7

T HE

types
of highly
effective
HACKERS
Highly Effective Approaches to Cybersecurity
Digital transformation is impacting every aspect of
business—shaping growth, transforming products,
optimizing operations, and empowering employees.
But with these extraordinary opportunities comes
many questions about how IT leadership can effectively
evolve their organizations, while still securing their data
against the threat of increasingly severe cyberattacks.

THE THREAT LANDSCAPE. The rapidly dissolving IT

perimeter has created new targets for hackers. And hackers
are becoming much more skilled and organized. As a result,
there’s been an unprecedented rise in the number, sophis-
tication, severity, and financial impact of different attack
vectors around the world. Threats now range from trouble-
making teenagers hacking alone on their laptops for brag-
ging rights, to highly organized criminal collectives with
the power to threaten national and international security.

Introduction 2
THE GOOD AND BAD NEWS. Let’s start with the
bad news. Due largely to the seven different types of
hackers outlined in this e-book, the rate of cybercrime
is increasing exponentially. Millions of dollars of
intellectual property are at risk, as well as the threat
of lost productivity. The good news is that your organiza-
tion doesn’t have to fight these criminals alone. While the
reality is clearly daunting, thanks to its sheer size and scope
worldwide, Microsoft is uniquely positioned to help
you do something about it.

Because of the massive scale of information that

Microsoft processes—billions of device updates and
hundreds of billions of emails and authentications for
example—we’re able to synthesize threat data far faster
than your organization could ever do it alone.
– Microsoft Blog “Microsoft’s unique perspective on
cybersecurity.” June 24, 2016.

[Our] unique insight into the threat landscape, informed

by trillions of signals from billions of sources, create an
intelligent security graph that we use to inform how we
protect all endpoints, better detect attacks, and accelerate
our response.
– Microsoft’s Chief Information Security Officer
Bret Arsenault, 2015 - Microsoft Blog “Enterprise security
for our mobile-first, cloud-first world.” November 17, 2015.

Introduction 3
 e statistics Accor
im
Cybercr gering
ding t
o the
st ag Agen
cy (N National C

2
are
CYBE
CA), i
n 201 rime
6,
There’s a new
lone, identity fraud RCRIM
In the U.S
.a
SURP E
4 0 0 A
victim ever y

2 , s of
SECONDS
all oth
e
SSED
complain
t crime r forms
(Javelin, 2015)2

M W A R E in the of
O
RANS o therted t IN 2015 (Dark
U.K.
Readin
g, Jun

594
e 201

were repo
6) 3

r im e C o mplaint
Internet C 1 5 — a t a cost of
r2 0
Center fo
ION
9
ILL
0
24 M
2
$

MILLION $
16)1
Release, 20
(FBI Press

There wa people worldwide

N
600 % O
sa
were victims of
IL L I
M stolen in th0e16
ONLINE CRIME
increase was rter of 2
a
first qu using
in
Attachm ATS
ent-base T H R E
d vs. CYBER and
URL-deli M W ARE
malware vered (2016 Norton Cybersecurity Insights Repo
rt)5
RANS, AO
pril 20
16)
6

at
from mid tacks ( FBI re
port

-2014 to 2
(Proofpo
int, 2015) 4 015
Cybercrime Statistics 4
Script Kiddies
Often bored teens, hacking alone,
don’t put much time or thought
into gaining computer knowl-
edge on their own and instead
exploit existing code.

WHAT MOTIVATES THEM. Thrill seekers,

these budding criminals mostly hack for fun,
recognition, and bragging rights. But that
doesn’t mean they can’t pose a serious threat.⁷

Script Kiddies 5
TOOLS OF CHOICE. Because they often lack the skill to
write their own code, they instead cut and paste code or
scripts developed by others to cause trouble for their victims.
Among the most damaging tools used by script kiddies are
rootkits, which allow them to solidify their hold on systems
once they’ve broken in. STATS. Although they’re difficult to track, it’s estimated
that there are millions of script kiddies at work around the

TARGETS. Script kiddies often scan the internet for a world. And, although they’re the most inexperienced and

victim computer with a specific vulnerability to leverage immature on our scale of hacker types, they can cause as

their limited skill set. The newest generation of rootkits much damage as their more savvy counterparts.⁹

actually replaces pieces of your kernel in RAM, where it

takes control of your system.⁸ THE BEST PROTECTION. Because script kiddies usually
lack technical skill, they tend to be sloppy and often leave
evidence of their work. Your best security plans are:

1. Stop them from getting in the door in the first

place by keeping your security up to date and
deploying intrusion detection systems.

2. Implement tools like chkrootkit Rootkit Hunter

to tackle the more challenging rootkit problem.

3. Be proactive and set your security measurements

up ahead of time so they can offer advance warning
if something goes wrong.

Script Kiddies 6
Hacking Groups
A loose collection of script kiddies who wield
more power as a collective than as individuals
and can seriously disrupt business.

WHAT MOTIVATES THEM. While disregarded by some for the

same reasons as script kiddies, these hackers, working together,
glean confidence from their status as a collective and have the
potential to wreak a great deal more havoc, often leveraging the
combined range of skills within their group to be more effective.

Hacking Groups 7
TARGETS. Currently, hacker groups typically
focus on releasing sensitive documents and
personally identifiable information. These
attacks have the potential to result in serious
harm, particularly to high-profile companies,
law enforcement, and government personnel.
One famous hacker group is LulzSec, known
for well-publicized attacks on the CIA and the
U.S. Senate in 2015.
STATS. Clearly, the range of damage hacker
groups can do varies widely, but even seemingly
harmless pranks can have potentially disastrous
effects. For example, on April 23, 2013, a single
tweet from the hacked account of the Associated
Press led to a $136 billion drop on the S&P
500 index within approximately two minutes.10
THE BEST PROTECTION. A basic 5-step
plan is helpful against ALL forms of criminal
cyberthreats:
1. Invest in defense, including intrusion
detection and protection.
2. Plan a response strategy to uniquely
address each type of attack.
3. Institute solid HR policies to protect
against insider threats.
4. Deploy a solid incident response platform.
5. Document and share attack reports across
the IT department.
Hacking Groups 8
Hacktivists
Collectives of savvy, politically motivated,
and often exceptionally skilled hackers.
They’re fighting a war and cybersecurity
is their weapon of choice.

WHAT MOTIVATES THEM. Grounded in hacker

#HACK
culture and ethics, hacktivist goals are often inspired
by a passionate commitment to free speech, human
rights, or freedom of information.

HERE
VERYW
WE ARE E Hacktivists 9
 TOOLS OF CHOICE. In many cases, hacktivists use
the same tools and techniques as regular hackers.
However, because their goal is attention rather than
financial gain, there are some significant differences.
DNS tunneling, for instance, exploits a target’s servers
that convert IP addresses to domain names as entry
points into its networks, or “denial of service” (DoS)
attacks, which act as distraction while the attackers
work to access another part of the network. These,
along with hijacking websites and taking over Twitter
accounts and Facebook pages, allow hacktivists to steal
TARGETS. They might leave a highly visible message
and disclose sensitive information they illegally access.
on the homepage of a site that represents a political
In fact, more than any other type of hacker, hacktivists
affiliation the hackers oppose. Or they may disrupt traffic
often leverage social media to generate publicity and
to a high-profile site that will cause a stir and get people
support for their efforts.11
asking questions, thereby giving them the opportunity
to state their case.

#HACK For example, Anonymous, the best-known hacktivist

group, has launched attacks against child-porn sites,
Koch Industries, Bank of America, NATO, and various
government websites. Interestingly, in almost 75 percent
of cases, hacktivist targets are warned ahead of time
of the impending attack, something that rarely if ever
happens with financially motivated hacks.12

ERE
W H
V E RY
RE E Hacktivists
E A 10
 STATS. Most of the cyberattacks performed by hacktivists
are illegal under domestic crime statutes. Few cases, however,
reach the point of prosecution, in part because the damages are
usually minor. However, with nationalist groups getting in on
the action, the problem is growing. In 2012, of the 177 million
records stolen by hackers, 100 million were taken by hacktivists.

THE BEST PROTECTION. Several leaders of prominent

CK
#HA hacktivist groups have argued that it’s actually quite simple to

1. Stay off their radar, conduct business ethically, and be so-

cially responsible. But the truth is, organizations need to
take real precautions as the scale of hacktivism expands
exponentially year over year.

2. Put multiple layers of security controls in place, so that

something that breaches one layer is less likely to get
through to another.

3. Ongoing education and awareness efforts are also

crucial. Informed and proactive people are the first line
of defense against any of these criminals.

Hacktivists 11
Black Hat
Professionals
These are highly experienced hackers who
do this work for a living, bringing decades
of extensive computer knowledge to the
table. They generally neither destroy nor
seek publicity but figure out new ways to
infiltrate impenetrable targets, developing
avenues of attacks that often prove costly
for both governments and businesses.

WHAT MOTIVATES THEM. A broad range of incentives

and goals attract hackers at this elite level, including mon-
ey, revenge, public attention, bragging rights, access to
valuable data, and even mere amusement.

Black Hat Professionals 12

TOOLS OF CHOICE. Their purpose is to breach
or bypass internet security, break into computers
and networks, and also create computer viruses.
While regular hackers build things, black hat
professionals (also known as “crackers”) break
things, maliciously exploiting security vulnerabil-
ities that frequently threaten the personal and/or
financial information of millions of customers.

TARGETS. Black hats target applications,

networks, computer systems, infrastructure
and, occasionally, even people. Their victims
include companies with valuable intellectual
property, financial organizations, any company
with sensitive data to exploit, and even, maybe
most distressing, hospitals and other
healthcare facilities.13

Black Hat Professionals 13

STATS. To offer a glimpse into the power of a single black
hat hacker, consider this: American hacker, “c0mrade”, man-
aged to hack into a number of networks, including those
belonging to NASA. He downloaded enough source code
to learn how the International Space Station worked. The
total value of the downloaded assets was worth millions.
To make things worse, NASA was forced to shut down its
network for weeks while they investigated the breach.

THE BEST PROTECTION. Ironically, one of the most

effective strategies to defend your organization from a
Black Hat professional, is to engage a member of their own.

1. Engage the services of a “white hat”—an ethical hacker

with similarly comprehensive skills who puts them to
work testing vulnerabilities, exploits, and viruses and
reporting them to potential target organizations so
they can breach any holes and strengthen their overall
security position.

2. Maintain good security hygiene across your network.

Enforce good configuration policy. Ensure systems are
protected by firewalls. Enforce password best practices.

Black Hat Professionals 14

Organized
Criminal Gangs
Led by seasoned professional criminals,
these serious and very talented hackers
function within a sophisticated struc-
ture, guided by strict rules to ensure their
crimes go undetected by law enforcement.
It’s like The Mafia, only with computers. In
fact, a large number of black hat hackers
are affiliated with organized crime.

WHAT MOTIVATES THEM. Forget the image of a

17-year-old hacker, working alone in his parents’ basement;
instead, picture sophisticated and organized cybercriminals
who choose this way of life as a profession. They’re driven
by the immense amounts of money they can make at this
level, and how much “easier” cybercrime is relative to more
traditional criminal activity.

Organized Criminal Gangs 15

TOOLS OF CHOICE. These highly experienced
developers have deep knowledge and years of expertise
that enables them to constantly innovate their malware
and attack tactics.

TARGETS. Every kind of cyberattack mentioned above

and many more you can’t imagine. These professional
crime rings often launch their attacks on Friday evenings,
after work hours, so their infiltration is more likely to go
undetected for longer—and therefore do more damage.
A few years ago, these hackers were stealing money in the
five-figure range; today these brazen cybercriminals are
stealing millions of dollars at a time.

STATS. We’ve reached the point where highly organized

criminal gangs are generating about 80 percent of
cybercrimes. Unlike other types of hackers, they keep
office hours and take weekends off, treating their nefarious
activities just like regular jobs. But when they turn out the
lights, they flip the switch on the kinds of data breaches
that, according to a 2015 Cost of Data Breach Study by the
Ponemon Institute, cost an average total of $15 million per
year. And cybercrime is forecast to become a $2.1 trillion
problem by 2019.14

Organized Criminal Gangs 16

THE BEST PROTECTION. The scale and sophistication
of modern cybercrime is unprecedented. Protecting your
organization from this rapidly evolving threat will require
a new holistic approach to cybersecurity. Alongside this
new approach, there are ways you can improve your
security today.

1. Maintain best practices for organization security

and stronger architecture.

2. Additionally, the open and rapid sharing of infor-

mation offers the best protection against this
level of cyberthreat.

3. Stay up to date on the latest information about

cyberthreats, including tools, tactics, and procedures.

Organized Criminal Gangs 17

Nation-States
WHAT MOTIVATES THEM. Nation-states are more inter-
ested in political and economic espionage — stealing state
secrets, intellectual property, and the personal information

This is organized cybercrime at the inter- of government employees — than simply making money.
A recent example was the hack of the U.S. Office of Personnel
national level, using hacking techniques as Management, which put at risk the personal information
military, political, and economic weapons. of up to 14 million current and former federal employees.15

Nation-States 18
TOOLS OF CHOICE. Spear phishing, credential harvest-
ing, malware, records theft, and complex techniques for
evading detection... The list is sophisticated and seemingly
endless. The most talented and ruthless hackers are put to
work by nation-states to do the dirty work while the
government officials who employ them remain officially
unsullied. U.S. and European defense officials have charged
that nations such as Russia and Iran are increasingly arm-
ing and encouraging criminal and activist groups with the
cyberweaponry necessary to harm their enemies, without
taking official responsibility for the crimes.

TARGETS. With massive computing power at their

disposal, nation-states target critical infrastructure,
military, utilities, or financial sectors of their adversaries.
In May 2016, the FBI issued a warning that foreign
government hackers are actively targeting the U.S.
The report read, “Advanced Persistent Threat (APT)
cyber actors continue to target sensitive information
stored on U.S. commercial and government networks
through cyber espionage.”16

Nation-States 19
STATS. Because nation-state–supported hackers are
extremely well funded, they can be particularly formidable
adversaries. As a result, nefarious nation-state–sponsored
cyber activity can have devastating effects on a country’s
national security and its economy. According to Forrester
research, “...all nation-states are not created equal, and like
individual hackers, each has a different motivation and
level of cyber capability.”17
THE BEST PROTECTION. Most organizations are far
more likely to experience the other kinds of cybercrime
detailed here than have to deal with nation-state activity.
However, as always there are ways to improve your organi-
zation’s network security.
1. The FBI has advised network administrators to engage
in “proactive patch management” as the main line
of defense.
2. Know your network. Address easily exploitable
vulnerabilities and encrypt all confidential data.
Nation-States 20
The Cyberweapons
Dealer
A more seasoned criminal who sells
automated pieces of software that act
like weapons, mostly to nation-states
or organized crime rings, but really
to anyone who can afford them.

WHAT MOTIVATES THEM. Money. A lot of it.

TOOLS OF CHOICE. The dealer arms attackers with a

foundational piece of software that acts like a worm virus,
which they then use to build their weapons without
advanced coding skills. Because it’s so much easier to
customize a preexisting tool than to start from scratch,
these tools are worth a lot of money to attackers. And
a well-crafted piece of software can be used by any one
of the other six cybercriminal types.

Cyberweapons Dealer 21
TARGETS. The weapons peddled by these dealers target
vulnerabilities in software that haven’t been discovered by
their manufacturers. Nation-states often use those same
virtual holes to gain under-the-radar access into foreign
computer systems for the purposes of eavesdropping or
even taking control of the systems themselves.

TOOLS OF CHOICE. One example of a dangerous cyber-

weapon is the malicious Dorkbot botnet. It infects over
100,000 devices each month and has owned over a million
PCs in 190 countries. In December of 2015, thanks in part
to its sophisticated security software that detects and re- THE BEST PROTECTION. Once again, you need to get in-

moves the virus (often before users are even aware they’ve side the minds (and skillsets) of the criminals to fight them

been targeted), Microsoft teamed up with various law effectively. A 2014 Rand study found that computer securi-

enforcement around the world, including the DHS and FBI, ty companies and software vendors often pay researchers

to disrupt the Dorkbot network.
a bounty for cyberweapons, so they can take them off the
market before they’re used for attacks. But the dealers can
earn 10 to 100 times more on the gray markets, where gov-
ernment and agencies and corporations are the big buyers,
as well as on the black market where criminals conduct
their business.18

Cyberweapons Dealer 22
Security is a journey not a destination.
Knowledge and preparation are power.

We’ve taken a high-level threat assessment

of seven different but dangerous attackers.
Securing organizations from rapidly evolving
threats and mitigating the risks associated
with the digital world that we live in requires
a new approach to cybersecurity. One of the
best ways to protect your data is to move it
into Office 365 and take advantage of the
expertise Microsoft can deliver.

OFFICE 365 SECURITY. Microsoft takes

extensive measures to protect your data
in Office 365. Our investment in security
resources is among the best in our industry,
and we are constantly looking for new,
innovative ways to protect your data.
Microsoft continuously invests in advanced
security tactics, it has world-class security
experts, and the datacenters have incredible
investments in physical security features.

23
One security innovation utilized by Microsoft is
Red Teaming, a type of wargame that leverages
actual attacks to test Microsoft’s systems and
operations. These real-life attacks are launched
by our internal Red Team and defended against
by our Blue Team. By simulating actual attacks
against Microsoft services, we can better antici-
pate and protect against threats to your data. Red
Teaming is just one part of our overall approach
to security. Our defense in-depth strategy lever-
ages six layers of security to protect your data
from attackers. These layers are physical, network,
identity, host security, application-level security,
and data security.
DATACENTER PHYSICAL SECURITY. Office
365 data is stored in Microsoft’s network of
datacenters, strategically located around the
world. These datacenters are built from the
ground up to protect services and data from
harm by natural disaster or unauthorized access.
Datacenter access is restricted 24 hours per day
by job function so that only essential personnel
have access to customer applications and ser-
vices. Physical access uses multiple authentication
and security processes, including badges and
smartcard, biometric scanners, on-premises
security officers, continuous video surveillance,
and two-factor authentication. The datacenters
are monitored using motion sensors, video sur-
veillance, and security breach alarms. To prepare
for a natural disaster, the datacenters use seismi-
cally braced racks where required and have auto-
mated fire prevention and extinguishing systems.
DATACENTER NETWORK SECURITY.
Networks within Office 365 datacenters are
segmented to provide physical separation of
critical back-end servers and storage devices
from the public-facing interfaces. Microsoft
Edge router security detects intrusions and
signs of vulnerability. Customer connections
are encrypted using industry-standard Transport
Layer Security (TLS)/Secure Sockets Layer (SSL).
The use of TLS/SSL establishes a highly secure
client-to-server connection to help provide data
confidentiality and integrity between the desk-
top and the datacenter.
IDENTITY AND ACCESS CONTROL. In this
digital world filled with hackers, it is critical for
customers to be able to control who can access
data and how they can use it. Office 365 is
integrated with Active Directory, Azure Active
Directory, and ADFS. This integration provides
strong authentication and granular control over
24
how IT professionals and users can access and
use the service.
HOST SECURITY. Antivirus and antispam
protection is delivered through Exchange
Online Protection and Advanced Threat Pro-
tection.* These services deliver comprehensive
protection against known malware and zero-day
attacks. They are easy to use and deliver granular
controls.
APPLICATION LEVEL. Office 365 services
are intentionally built to support a very high
load and to protect and mitigate against appli-
cation-level DDoS (distributed denial-of-service)
attacks through the implementation of throt-
tling, a scaled-out architecture, regional isolation,
and high-performance components.
We also leverage our global presence to
distribute attacks across a vast surface area.
Customer data is replicated to redundant
datacenters in a primary/backup fashion.
The distribution of data in multiple datacenters
reduces the affected surface area in case one
datacenter is attacked. The services in the
affected datacenter can be quickly failed over
to the secondary datacenter as one of the
recovery mechanisms.
The throttling mechanisms in Exchange Online
and SharePoint Online are also important tools that
defend against DDoS attacks. Exchange throttling
for users is based on the amount of Active Directo-
ry, Exchange store, and other resources that a user
consumes.
DATA SECURITY. Office 365 is designed to host
multiple tenants in a secure way through data iso-
lation. Data storage and processing for each tenant
is segregated through Active Directory and capabil-
ities specifically developed to help build, manage,
and secure multitenant environments.
Within Microsoft datacenters, staff’s access to
the IT systems that store customer data is strictly
controlled via role-based access control (RBAC)
and lockbox processes. Access control is an auto-
mated process that follows the separation of duties
principle and granting least privilege. Engineers
request access for particular tasks into a lockbox.†
The lockbox process determines the duration
and level of access.
* Available in Office 365 Enterprise E5 or as a standalone
† Customer Lockbox Available in Office 365 Enterprise E5 or as a standalone
25
Customer data in Office 365 exists in two states:
at rest on storage media and in transit from
Office 365 over a network to a customer
device. Office 365 allows encryption of data in
both states to make it unreadable to unautho-
rized parties. All email content is encrypted on
disk using BitLocker 256-bit AES Encryption.

With all of the potential threats out there,

don’t try to protect your data on your
own. Take advantage of the expertise that
Microsoft delivers with Office 365.

Download Empowering Employees in a

Digital World E-book to learn how to
get a secure, productive workforce with
enterprise cloud services.

Watch this episode of Modern Work-

place, Inside Security: Help Keep Your
Organization Safe, to learn how you
can protect your organization from
cybersecurity attacks.
Sources
¹ Anderson, Vicki D. (Special Agent). “Ransomware:
Latest Cyber Extortion Tool.” FBI Cleveland. April 26,
2016. https://www.fbi.gov/contact-us/field-offices/
cleveland/news/press-releases/ransomware-latest-cy-
ber-extortion-tool
2
Pascual, Al. “$16 Billion Stolen From 12.7 Million
Identity Fraud Victims in 2014, According to Javelin
Strategy & Research.” Javelin. March 3, 2015. https://
www.javelinstrategy.com/press-release/16-billion-sto-
len-127-million-identity-fraud-victims-2014-accord-
ing-javelin-strategy
3
Yasin, Rutrell. “Cybercrime Now Surpasses Traditional
Crime In UK.” Dark Reading. June 8, 2016. http://www.
darkreading.com/threat-intelligence/cybercrime-now-
surpasses-traditional-crime-in-uk/d/d-id/1326208
4
Proofpoint Staff. “Proofpoint Threat Report: Top
Trends of 2015 So Far.” Proofpoint. August 13, 2015.
https://www.proofpoint.com/us/threat-insight/post/
Top-Trends-of-2015
5
“Norton Cybersecurity Insights Report”. Norton.
2016. https://us.norton.com/norton-cybersecurity-in-
sights-report-global?inid=hho_norton.com_cybersecu-
rityinsights_hero_seeglobalrpt
6
“2015 Internet Crime Report.” FBI. 2016. https://pdf.
ic3.gov/2015_IC3Report.pdf
©2017 Microsoft Corporation
All rights reserved.
⁷ Wlasuk, Alan. “Help! I Think My Kid Is A Script
Kiddie.” Security Week. January 13, 2012. http://www.
securityweek.com/help-i-think-my-kid-script-kiddie
8
LeBlanc, Dee-Ann. “How to Protect Yourself Against
Script Kiddies.” Information Week. August 6, 2004.
http://www.informationweek.com/how-to-protect-
yourself-against-script-kiddies/d/d-id/1026655
9
“What Is A Script Kiddie?” Security News. http://
www.pctools.com/security-news/script-kiddie/
10
Ibid.
11
Greenberg, Andy. “Verizon Study Confirms 2011
Was The Year Of Anonymous, With 100 Million
Users’ Data Breached By Hacktivists.” Forbes. March
22, 2012. http://www.forbes.com/sites/andygreen-
berg/2012/03/22/verizon-study-confirms-2011-was-
the-year-of-anonymous-with-100-million-credentials-
breached-by-hacktivists/#86e7cdf1f227
12
Ibid.
13
Samani, Raj. “What Morpho Means: Why Hackers
Target Intellectual Property And Business-Confiden-
tial Information.” Dark Reading. June 13, 2015. http://
www.darkreading.com/partner-perspectives/intel/
what-morpho-means-why-hackers-target-intellec-
tual-property-and-business-confidential-informa-
tion/a/d-id/1321275
14
“2015 Cost Of Cyber Crime Study: United States”.
Ponemon Institute. October 9, 2015. http://www.
ponemon.org/library/2015-cost-of-cyber-crime-unit-
ed-states?s=+cost+of+cyber
15
Armerding, Taylor. “Cybercrime: Much More Or-
ganized”. CSO. June 23, 2015. http://www.csoonline.
com/article/2938529/cyber-attacks-espionage/cyber-
crime-much-more-organized.html
16
FBI. “Vulnerabilities And Post Exploitation IOCs For
An Advanced Persistent Threat.” FBI Flash. May 11,
2016. [PDF]
17
Walls, Mike. “Nation-State Cyberthreats: Why They
Hack.” Dark Reading. January 8, 2015. http://www.
darkreading.com/informationweek-home/nation-
state-cyberthreats-why-they-hack-/a/d-id/1318522
18
Ablon, Lillian and Martin C. Libicki, Andrea A. Golay.
“Markets For Cybercrime Tools And Stolen Data.” Rand
National Security Research Division. 2014. http://www.
rand.org/content/dam/rand/pubs/research_reports/
RR600/RR610/RAND_RR610.epub