Documente Academic
Documente Profesional
Documente Cultură
Motivated Hacker
October 13, 2017 By The Editor
You’re probably most familiar with the cyber criminal hacker profile, since
they’ve been around longer than the rest. This group’s motive is pretty obvious;
to make money using any means necessary.
Cyber criminal groups can range from a few lone actors who are just out for
themselves, to big cyber crime organizations, often financed and headed by
traditional criminal organizations. This hacker profile is responsible for stealing
billions of dollars from consumers and businesses each year.
Their targets vary from small businesses and consumers, whom they attack
opportunistically, to large enterprises and industry verticals, who they target with
specific goals in mind. In an attack on the banking and credit card industry, a
very organized group of cyber criminals was able to steal 45 million dollars
globally from ATMs, in a highly synchronized fashion. The attack was made
possible due to an initial, targeted network breach against a few banks and a
payment processor company.
Now that you know a little about this enemy, you should focus on getting to
know your current defenses. Subscribe to Secplicity to stay current on the most
recent threats.
Cyber Criminal
Los grupos delictivos cibernéticos pueden abarcar desde unos pocos actores
solitarios que se dedican solo a ellos mismos, hasta grandes organizaciones
del crimen cibernético, a menudo financiadas y encabezadas por
organizaciones delictivas tradicionales. Este perfil de hacker es responsable de
robar miles de millones de dólares de consumidores y empresas cada año.
Ahora que sabes un poco sobre este enemigo, debes enfocarte en conocer tus
defensas actuales. Suscríbase a Secplicity para mantenerse al día con las
amenazas más recientes.
Cyber Criminal
Liderazgo: generalmente funciona solo.
Motivos: robo de identidad, extorsión, clic-jacking, software de piratería.
Asociados conocidos: otros ciberdelincuentes en la web oscura.
Reclamaciones a la fama: Petya, Licky, Cryptowall, CryptoLocker.
Métodos: descargas drive-by basadas en la web, spamming, clics-jacking, ransomware, troyanos.
Profiling Modern Hackers:
Hacktivists, Criminals, and Cyber
Spies. Oh My!
May 30, 2013 By Corey Nachreiner
Sun Tzu, the renowned military strategist and author of The Art of War, was
known for the saying, “Know thy enemy and known thyself, and you will not be
imperiled in a hundred battles.” While the true intention of this quote is likely to
remind us that knowing our own strengths and weaknesses is equally important
to knowing those of your enemy, I can’t help but simplify it to the
rudimentary, “know thy enemy.”
Over the last few years, the general hacker profiles and motives have changed
quite a bit. We no longer live in a world of fame seeking hackers, script kiddies,
and cyber criminals—there are some new kids on the block. It’s important for
you to understand these motive and profile changes, since they dictate what
different types of hackers are ultimately after, whom they target, and how they
tend to do business. Knowing these things can be the key to helping your
understand which of your resources and assets need the most protection, and
how you might protect them.
With that in mind, I’d like to share some quick highlights about the three main
type of attackers I think plague us today:
1. The Hacktivist
Simply put, hacktivists are politically motivated cyber attackers. We’re all
familiar with traditional activists, including the more extreme ones. Over the past
five years, activist have realized the power of the Internet, and have started
using cyber attacks to get their political message across. A few examples of
hacktivist groups include the infamous Anonymous, and the more recent Syrian
Electronic Army. Most hacktivist groups tend to be decentralized and often not
extremely organized. For instance, there can be cases where one factor of
Anonymous may do things another factor doesn’t even agree with.
As disorganized as they may sound, these activist groups can cause significant
problems for governments and businesses. They tend to rely on fairly basic,
freely available “Skript Kiddie” tools. For instance, their most common weapon
is a DDoS attack, using tools like HOIC or LOIC. However, the more advanced
hacktivists also rely on web application attacks (like SQLi) to steal data from
certain targets, with the goal of embarrassing them—something they like to
call Doxing.
While hacktivists are arguably the least worrisome of today’s attackers, they still
have succeeded in causing havoc for many big companies and governments.
Since these hacktivist’s political agendas vary widely, even small businesses
can find themselves a target depending on the business they are in or
partnerships they have.
2. Cyber Criminals
You’re probably most familiar with the cyber criminal hacker profile, since
they’ve been around longer than the other two. This group’s motive is pretty
obvious; to make money using any means necessary.
Cyber criminal groups can range from a few lone actors who are just out for
themselves, to big cyber crime organizations, often financed and headed by
traditional criminal organizations. They are the group of hackers responsible for
stealing billions of dollars from consumers and businesses each year.
Their targets vary from small businesses and consumers, whom they attack
opportunistically, to large enterprises and industry verticals, who they target with
specific goals in mind. In a recent attack on the banking and credit card
industry, a very organized group of cyber criminals was able to steal 45 million
dollars globally from ATMs, in a highly synchronized fashion. The attack was
made possible due to an initial, targeted network breach against a few banks
and a payment processor company.
The newest, and most concerning new threat actors are the state-sponsored
cyber attackers. These are government-funded and guided attackers, ordered
to launch operations from cyber espionage to intellectual property theft. These
attackers have the biggest bankroll, and thus can afford to hire the best talent to
create the most advanced, nefarious, and stealthy threats.
Nation state actors first appeared in the public eye during a few key cyber
security incidents around 2010, including:
While you’d expect nation state attackers to have very specific targets, such as
government entities, critical infrastructure, and Fortune 500 enterprises, they
still pose some threat to average organizations as well. For instance,
sometimes these military attackers target smaller organizations as a stepping-
stone for a bigger attack. Furthermore, now that these advanced attacks and
malware samples have started to leak to the public, normal criminal hackers
have begun to adopt the advanced techniques, upping the level of traditional
malware as well.
Understanding the motives, capabilities, and tools of these three hacker profiles
gives you a better idea of what types of targets, resources, and data each one
is after. This knowledge should help cater your defenses to the types of attacker
you think are most relevant to the business or organization you protect.
Now that you know a little about your enemy, you can focus on getting to know
yourself, and match your defenses to your most likely enemy. Once you’ve
done that, you will not be imperiled in a hundred cyber battles. — Corey
Nachreiner, CISSP (@SecAdept)
To spread the knowledge about today’s three main cyber threat actors,
WatchGuard has created a fun and fact-filled info-graphic. Check it out
below, and be sure to share it with your friends and co-workers to spread
the word.
WatchGuard profiles the three main classes of cyber attackers.
hacker profiles: the bad guys behind the latest cybersecurity attacks.
Get up close and personal with these hacker personalities. Learn to recognize them and
protect your cybernetic data!
Hacktivist
My motives: alter the state, look for virtual pranks and chaos to highlight the government and
large corporations, freeing terrorists, vigilantism, "Doxing", cyber protests, anarchy, fun.
My methods: I use free kiddie skript tools to launch DDOS attacks or web application attacks to
try to hijack a legitimate website or steal data.
My credibility on the street: I was responsible for 58% of all the data theft in 2011, but in 2012
my fellow hackers got a bigger piece of the pie.
my claims to fame: chanology of the project, recovery of the operation, activities of the Arab
spring, operation HBGary, Operation Ouraborus, Operation Megaupload, just to name a few.
Cyber Criminal
My reasons: identify the theft, credit card information, extortion (through ransonware or
DDOS), click on the account, pirate software, monetize the computer data in any way possible.
My boss: my financier, a traditional criminal organization that has decided to recruit children
who are experts in technology.
My tools: exploit kits sold in markets and underground Internet forums (or dark net) ... I also
buy and sell pre-packaged botnets and botnet modules.
My methods: I prefer web-based downloads, spam, clicking, installing rasonware and fake
software, and I can even use my victims to attack others.
My hero: Albert Gonzales, who stole more than 170 million credit and debit cards in two years.
My colleagues: other cybercriminals in the clandestine market, where we exchange piracy kits.
My claims to fame: I recently completed a global bank robbery, stealing around $ 45 million in
ATMs.
National state
My motives: obtain intelligence from my enemies, cyber espionage, steal secrets from my
adversaries, disarm or destroy an enemy's military infrastructure, propaganda, distract an
enemy during a real attack.
My boss: my government
My tools: customized and advanced malware and toolkits designed for a very specific objective
(ie, Stuxnet, Flame, Gauss).
My street cred: in the Aurora attacks of 2009, I introduced the watering hole attack and have
targeted over 30 large companies inclifing Google.
My Claims to Fame: Google Aurora attacks, New York Times hack, and other classified security
breaches.
Perfilando hackers modernos:
hacktivistas, delincuentes y espías
cibernéticos. ¡Oh mi!
30 de mayo de 2013Por Corey Nachreiner
En los últimos años, los perfiles y motivos de los piratas informáticos generales
han cambiado bastante. Ya no vivimos en un mundo de hackers en busca de
fama, delincuentes y delincuentes cibernéticos; hay algunos niños nuevos en la
cuadra. Es importante que comprenda estos cambios de motivo y perfil, ya que
dictan qué tipo de hackers persiguen, a quién apuntan y cómo tienden a hacer
negocios. Conocer estas cosas puede ser la clave para ayudarlo a comprender
cuáles de sus recursos y activos necesitan la mayor protección y cómo puede
protegerlos.
1. El Hacktivista
Mientras que los hacktivistas son posiblemente los menos preocupantes de los
atacantes de hoy, todavía han tenido éxito en causar estragos en muchas
grandes empresas y gobiernos. Dado que las agendas políticas de este
hacktivista varían ampliamente, incluso las pequeñas empresas pueden llegar
a ser un objetivo según el negocio en el que se encuentren o las asociaciones
que tengan.
2. Delincuentes cibernéticos
Los grupos delictivos cibernéticos pueden abarcar desde unos pocos actores
solitarios que se dedican solo a ellos mismos, hasta grandes organizaciones
del crimen cibernético, a menudo financiadas y encabezadas por
organizaciones delictivas tradicionales. Son el grupo de piratas informáticos
responsable de robar miles de millones de dólares a consumidores y empresas
cada año.
Los actores del estado nacional aparecieron por primera vez en el ojo público
durante algunos incidentes de seguridad cibernética clave alrededor de 2010,
que incluyen:
Si bien se espera que los atacantes del estado nación tengan objetivos muy
específicos, como las entidades gubernamentales, la infraestructura crítica y
las empresas Fortune 500, también representan una amenaza para las
organizaciones promedio. Por ejemplo, a veces estos atacantes militares
apuntan a organizaciones más pequeñas como un trampolín para un ataque
más grande. Además, ahora que estos ataques avanzados y muestras de
malware han comenzado a filtrarse al público, los hackers criminales normales
han comenzado a adoptar las técnicas avanzadas, aumentando también el
nivel del malware tradicional.
Hacktivist
Mis motivos: alterar el estado, buscar bromas y caos virtuales para destacar al
gobierno y las grandes corporaciones, liberar terroristas, vigilancia, "Doxing", protestas
cibernéticas, anarquía, diversión.
Mi jefe: yo mismo y lo que creo, totalmente descentralizado.
Mis herramientas: ataque a aplicaciones web utilizando herramientas disponibles
gratuitamente.
Mis métodos: uso herramientas skript kiddie gratuitas para lanzar ataques DDOS o
ataques de aplicaciones web para intentar secuestrar un sitio web legítimo o robar
datos.
Mi héroe: Guy Fawkes, el rostro de Anonymous.
Mis camaradas: 4chan, Anonymous, LulzSec, Antisec.
Mi bebida favorita: bebidas energéticas.
Mi credibilidad en la calle: fui responsable del 58% de todo el robo de datos en 2011,
pero en 2012 mis compañeros hackers obtuvieron un pedazo más grande del pastel.
mis reclamos a la fama: chanología del proyecto, recuperación de la operación,
actividades de la primavera árabe, operación HBGary, Operación Ouraborus,
Operación Megaupload, solo por nombrar algunos.
Cyber Criminal
Mis razones: identifique el robo, la información de la tarjeta de crédito, la extorsión (a
través de ransonware o DDOS), haga clic en la cuenta, software pirata, monetice los
datos de la computadora de cualquier manera posible.
Mi jefe: mi financista, una organización criminal tradicional que ha decidido reclutar
niños expertos en tecnología.
Mis herramientas: kits de exploits vendidos en mercados y foros subterráneos de
Internet (o redes oscuras) ... También compro y vendo botnets preempaquetados y
módulos de botnets.
Mis métodos: prefiero las descargas basadas en la web, el correo no deseado, hacer
clic, instalar el software rasonware y falso, e incluso puedo usar a mis víctimas para
atacar a los demás.
Mi héroe: Albert Gonzales, quien robó más de 170 millones de tarjetas de crédito y
débito en dos años.
Mis colegas: otros ciberdelincuentes en el mercado clandestino, donde
intercambiamos kits de piratería.
Mi bebida favorita: Vodka.
Mi crédito callejero: el año pasado recibí $ 20,7 mil millones de consumidores.
Mis reclamos a la fama: Recientemente completé un robo bancario global, robando
alrededor de $ 45 millones en cajeros automáticos.
Estado nacional
Mis motivos: obtener inteligencia de mis enemigos, espionaje cibernético, robar
secretos de mis adversarios, desarmar o destruir la infraestructura militar de un
enemigo, propaganda, distraer a un enemigo durante un ataque real.
Mi jefe: mi gobierno
Mis herramientas: malware y kits de herramientas personalizados y avanzados
diseñados para un objetivo muy específico (es decir, Stuxnet, Flame, Gauss).
Mis métodos: amenazas persistentes avanzadas, exploits de día cero, tecnología de
rootkit, encriptación fuerte y muchas técnicas de evasión. Utilizo malware
personalizado para sistemas informáticos no tradicionales.
Mi héroe: gorila feo (nombre real: Jack Wang).
Mis camaradas: solo confío en unas pocas personas dentro de mi organización
gubernamental.
Mi bebida favorita: un licuado de martini, sin agitar.
Mi credibilidad en la calle: en los atentados de Aurora de 2009, presenté el ataque al
abrevadero y apunté a más de 30 grandes compañías que incluyen a Google.
Mis reclamos a la fama: ataques de Google Aurora, pirateo del New York Times y
otras violaciones de seguridad clasificadas.