Software // Enterprise Applications
News
12/20/2007
05:24 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Hacker Profile Becomes More Social, Adds Women

People who author malware are part of a thriving underground economy that's expected to grow in 2008, according to computer security researchers.

Most people involved in computer crimes are nameless and faceless to the organizations they attack, with the obvious exception of insiders. A few become known as a consequence of getting caught.

There's Adam Sweaney, 27, of Tacoma, Wash., who pleaded guilty in September to running a botnet. There's Azizbek Takhirovich Mamadjanov, 21, a Florida resident who was sentenced to 24 months in prison for a phishing scheme that led to millions of dollars in losses for a financial institution in the Midwest. There's Jason Michael Downey, 24, of Dry Ridge, Ky., sentenced in October to 12 months in prison for operating a botnet.

What's notable about these young men and other cybercriminals isn't so much their identities as their community. "I don't think the hacker is a loner anymore," said Don Jackson, senior security researcher at SecureWorks. "People that author malware feel like they have their own community now, their own social circles. They have their own social networks."

In contrast to people like Theodore Kaczynski, the Unabomber, who schemed in isolation to blow people up, cybercriminals today have plenty of support for their attacks and scams. They can buy automated attack kits or information about undiscovered exploits. They can rent botnets -- groups of compromised computers -- to spam, steal personal data, or conduct denial-of-service attacks. Their questions about breaking into other people's computers can be answered through IRC chats or Web forums. They're part of a thriving underground economy that's expected to grow in 2008.

And as cybercrime becomes an even bigger business, the profile of the cybercriminals is broadening beyond young men with computer skills. Jackson said that cybercriminals still appear to be predominantly male, "but we see a lot more women and girls involved in hacking."

One explanation for that may be that malicious hacking in the name of nationalism is tolerated, or even encouraged, in some parts of the world. It's socially acceptable.

"I've been really amazed at the way people defend their actions," Jackson said. "I've had people argue that it's not a bad thing."

Jackson recounted an article he'd had translated from a small-town Russian newspaper that lauded two local hackers for sticking it to "those Capitalists." Russian nationalism appears to be the motivation behind the massive distributed denial-of-service attack that hit Estonia in April. Attacks traced to China are also often attributed to nationalism. But more often than not, the real motivation is money.

Dave Marcus, security research and communications manager at McAfee Avert Labs, said that before 2000, the profile of the hacker was different, more "the pimply kid in the basement." Today, there's more professionalism, he said, because there's money in hacking in many countries.

While Marcus couldn't say whether more women were getting involved in criminal hacking, he did note that those in the security field tended to be exceptionally talented. "Most of the women in security and malware tend to have a lot higher skills than the guys do," he said. "They're considered much more elite."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.