Henry Dalziel | General Hacking Posts, Pentesting Distros, Pentesting Tools | June 18, 2013
The term ‘hacker’ has a loose definition and generally carries negative connotations because good hackers are never hardly ever profiled in movies (except for Q in the Bond Skyfall movie) but as we all know in our training world, there is a newer term: ‘ethical hacker’, which tries to spin in a positive light the principles of understanding how to be bad – to do good.
In any event, and however we label the term ‘hacker’ – what a ‘bad’ and ‘evil’ hacker needs are two key skills: a motive and motivation.
Motive and motivation
Whereas a motive is the reason for doing something, motivation is the enthusiasm, interest or determination to do that action. These are vital skills to a hacker. Yes! I know! I hear you shout that there are plenty more required skills, like being a Linux pro, understanding systems, software stacks, attack profiles, researching vulnerabilities, and of course being a wizard with hacking/ pentesting tools and being a demon with a Linux pentesting hacking box – but – without motivation the hacker will easily get bored, distracted and will give up.
One of our instructors told us an interesting story about a disgruntled employee who was laid off, vented his anger against his former employer by trying to hack into their system. Using nmap and a variety of other pentesting tools he knew that his ability with nmap was not ‘professional’ enough for him to use it undetected, especially if he launched a site-wide system-wide nmap scan, which would have been very obvious. He would have been caught, or at the very least his IP would have been logged along with his attack. Instead, he realized that it was better if he went under the radar screen by executing only a fixed amount of scans and ports per day. He spent two years scanning! Eventually he found what he wanted and hacked his way into the system. Think of the Shawshank Redemption movie. How long did it take Andy Dufresne to tunnel out of the prison? Exactly. It took him years and years whilst all the time he was covering his tracks and constantly thinking how to protect himself. Did he have a motive and motivation? Yes sir he did. Point in case:
Warden Samuel Norton:
I believe in two things: discipline and the Bible. Here you’ll receive both. Put your trust in the Lord; your ass belongs to me. Welcome to Shawshank.
Having heard the above Andy was clearly motivated to get the hell outta there – especially when his fellow inmate ‘sisters’ paid him a visit.
Did the pissed fired employee also have a hacking motive along with motivation? Yes.
Needless to say that there are dozens of highly effective hacking collectives or groups out there many of which are motivated by the invasion of privacy and restriction of rights. They do yield a significant amount of power and they are certainly motivated. There is clearly a sense of kudos and a desire to be famous in the community, especially those that play solo, but on the whole, strip the hacker of motivation and you ‘aint got an efficient hacker.
Another example could be Gary McKinnon. His motivation was solely to investigate and prove that the US government has evidence of there being alien life forms and that they have anti-gravity technology. This same motivation could be applied to Edward Snowden in that, although not a ‘hack’ in the traditional sense, he felt compelled and motivated enough to expose alleged information he felt so strongly about.
What do you think of the above? Would you agree with us?