Dark corners of the net
- Published
Hackers are secretive, but they are also social. Many spend their spare time in chat rooms and forums discussing their latest targets, techniques and conquests. Eavesdropping on those conversations offers a fascinating insight into their motives.
Say hacker to someone and they are likely to trot out the usual aged clichés - geek, loner, bedroom-bound teenager.
Philosopher is unlikely to feature high on the list. But it seems the modern-day hacker spends a lot of time contemplating the meaning of life.
"Each has a philosophy and they want to discuss it," says Noa Bar Yosef.
She ought to know. Her job with security firm Imperva involves hanging around in hacker forums trying to work out what motivates them.
It is a murky, idiosyncratic world where Ms Yosef admits she spends far too much time.
In one group she visits, members discuss the best reading matter for would-be thinkers.
"Start with Kierkegaard, then Nietzsche and after you've read Nietzsche, Sartre is the most logical choice".
Another poses a question about the practicalities of hacker life: "what kit would you take with you if you were on the run?"
A detailed reply soon appears:
Often, online conversations get personal.
"If they spend a lot of time discussing philosophy, that is nothing compared to the amount of time they devote to their love life, from tips on how to get a girlfriend to details about the next steps, through to chatting about being dumped," says Ms Bar Yosef.
They are also fond of religion as a topic. One hacker forum conducted a poll to find out the faith of its members.
Christians topped the poll with 29% of forum members claiming it was their religion of choice, 28% said they had no religion, 24% followed Islam, 4% were Hindus and 1.8% professed to be Buddhists.
Literature comes up regularly too.
Hackers spend time swapping tips about their favourite books, with choices ranging from Stephen King and a guidebook entitled 'Galactic Rebellion for Dummies' to the handbook of disenchanted youth, Catcher in the Rye. There is also mention of John Milton's 17th century epic poem Paradise Lost.
And for those seeking movie recommendations, members are always keen to offer their top list of films about - you've guessed it - hacking.
Darker side
Beyond the frivolous, there is serious business being discussed in these forums.
For many, they are akin to university seminars - a place to brainstorm new ideas and update older techniques.
As hacking moves from an interest to a hobby to a vocation, sharing skills becomes increasingly important.
"They are a collaborative community," says Ms Bar Yosef.
"Think of the drug industry. A drug dealer couldn't possibly conduct all these activities alone and likewise an individual hacker finds cyber-accomplices a necessity."
A typical 'cyber mafia', she explains, includes a 'researcher' who hunts for vulnerabilities in systems, a 'farmer' who maintains the botnets (networks of computers taken over by malicious code and controlled externally), a 'dealer' who rents botnets and extracts valuable data from them and a 'crime lord' who finds ways of making money from the stolen information.
Often Ms Bar Yosef will see an upcoming security threat emerging as ideas are knocked around.
She cites the example of Osama bin Laden's killing. Immediately afterwards there was an upsurge in discussions about how to take advantage by creating fake videos of his death loaded with malware.
Dark places
If the forums are any kind of measure, there is no shortage of recruits to the hacker cause. One popular group frequented by Ms Bar Yosef has 200,000 members.
The chat rooms that she can access tend to be the hacker-lite hangouts. Many of those members will be enthusiastic geeks or sometimes hactivists, keen to score points on corporations with minor website vandalism.
Those more heavily involved in the criminal underground tend to converse in locations that are not publicly accessible.
Making the leap from enthusiastic amateur to becoming part of a gang is alarmingly easy, says Ms Yosef.
Going to the dark side is a four step process, she explains.
"Start lurking in different underground hacking forums. Become an active participant in topics. Bring some 'proof' of what you've said - for example 'I'm posting for free five credentials to Paypal. Want more? Call me up!'. Earn a reputation and you're in."
Such is the level of insight that can be garnered from hacker forums that they regularly come under the watchful eye of law enforcement.
Spanish police this week arrested three suspected members of the Anonymous hacker group. Authorities revealed that they had trawled through more than 2,000,000 lines of chat logs and web pages leading up to the arrests.
With the International Monetary Fund, Sony, Google, Lockheed Martin, RSA Security and Citibank just some of the diverse and high profile victims of security breaches in the last month, scrutiny of these electronic hangouts will only increase.
- Published26 June 2011
- Published9 June 2011