|
Unravelling
a hacker’s motive
There
might be no definite answers why individuals become hackers
and what motivates them to hack into computer systems. MOHAN
BABU reminds us that different hackers have different motives.
The glorified maverick hackers typically hack because of the
perceived challenges presented to them.
In
the previous column, we looked at some of the basics of information
security, viruses, preventative measures using software patches,
upgrades, and virus guards. In this column, we will build
up on some of the insights I gained while talking to people
in the industry along with interesting references to a book
that I read recently—The Fugutive Game: Online with Kevin
Mitnick, by Jonathan Littman—on a famous hacker Kevin Mitnick.
As you might have guessed by now, information security is
a cat-and-mouse game with the hackers or “bad guys” trying
their best to stay ahead of the “cops.” They attempt to exploit
the known and unknown vulnerabilities of software systems
and make every effort to penetrate the systems.
Who
is a hacker?
In
the book, the author quotes Kevin Mitnick saying: “A computer
hacker? It’s a person who can figure out ways of bypassing
security. Whatever way you get in, using technology upon the
system, hardware bugs, tricks. That’s what I consider to be
a hacker. It’s not being a super programmer.”
In
another section of the book, Mitnick is also quoted as saying:
“On one level, the hack is simple, a clever strike at a basic
weakness of the Internet. Computers on the Internet are often
programmed to trust other computers. The Internet was created
to share information, and the attack on Shimomura, just like
the Robert Morris Internet Worm attack seven years before,
exploits that trust…. The Internet has its own way of sending
e-mail or files. Messages or files are split into smaller
digital chunks or packets, each with its own envelope and
address. When each message is sent, it’s like a flock of birds
that migrates to a planned location and reunites as a flock
at the destination. Computers on the Internet often act like
great flocks of birds that trust one another too. And all
it take is one enemy bird to infiltrate the flock.”
The
reason
While
there are no definitive answers here, it is anybody’s guess
why individuals become hackers and what motivates them to
hack. As a matter of fact different hackers have different
motives. The glorified maverick hackers typically hack because
of the perceived challenges presented to them. In the book,
Mitnick justifies hacking as follows: “The bus goes down the
street anyway. In my mind, they’ve built the service. It’s
like the people who hijack cable TV. I don’t think I’m invading
anyone’s privacy. Everybody’s open game for that. The government
invades your privacy every day. I just like to have the same
ability the government does.”
Mitnick
goes on to justify making copies of hard-to-get software in
the same vein, “Kind of in my own mind picture it as, hay,
going to a video store and getting a copy of Jurassic Park,
and making a copy of it. Their copy is still intact and untouched
and unharmed. I have a copy of it. I’m not going to invite
people over and charge them admission to watch the film, yet
I have it for my own viewing. Few people get busted for making
a single copy of Jurassic Park, or for that matter, a single
copy of Microsoft Windows.” Needless to say, the author of
the book does not condone hacking, and goes on to add “…but
then the programs Mitnick supposedly copied aren’t anything
like videos or commercial software. If they are for sale,
they’d be worth hundreds of thousands of dollars, if not millions
of dollars.”
Although
these ideas quoted do not cover all the intricacies involved
in hacking, they perhaps give an idea of what is in a hacker’s
mind. The book was a fascinating read since the author delves
into the cloak-and-dagger world of hacking and cyber-policing
and chronicles the story of Mitnick’s arrest.
Where
there are bad guys, there are bound to be cops. Information
security management is a niche area of IT that has gained
prominence in recent years and many companies are investing
heavily to protect their systems. For this article, I had
an opportunity to interact with Manoj Kumar, an information
security expert with Timken Corp.
When
asked about his views on security, Kumar said: “Business leaders
and IT managers should work on a customised solution for each
aspect of their organisation’s systems. The level of security
should depend on the nature of the asset. For instance, a
financial institution will have to focus on building a high
level of security for its core financial application and interfaces
with other organisations and the Web portal. If the resources
are limited, it may do so at the cost of providing extra-high
security for its informational portal.”
Kumar
went on to add, “The analogy here is to a supermarket which
locks its expensive perfumes, jewellery, and CD players behind
a glass door; whereas it may only have a few security cameras
around its grocery or produce section.”
As
the awareness of security across the corporate world increases,
systems across the Net will become more secure. Till that
happens, companies will also have to factor the overall cost
of securing their systems and begin by locking their “expensive
perfumes, jewellery, and CD players” behind secure environments.
|
