To many people, the hacker is an almost mythical figure; existing in the shadows, wreaking occasional havoc but, mercifully, often without direct impact on our everyday lives. The stories of the CIA being hacked, celebrities having their data compromisedor companies being exposed feel like they are on the fringes of our experiences right? We'll be OK, right? Wrong. Like it or not, the threat is all around us. And growing. It's no longer the isolated, odd geek in his bedroom who lives on a diet of pizza and computer code. Today, it's about power and money with both things driving an explosion in the number of active hackers. Crucial to our ability to combat this ever-growing threat is our understanding of the motivations of what turns someone into a hacker; understanding what makes someone do what they do is hugely helpful in determining the best strategy to thwart them.
Let's get the really scary stuff out of the way first...
There used to be a common consensus that many of the financially motivated phishing and spam attacks were coming out of countries like Nigeria and being done by poor people hired by criminal organisations. We've all seen the so-called Nigerian 419 email scams in which the victim is convinced to hand over money to a stranger. But these clumsy attempts at fraud and extortion have been replaced with organised cyber criminal and mafia groups out of Russia, China, Brazil and other hotspots. With big money to be made, there is a balance to be struck between speed with sophistication, depending on the intended target. Most work in an almost Hydra-like manner, quickly spinning up and re-using existing tool sets to run widespread hit-and-run campaigns. To fend off such an onslaught, you must find efficient ways to repel the initial attempts to compromise your systems, and these guys will quickly go off in search of easier prey.
As we know, it's not just individuals and companies who are witnessing this growing threat; the furore around what may or may not have happened with the US Presidential election, has, at the very least, shone a spotlight on what the potential for state-sponsored hacking could be. But most worryingly, the state-sponsored hacker is in it for the long-term; it's a conviction as much as a job or responsibility but they also may be following orders and seeing it as duty. This means they are prepared to spend time developing and implementing new ways to be disruptive. Patience is definitely a strong characteristic both in their actions and in the end game. For example, they may sit on any compromised data until they can use it for maximum impact. Against those who are prepared to play 'the long game', the only answer is to devise a cyber-security strategy that correctly identifies critical assets and puts the right protections around sensitive data itself. A strong foundation is also needed to help detect as well as continuously evaluate if the current threat and risk model used to protect assets is efficient. Regrettably, it's a battle that demands constant vigilance and an unceasing focus on the threat.
But as with any good story, there are reasons to be optimistic. And bizarrely enough, our optimism can be partly founded on the fact that some hackers are actually focused on helping society gain from technology. Few people know that, over 30 years ago in January, The Mentor published what is now known as 'The Hacker Manifesto'. This defined the hacker as a curious person, someone tinkering with new technology with an overarching goal to advance knowledge while at the same time using that knowledge to avoid paying for expensive access to things like telephone networks. And, today, the basic foundation of most 'hackers' remains curiosity - a thirst for understanding how technology works, how it can be improved and how it can be used to improve our everyday lives.
In that domain, hackers (call them white hats if you will) have gained, over the years, more insight into using technology and, with it, knowledge to improve and protect everyday life. Today, a strong focus of these hackers can be seen in the development of solutions to protect and give us control over our personal privacy. There is also a strong regard for open access, transparency and respect for each other. These are things that benefit us, at an individual and societal level.
For now, hacking is very much here to stay. And we'll continue to see its malevolent (and sometimes benevolent) impact permeate our lives. But by being aware of the scale of the threat and understanding the motivations behind those who carry that threat, we can at least take steps to keep ourselves safe. In the process, we'll ensure that the threat remains manageable and maybe, one day, we may even see it retreat back into the shadows from where it came.