Feeds

Auditing the mind of a hacker

FBI and security experts probe psyche

  • alert
  • submit to reddit

Build a business case: developing custom apps

Security consultants are teaming up with clinical psychologists - including behavioural scientists from the FBI - to gain a better understanding of what drives and motivates hackers.

This should enable organisations to be more proactive in responding to security threats, according to Tom Parker, a member of a working group on "adversary characterisation". Better info feeds through to the refining of existing threat models, he says.

"We're working on developing a more accurate way of modelling attacks to be able to assess whether hackers will come back, how old they are and how skilled they might be," Parker, of managed security firm NetSec, said.

"You can gauge a hacker's level of skill to access whether someone is capable of using something they've written themselves, perhaps zero day exploits, or whether they will use only standard attack tools. We score their technical skills."

Manhunter

Skilled computer forensic investigators apply similar techniques already, but the collaboration between security specialists and behavioural scientists adds a psychological dimension to assessing IT security risks.

For instance, extortion threats against online bookmakers have become an increasing problem in recent months. Blackmail demands sent by email can betray a criminal's level of skill and state of mind, yielding valuable insights to defenders.

Even the email client used by the attacker is a clue - Pine users are more skilled that Outlook user, for example. And levels of anxiety and hostility can be gleaned from these emails.

Such assessments derive from the work of clinical psychologists, such as Eric Shaw, who advised the FBI in dealing with extortion demands against Bloomberg. The sting operation he helped orchestrate resulted in the entrapment and eventual conviction of Kazakstani hacker Oleg Zezov.

Shaw is also a member of adversary characterisation working group.

Know thy enemy

It is possible to make educated guesses about how attackers might decide to go after corporate asset, if you have a better idea of how much money hackers have at their disposal, how skilled they are and the technologies they use.

"With this understanding, it's possible to refine security and spend money where it most needed," Parker said.

A better understanding the relationship between a target and attacker allows defenders to gauge the capability and motive of the adversaries they might face, he said.

Media attention is often focused on script kiddies (relatively unskilled attackers), but Parker is far more concerned with the threat posed by professional hackers or insiders, whose elevated levels of access give them a head start in attacking IT systems. Parker backed up the general consensus that insiders pose the greatest risk for most organisations.

WarmTouch puts workers under the microscope

A software application called WarmTouch can detect signs of disgruntlement or psychology change in online communications. The tool can be used to provide early warning of possible problems. Companies can act on this information to mitigate the impact of insider, perhaps by restricting their access to sensitive systems or by stepping up monitoring.

All this sounds distinctly Big Brother-ish, but Parker points out that employment clauses commonly allow employee monitoring, enabling companies to stay legal even when using profiling software on their workers.

Adversary characterisation, many of those ideas derive from military strategy assessments, also has applications in Homeland Security. It can be applied in attempts to get a more accurate handle on "cyber-terrorism" risks.

Such risks are frequently overstated, of course, but it would be unwise to discount the possibility that terrorists might attack the IT systems of emergency services at the same time as carrying out a more traditional, bloody attack.

The work of Parker and his collaborators are to be explained in a book Adversary Characterisation - Auditing the Hacker Mind, due out in June. ®

Related stories

Bloomberg extortionist jailed for four years/a>
Bloomberg involved in Net sting
Online extortionists target Cheltenham
9/11 prompts more govt surveillance
El Reg badly misguided on cyber-terror threat
Fed: Cyberterror fears missed real threat
NetSec scoops up Defcom

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?