Who are the bad guys?

It seems like every day there’s a news article about some company or other being hacked, not to mention the controversy around the US election and President-elect Trump’s assertions that hacking wasn’t an issue.  Have you given thought to who may be doing these hacks, and what their motivations are?

The first question I have to ask is this: if someone mentions ‘hacker” to you, what is the first image that pops into your head?  Is it the spotty teenager sitting in a messy bedroom surrounded by discarded pizza boxes and Red Bull / Cola?  Is it the hooded character hunched over a laptop, perhaps wearing a Guy Fawkes mask?  Is it someone going to work in an office?

The answer isn’t clear cut, because there are a whole host of different types of hackers, and their motivations are all different, though to be fair almost all of their motivations boil down to money.  Let’s have a look at some of these groups (also known as threat actors).

Script kiddies are probably the most common stereotype.  These are the youngsters sitting in their bedrooms, just trying stuff to see what happens.  They’re not necessarily being malicious, and are almost certainly not doing things for money.  Their main motivations are curiosity and gaining kudos amongst their peers.  There’s a huge variety of free hacking tools easily available on the internet – and the majority are not illegal. There’s also a huge free training resource out there which you may have heard of.  It’s called YouTube, and you can find videos teaching you how to use almost any of these tools.  The script kiddies get a tool, watch the video and then try it out, just to see if they can.  And here’s an important point.  At no point when they are using any of these tools does a warning come up on the screen or anywhere else to say that they are about to commit a criminal offence.  

Hacktivists are hackers who attack organisations for a cause or for multiple different causes.  Groups like Anonymous (the people in the Guy Fawkes masks) and Lulzsec fall into this category.  Ostensibly just trying to cause disruption to their target groups, the end result is potentially loss of earnings and / or bankruptcy.  For example, when the major credit cards withdrew their services for Wikileaks, Anonymous targeted those card firms (Visa and MasterCard for example) and hit them with large DDoS attacks, preventing them doing business for days on end.  The losses ran into millions of dollars.  It’s hard not to see this as a financial motivation. 

Terrorist groups are also increasingly working in the world of cyber.  Think about the proliferation of videos from ISIS showing beheadings and other unspeakable acts.  They also attacked organisations such as news agencies to stop them reporting and took them off air.  The Syrian Electronic Army are also notorious for their hacking activities.  

Organised crime syndicates were very quick to see the opportunities and benefits of a cyber world, and have been at the heart of a whole range of cyber-enabled services, from credit card fraud, to money laundering, dealing in illicit arms and drugs etc.  They are involved in virus attacks and phishing on a large scale, and are in many ways one step ahead of law enforcement in an ongoing battle of good v bad which shows no sign of ending.  There are millions – billions even – to be made in these markets and they are very well organised, with teams of people, globally spread, who specialise in different aspects of the crime. 

Industrial espionage sounds like something out of a spy movie, but really goes on.  Just imagine that if you’re a pharmaceutical company which has spent millions on developing a new drug to combat cancer, and your competitor comes out with an identical product a few weeks before you do.  What would that do for your profits?  No imagine that the competitor hasn’t spent millions on development, but has instead broken into your systems and stolen the formula.  That’s way cheaper than doing all that development, running trials etc, and for some companies is a huge temptation.  It is the embodiment of industrial espionage, and is all about financial gain.  

State sponsored espionage is also what spy movies are all about, and you can guarantee that it goes on.  I read recently that there are over 100 countries which have the capability to launch cyber attacks on other nations, and nearly all of them do.  As mentioned above, there’s a lot of commentary in the news media at the moment around the US election and whether Russian hackers were involved in helping Trump win, but let’s have a look at another example.  A few years ago the US revealed its latest and best fighter, the F-35.  Shortly after, China revealed theirs, the J-31.  Have a look at the pictures below and think about the similarities. 

This was taken as categorical proof that China had stolen the plans for the US fighter and copied them for their own use.  Again, think about the cost savings in design and development alone, let alone testing etc. It is believed that, for example, in China over 180 000 people are employed by the government to try to access systems and data in different governments around the world.  You may have a team of 200 people tasked with trying to access one specific company or department, and that’s all they are focussed on, day in, day out.  The stakes are high, and the game is never ending.    

There are other individuals and groups involved in hacking, including journalists, researchers etc. Some of this will be white hat or ethical hacking, testing for vulnerabilities so they can be fixed before the bad guys (black hats) can access systems.  There are also grey hats who normally use their skills for good but who may be tempted to the dark side on a single issue or if they feel they should be rewarded for the good they do but are overlooked.