Every day, we hear about a new security breach, but who’s behind these attacks? Whether you’re dealing with the “professional mercenary,” the “cyber warrior” or the “malicious insider”, hackers come in many shapes and sizes. They have access to a varying set of resources including tools and utilise a broad range of attack techniques to steal valuable information or cause business disruption. As a result, it’s crucial that organisations understand the motivations, sophistication, and potential impacts of hackers.

The term hacker was first used to describe a programmer or someone who hacked out computer code. Later the term evolved to identify an individual who had an advanced understanding of computer systems, networking, programming or hardware, but did not have any malicious intent. When the Internet appeared, these people found a new realm where they could travel through the virtual world. They were often exploring and learning how security systems, computers, networks, or programs worked. Today, an individual who illegally breaks into networks or computers or create computer viruses to damage or steal information to profit from their innate hacking capabilities is referred to as a hacker.

Hackers have different motives; some hackers are politically motivated. They destroy, disrupt, take control of targets, commit espionage, and make political statements, protests or retaliatory actions. Another set of hackers are motivated to steal intellectual property or other economically valuable assets such as funds and credit card information, commit fraud, industrial espionage and sabotage and blackmail. While other hackers are motivated for socio-cultural reasons and carry out attacks for philosophical, theological, political, and even humanitarian goals.

Sometimes, these include fun, curiosity, and a desire to gain publicity or ego gratification.The following are personas and categories the organisations have to defend against:

- A Black Hat Hacker is typically referred to as just plain “hackers”. They continue to technologically outpace white Hat hackers and often manage to find the path of least resistance, due to human error or laziness, or with a new type of attack technique. Hacking purists often use the term “crackers” to refer to black hat hackers and they are motivated generally to profit.

- Script Kiddy is a derogatory term for black hat hackers who use borrowed tools or programs to attack security systems, networks, applications, servers and deface websites in an attempt to make names for them.

- Phreaker is a telecom network hacker who hacks a telephone system illegally to make calls without paying for them.
- Hacker activists, or hacktivists, are both organised and unorganised. They are motivated by politics or religion, while others may wish to expose wrongdoing, or exact revenge, or simply harass their target for their own entertainment.

- State Sponsored Hackers belong to nation states who realise that it serves their military objectives to be well positioned online. They have limitless time and funding to target civilians, organisations, and governments.

- Spy Hackers are hackers for hire who are hired by organisations to infiltrate their competition and steal trade secrets. They may hack in from the outside or gain employment in order to act as a mole. Spy hackers may use similar tactics as hacktivists, but their only agenda is to serve their client’s goals and get paid.

- Cyber Terrorists are both organised and unorganised groups. They are generally motivated by religious or political beliefs; attempt to create fear and chaos by disrupting critical infrastructures. They are by far the most dangerous, with a wide range of skills and goals. Their ultimate motivation is to spread fear, terror and even commit murder. There can be some overlap or difficulty in placing them into a particular category when these discrete groups collaborate and share intelligence in a given situation.

In addition to the above, disgruntled employees may also launch retaliatory attacks or threaten the safety of internal systems while some insiders may be financially motivated to misuse company assets or manipulate the system for personal gain, while unintentional insiders may also unwittingly facilitate outside attacks. These give rise to operational cybersecurity risks. The inadvertent actions, generally by insiders, are without malicious or harmful intent. However, the deliberate actions by insiders or outsiders are intentional and are meant to do harm. The inaction generally by insiders, such as a failure to act in a given situation, either because of a lack of appropriate skills, knowledge, guidance or availability of the correct person to take action, cause more collateral damage to the organisation.

On the other hand, a White Hat Hacker is a qualified computer security expert who specialises in penetration testing and other methodologies to ensure that an organisation’s information systems are secure. These IT security professionals rely on a constantly evolving arsenal of technology to battle hackers but lag behind technologically. Organisations engage White Hat hackers to identify weakness in the security systems, computers, networks or programs and implement appropriate controls to mitigate risks arising from the hackers. These assessments have to be carried out continuously and especially when there is a major change or upgrade to systems, network or architecture and not just once a year to meet compliance requirements.

(The writer is a Governance, Risk and Compliance professional and a Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He is the currently serving Secretary of the (ISC)2 Chennai Chapter, and a board member of the (ISC)2 Colombo Chapter. He can be emailed at sujit@layers-7.com).

What is hacking really? Despite all the negative connotations associated with the word “hacking”, the initial idea of a “hacker” was first described, in the Hacker’s Dictionary (ironically), as “a person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary”. So the next time you find yourself at a tech event, or even one of Sri Lanka’s growing-in-popularity hackathons, don’t be alarmed if you notice the term being thrown about, or proudly displayed on team t-shirts, because in this world, it’s actually a good thing.

Special Commission to investigate GK collapse, says President

Husein Esufally, new Deputy Chairman at Janashakthi Insurance

EPF/ETF to be managed by new entity

Presidential Commission to probe stock market irregularities

Beijing gets Tea Board office

Access interested in more property business

Commercial Bank rated the strongest bank in Sri Lanka by Fitch

Former SEC chief Godahewa emerges as a UPFA supporter

Germany’s largest travel agency head to visit Sri Lanka

SLPA to hire consultant for East Terminal

2015 General Elections and the Economy: Some targets to be set for future MPs

President, PM to address corporate chiefs at Economic Summit, just days before Aug. 17 poll

Asians, incentive travel: Cash cows for MICE tourismBy Sunimalee Dias

Life and work in an ever-demanding world

In sight but out of mind: Sri Lanka’s domestic work sector

Same buzz, larger issues isolated- Comment

Expolanka drives entrepreneurship spirit amongst senior citizens through microfinance

Best of savings for Seylan credit cardholders during August holiday season

SL’s 9.5 mln workers must be consulted on social market economy concept, trade union says

No change in interest rate policy -CB

Reaching for the stars: Sri Lanka aims to connect the entire country with free Wi-Fi

Kantale sugar factory to be revived with Indian assistance

Preventing haphazard use of valuable groundwater

HBL joins LankaPay – Sri Lanka’s largest common ATM network

Controversial law permitting foreign land ownership passed in the Maldives

Updating to Windows 10 on July 29, yes or no?

SLMA/Mobitel: DocCall Medical advice at your fingertips

The UN Electronic Communications Convention and its impact and overall effect

Computer Vision and Pattern Recognition in Sri Lankan research and industry

Zesta partners AOD in developing tea packaging

CSC’s new ship “MV Ceylon Princess” keel laid

No more space for cuts to healthcare, education – CB

Coffee house Barista now offers meeting space at its restaurants

Seminar on “Good Governance vs Strategy”

Disrupt Unlimited and Regus to jointly support start-ups

Currency Swap Agreement for $1.1 bln signed between CB and Reserve Bank

Shiromal says leadership begins with honesty and integrity

Plans to enhance recreational and biodiversity value of Ceylon Tea Trails

Hitachi adds Live Insight and Clinical Repository to Social Innovation portfolio