Hacker Profile Becomes More Social, Adds Women - InformationWeek
Software // Enterprise Applications
05:24 PM
Connect Directly

Hacker Profile Becomes More Social, Adds Women

People who author malware are part of a thriving underground economy that's expected to grow in 2008, according to computer security researchers.

Most people involved in computer crimes are nameless and faceless to the organizations they attack, with the obvious exception of insiders. A few become known as a consequence of getting caught.

There's Adam Sweaney, 27, of Tacoma, Wash., who pleaded guilty in September to running a botnet. There's Azizbek Takhirovich Mamadjanov, 21, a Florida resident who was sentenced to 24 months in prison for a phishing scheme that led to millions of dollars in losses for a financial institution in the Midwest. There's Jason Michael Downey, 24, of Dry Ridge, Ky., sentenced in October to 12 months in prison for operating a botnet.

What's notable about these young men and other cybercriminals isn't so much their identities as their community. "I don't think the hacker is a loner anymore," said Don Jackson, senior security researcher at SecureWorks. "People that author malware feel like they have their own community now, their own social circles. They have their own social networks."

In contrast to people like Theodore Kaczynski, the Unabomber, who schemed in isolation to blow people up, cybercriminals today have plenty of support for their attacks and scams. They can buy automated attack kits or information about undiscovered exploits. They can rent botnets -- groups of compromised computers -- to spam, steal personal data, or conduct denial-of-service attacks. Their questions about breaking into other people's computers can be answered through IRC chats or Web forums. They're part of a thriving underground economy that's expected to grow in 2008.

And as cybercrime becomes an even bigger business, the profile of the cybercriminals is broadening beyond young men with computer skills. Jackson said that cybercriminals still appear to be predominantly male, "but we see a lot more women and girls involved in hacking."

One explanation for that may be that malicious hacking in the name of nationalism is tolerated, or even encouraged, in some parts of the world. It's socially acceptable.

"I've been really amazed at the way people defend their actions," Jackson said. "I've had people argue that it's not a bad thing."

Jackson recounted an article he'd had translated from a small-town Russian newspaper that lauded two local hackers for sticking it to "those Capitalists." Russian nationalism appears to be the motivation behind the massive distributed denial-of-service attack that hit Estonia in April. Attacks traced to China are also often attributed to nationalism. But more often than not, the real motivation is money.

Dave Marcus, security research and communications manager at McAfee Avert Labs, said that before 2000, the profile of the hacker was different, more "the pimply kid in the basement." Today, there's more professionalism, he said, because there's money in hacking in many countries.

While Marcus couldn't say whether more women were getting involved in criminal hacking, he did note that those in the security field tended to be exceptionally talented. "Most of the women in security and malware tend to have a lot higher skills than the guys do," he said. "They're considered much more elite."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll