Table of Contents
Introduction
Hackers are individuals or groups who use technical knowledge and skills to break into the security systems of a computer or a computer network, steal or damage confidential data, erase files or deface websites with messages, steal information and cause financial losses, and cause damage to the operation and reputation of an organization. Hacktivists are a new type of hackers who use hacking to display messages and enforce their ideologues and resistance against an individual, organization or a government agency. In addition to causing damage and financial loss, hacktivists have a political goal and they carry out their activist work and resistance through hacking. Hackers are a threat to online or the cyber world and have causes direct and indirect losses of billions of dollars. Hackers are highly skilled and intelligent people and they use a range of sophisticated tools to match technology. An informal culture of hackers, most of it underground exists that has its own norms, behavior and operation modes (Paju, 2017). This paper examines hacking culture and methods to mitigate their activities using the case of Sony hacking incident.
Description of the Incident
The incident of hacking at Sony came to light on 24 November 2014 when ‘Guardians of Peace’, a hacker group announced that they had hacked servers of Sony Pictures. The attack can be termed as a ‘worm/ Trojan attack.’ The process used for hacking is briefly explained as follows. Attacks were launched through servers located in Bolivia, Thailand, Singapore, Poland, US, and other countries. Hackers stole personal data of employees and footage of several under production films. They further demanded that Sony should stop release of ‘The Interview’, a satire film on Kim Jong-un, the dictator of North Korea. Technical teams from Sony and US Cyber Security officials examined the methods, processes, and tools used in the attack and they alleged that North Korea masterminded the attack. In turn, North Korea denied that they carried out the attack (Pagliery, 2014).
A member of the hacking group claimed that they had accessed Sony servers more than a year back by using a Trojan called message block hacking worm. They also used tools such as proxy tool destructive hard drive tool, wiper, backdoor and destructive target cleaning tools. Two months before the attack, they covertly started transferring files from Sony and managed to move 100 terabytes of data. This covert operation shows that the hackers were well organized, they did not deface or delete any files for such acts would have become overt, and they carefully removed trace of their work. Sony came to know about the problem when computers of Sony staff froze and a message about the attack was flashed. Twitter accounts of Sony were also hijacked. These incidents are related to the large scale hacking of Sony X-Box games where information of more than one million gamers was stolen (Zetter, 2014).
Doubts were raised about North Korea having the sophistication and capability of carrying out such a stealth attack. Governments and hackers from China and Russia were suspected, and it was reported that six unhappy employees of Sony carried out the attack. To date, identity of hackers remains unknown (NY Post, 2014).
Motivations of threat actors
According to Coleman (2010), hackers in the early 1990s’ were college students who carried out their activities as a challenge and to show off their skills. A report by Fötinger and Ziegler (2003) who researched hackers concludes that hackers are not weird people but ones who take up these activities for the intellectual challenge. Since 2000, hackers have become professional criminals and seek monetary benefit. Grimes (2011) suggests that there are seven types of hackers namely, Cyber criminals, Spammers and adware spreaders, Advanced persistent threat (APT) agents, Corporate spies, Hacktivists, Rogue hackers, and Cyber warriors. Each type has its own motivations, requirements, and objectives. These are briefly described as follows.
Cyber criminals or professionals criminals are motivated by money, stealing confidential data that is sold to other hackers, they steal bank account details, steal identity, and any other hacking activity that gives them money directly or information that can be traded. They may act directly or employ other hackers to obtain information. It is difficult to trace these people since they remain hidden (Paju, 2017).
Spammers and adware spreaders are motivated by their need to send spam mail, advertise cheap medications for Viagra and sexual enhancement pills, they offer loans at cheap rates, etc. They may be employed by cyber criminals who pay them to send infected mails and links. When users open the mails or click on the links, their details become known. These groups can be identified as ‘bulk mailers.’ (Di Salvo, 2017).
Advanced persistent threat (APT) agents are somewhat similar to cyber criminals. They are motivated by promises of financial gain when they sell stolen information. These people stay in safe countries such of East Europe with inadequate governance and controls. They use servers across the world and it is difficult to identify these groups (Grimes, 2011).
Corporate spies are hackers are motivated by financial gain obtained from selling confidential information of firms. Drug and pharmaceutical firms often have very confidential information about their research. Corporate spies essentially take contracts to hack into a firm and obtain information that rivals can use (Grimes, 2011).
Hacktivists are entities who wish to advertise and broadcast their support for a religious, environmental, or political cause. They may not be interested in financial gain and they would want to espouse their cause and embarrass their opponents, usually large firms and governments. They use attacks like Denial of Service attacks. However, when such attacks are carried out, cyber criminals piggyback on these attacks and gain entry into a corporate server. They are easily identified since they advertise their exploits (Grimes, 2011).
Cyber warriors on the other hand are state sponsored and protected by nations such as China, Russia, and South Korea. Their motivation is to embarrass enemy governments, steal information about military and defense, and attempt to expose official secrets. These people operate as organized groups and while their country of origin is known, countries from where such attacks originate vehemently deny their involvement (Grimes, 2011).
We can do it today.
Rogue hackers are individuals active in underground networks who take pride in their exploits. Their motivation is to gain acceptance in higher hacking groups and obtain ‘bragging rights’ about their exploits. At a certain stage they are not a threat and government agencies may catch them and turn them into ethical hackers. Some may be recruited by cyber criminals with promises of fame and money (Grimes, 2011).
The section discussed different types of hackers, their motivations, needs, and it is clear that while some types such as cyber criminals want privacy and do not want to be identified, others brazenly mentions their exploits and are willing to be caught. The former is more dangerous and difficult to identify (Grimes, 2011).
The problem is that new technologies can be subverted and misused. Advances in Android smart phones, tablet PCs, and the surge in Internet Service providers allow hackers to carry out their exploits from remote locations. Privacy is vital to hackers and it is difficult to identify them. In the case of Sony Pictures hacking incident, it appears the hackers shared the motivation of several groups discussed above.
Motivations of defenders
The counter apart of hackers are the defenders or ethical hackers and private IT security agencies, antivirus and malware firms that provide support and help to counter hackers. They are motivated by the need to protect IT assets. These entities are career professionals and make a living out of giving protection, while some of them may take up anti hacking work for social reasons and to protect the community (Cooper, 2016). Ethical hackers are hackers who examine a website and an IT system for vulnerabilities and provide advice on plugging gaps and holes. They may hack a bank, financial institution or a government service with full knowledge and support of the organizations. They may run full scale, controlled attacks on an IT system, find vulnerabilities such as open ports, or find pathways for infecting malware. They may install firewalls and programs that track suspicious connection requests and block hackers from their activities. The level of success they have achieved is questionable since the number of exploits and hacking incidents are rising (Prasad, 2016).
Government agencies such as the National Security Agency (NSA), a division of US Federal services monitors and gathers global data on hacking and counterintelligence operations. While this agency is expected to protect US assets, NSA is alleged to be involved in supporting the Equation Group, one of the most advanced groups of hackers. Equation Group is alleged to have hacked in servers of China, North Korea, Russia, and other countries. In an embarrassing situation, Shadow Brokers, a hacking group, hacked into computers of NSA and stole hacking tools, and other confidential information (Graber-Stiehl, 2016).
Recommendations to Sony to discourage hackers and protect itself
With increase in use of internet for business, personal work, and to seek entertainment, through desktops, hand held devices, Smartphone’s, and other computing devices, hackers have multiple methods to gain illegal access. Hackers use phone apps, websites, social media, emails, and other channels to steal data. Certain best practices are recommended for individuals and organizations (Conti and Raymond, 2011). A clear IT use policy that indicates methods and use of IT systems must be issued to all employees. Firewalls, anti malware software, security audit, special intrusion detection tools, limits on the types and size of files that can be transferred from servers and individual computers must be implemented. Employees must be given instructions on the proper use of IT systems and visiting illegal sites such as gambling and porn sites should not be allowed. There must be a clear policy of not allowing staff to use social media and email service for personal use. Hackers use social engineering methods to gain access and these must not be allowed (CIO Council, 2009).
Dedicated anti hacking service providers must be tasked with studying vulnerabilities, implementing firewalls, and studying suspicious connection requests. Since hackers use high technology, ethical hackers need to use the same set of tools to study these methods and develop counter measures. Anti hacking agencies need to cooperate, share information about hackers and methods they use. The fight against hackers cannot be won in isolation (Baumard, 2014).
Conclusions
The paper examined hacker culture and discussed motivations of hackers, their psychology, and behavior patterns. Hacking incident of Sony pictures was used to illustrate an extreme example of hacking. It is clear that some types of hackers are driven by financial motive, fraud, and by financial gain from selling stolen data. Other hackers are driven by thrills, a sense of taking challenges, and to support their ideologies. Irrespective of their motivations and needs, hackers remain a great threat to the cyber world.
- Baumard, P. (2014). The Behavioral Intelligence Paradigm Shift in Fighting Cyber-Crime: 11 Counter-Measures, Innovation, and Regulation Issues. International Journal on Criminology, 2(1), 11-21.
- CIO Council, (2009). Guidelines for Secure Use of Social Media by Federal Departments and Agencies. Federal CIO Council ISIMC NISSC Web 2.0 Security Working Group, USA.
- Cooper, M. (2016). Adventures in Ethical Hacking. ITNOW, 58(3), 36-37.
- Coleman, G. (2010). The Anthropology of Hackers. The Atlantic. Retrieved from https://www.theatlantic.com/technology/archive/2010/09/the-anthropology-of-hackers/63308/
- Conti, G. and Raymond, D. (2011). Leadership of Cyber Warriors: Enduring Principles and New Directions. Small Wars Journal. Retrieved from http://smallwarsjournal.com/jrnl/art/leadership-of-cyber-warriors-enduringprinciples-and-new-directions
- Di Salvo, P. (2017). Coder,”“Activist,”“Hacker”: Aaron Swartz in the Italian, UK, US and Technology Press. International Journal of Communication, 11, 20-28.
- Fötinger, C. S. and Ziegler, W. (2003). Understanding a hacker’s mind – A psychological insight into the hijacking of identities. White Paper by the Danube-University Krems, Austria.
- Graber-Stiehl, I. (2016). Who Hacked The NSA? Popular Science. Retrieved from http://www.popsci.com/who-hacked-nsa
- Grimes, R. A. (2011). Your guide to the seven types of malicious hackers. Infoworld. Retrieved from http://www.infoworld.com/article/2623407/hacking/your-guide-to-the-seven-types-of-malicious-hackers.html
- Pagliery, J. (2014). What caused Sony hack: What we know now. Money CNN. Retrieved from http://money.cnn.com/2014/12/24/technology/security/sony-hack-facts
- Paju, P. (2016). Hacking Europe: From Computer Cultures to Demoscenes. Technology and Culture, 57(4), 1041-1042.
- Prasad, B. H. (2016). Ethical Hacking: The Personality and Impacts. Software Engineering and Technology, 8(1), 1-4.
- NY Post, (2014). New evidence Sony hack was ‘inside’ job, not North Korea. New York Post. Retrieved from http://nypost.com/2014/12/30/new-evidence-sony-hack-was-inside-job-cyber-experts/
- Zetter, K. (2014). Sony got hacked hard: What we know and don’t know so far. Wired. Retrieved from https://www.wired.com/2014/12/sony-hack-what-we-know/