How to read a cyber hacker’s mind

On the dark web, the undesirables devour one another.

The internet enthusiast press is full of stories about an incident in recent days in which a hacker group invaded a dark web server and withdrew dozens of gigabytes of data.

The term “dark web” brings a certain horror-movie sense. In reality, the dark web is right on the same internet over which you’re reading. I’m oversimplifying here, but essentially the dark part consists of encrypted channels between a collection of thousands of servers accessible only by the anonymizing Tor web browser. Your basic Google search won’t turn up anything on the dark web because material there is designed to be immune to indexing. But with a little fiddling, anyone can access it.

By hiding, hosts on the dark web can host things people wouldn’t dare host on the surface web. Like child pornography or human trafficking networks. Illegal weapons or drug sales. Stolen data offered for sale to organized identity thieves. Basically, it’s the bad neighborhood with street signs you can only read with special glasses. But it’s a big neighborhood.

What happened is this, and I’m summarizing from this account from The Hacker News, which had it days before the mainstream press. Someone from that wild and wacky group, Anonymous, hacked into a large dark web host known as Freedom Hosting II. People who follow these things estimate FH II hosts as much as 20 percent of everything on the dark web. Anonymous defaced many hosted sites it claimed contained child pornography in contradiction to Freedom Hosting II’s stated policy. The anonymous hacker exfiltrated the data and encrypted it for a token ransom.

Hackers aren’t very nice to the hacked, and this case was no exception. The boastful message left for those sites from which data was taken and access denied show an exquisite blend of arrogance, moral superiority, and intellectual vanity. Just about how Edward Snowden comes across — a caped crusader with programming skills.

The yang to Snowden’s yin might be oddball Harold Martin, now under indictment for taking and keeping at home and in his car 50 terabytes of secret data from the National Security Agency over a nearly 20-year period. No one knows for sure if he did anything with the data. According to one published report, Martin’s public defender lawyer describes him as simply a patriot suffering from a hoarding disorder.

By contrast, money-motivated attackers, or those working on behalf of economic or military competitors who want to intellectual content, are apt to try and leave no trace.

This makes me wonder if perhaps understanding hackers’ various psychologies might somehow influence an organization’s approach to cyber protection.

Turns out I’m not the first to have this question. A simple search of “understanding hacker psychology” turns up lots of work done on this topic. It shows malicious hackers don’t all fit into any easy buckets. Only some fit whatever stereotype you like best — Eastern European gangster, boxers-wearing basement dweller or disaffected middle-aged loner. Probably serial killers have more in common than people who break computer systems for fun, revenge or profit.

In a 2015 SANS Institute paper, Sean Atkinson describes the use of forensic psychology and behavioral analysis for better incident response. It has a nice summary of the types and their characteristics — script kiddie, malicious insider, activist, spy or organized criminal.

If you’re responsible for cybersecurity — and in some sense, we all are — be aware of how many possible motivations there might be for those coming at you.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.