverting security." Bayley claims that the average hacker might be someone in their mid 20s who has been into computers for a number of years. They develop an interest in a particular area of technology and might start out "being a bit of a black hat". During these early stages, the novice hacker starts learning about operating systems and equipment by breaking into some systems and "poking around". However, after they become a bit older, explains Bayley, they might get a job or go to Uni and "start to see that working with particular systems or particular equipment legitimately can pay relatively well". "All the time, they're still learning about things and still know as much 'black' as they do 'white'," says Bayley. "[As they get] older... they might get picked up to do some security work or sysadmin work, an they're forced to switch into the role of the 'white' protector, all the time knowing that there's other 'black' methods out there that could be used against systems or pieces of equipment under their legitimate control." As a result these "grey" hats might conduct private testing or keep in contact with "black" hats to "prevent breaches of security on their turf". The use of hackers to help maintain security around an organisation or business is one that is certainly gaining strength in Australia. "Naming the organisations [that use hackers to help improve their own security] probably isn't a good thing," says Bayley. "They're obvious enough--just look for companies that offer 'IT Security Services' and 'Penetration Testing' as part of that." Bayley points out that it's a mistake to believe that majority of hackers are interested in being malicious or gaining financial rewards through cracking. In fact, he states that the actual percentage of 'black' hats is actually quite small. In general he estimates that 70 percent of unskilled but well-equipped teenagers are 'white', while 30 percent could be labelled "black". But of the more skilled sector, Bayley believes that about 40 percent are "white", 55 percent are "grey" and only about 5 percent are really "black". "I make mention of the second set of figures [for skilled hackers] because there's a ton of people purporting to be black hats when in fact they're little more than unskilled people with code written by others," says Bayley. "Once people get a bit more level-headed (and usually a bit older), people begin to teach themselves, learn in the course of a job, [or] go to Uni... all the time retaining their 'black' knowledge and concepts but operating in a 'white' environment at work." Hacker education: Know your enemyBut how do hackers stay on top of the latest trends in security? Is there some place that they train or do they have some other way of learning? "The sorts of people that are active in the hacking world don't 'train' in the militaristic sense of the word to carry out so-called 'cybercrime'," says Bayley. "The sort of learning that goes on revolves around people taking an interest in a particular area and teaching themselves about it or learning from an established body of knowledge if one exists." These areas of interest cover a variety of areas including software programming, system administration, network administration and hardware hacking. Does the power of being a hacker create people that are more likely to commit cybercrime? Bayley doesn't think so. "I don't believe this pushes people towards wanting to commit or actually commit 'cybercrimes'," explains Bayley. "The attraction [of hacking] isn't a [financial] reward--it's the technology itself, the access to it, and knowing your understanding is provably better than your peers." Bayley also explains that for the type of people who conduct hacking it doesn't make sense for them to jeopardise themselves by cracking for financial reward. "Why would someone with an above average level of intelligence and a natural knack for picking up difficult and often obscure concepts want to risk a decent size salary with something that could lead to a criminal record at the very minimum or a prison sentence?" asks Bayley. The term 'cybercrime', according to Bayley, is a highly-charged description of what actually occurs when organisations are defrauded. "It's not as flashy, but it's perhaps better termed as 'crime that happens to involve technology such as a computer'," says Bayley. He also says that most cybercrime tends to be conducted by non-hackers. "Look around at the type of corporate fraud cases that are alleged to occur these days," says Bayley, "Most of them involve something like an accountant or other person in a position of authority using technology in the belief that their actions are obscured or more difficult to track." "Very few of the people found to be doing this sort of thing are the sort of 'hackers' you're thinking about," explains Bayley. "Without wanting to sound too cliched, it's not a real hackers' mindset to want to steal, defraud or destroy information."
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
