ST1 - session 3 - Hackers.pdf

Transcript

Secure Thinking
Session 3
What is a Hacker?

Jeff Crume, PhD, CISSP, ISSAP
IBM Distinguished Engineer
NCSU Teaching Assistant Professor
Previous Assignment

Peruse the Resources links
Subscribe to the ones you like
Make a current events post to the
Discussion Board
At a hotel in “Normal,” IL

3
Know your enemy
 What is a hacker?

Source: www.merriam-webster.com/dictionary/hacker
 Hacker Hats
”Hacking is a felony in the United
States and most other countries.
When it is done by request and
under a contract between an ethical
hacker and an organization, it’s OK.
The key difference is that the ethical
hacker has authorization to probe
the target.”

’Q&A with IBM’s Charles Palmer,’
Insurgency on the Internet,
https://www.rasmussen.edu/degrees/technology/blog/types-of-hackers/
CNN.com, 1999
Hacker Taxonomies
Furnell, 2002 Rogers, 2005
Cyberterrorists Hacker Circumplex
Cyber warriors
Hactivists
Malware writers
Phreakers
Samurai
Script Kiddies
Warez doodz
CERIAS Tech Report 2005-43, “The Development of
a Meaningful Hacker Taxonomy: A Two Dimensional
Approach
 How should we classify hackers?
By skill level?
– Script kiddie, intermediate, elite
By tactics/techniques?
– Cracking, hacking, DOS’ing
By motivation?
– Piracy, profit, politics
By target?
– Banks, nation states, individuals
By psychological profile?
– Sociopaths, criminals, misfits
 My additions

Source: “Your guide to the seven types of malicious hackers,” Roger Grimes, infoworld.com, Feb 8, 2011
https://www.wral.com/news/local/video/17375259/
 ASSIGNMENT: Mitnick Questions
Does it matter that he didn’t directly profit from his
hacking?
Does it matter that he said there were no laws against
what he was doing?
Does it “take a thief to catch a thief?”
Would you hire a “reformed hacker?”