Hackers have changed since the days of The Matrix. While most hackers used to hold iconoclastic ideals, with aspirations to "shock the system" for a perceived common good, today's hacker/cracker community is more concerned with making a quick buck.
At least that's how Mike Calce, the former hacker known as 'mafiaboy,' sees things. Calce says he still has contact with some of the people he used to know in the hacker community, and while many of them are still active, their priorities have changed.
"The hacker motivation has changed immensely," Calce told Mashable in an interview. "It's much more about monetary gain, whereas in my era, it was about pushing the status quo."
Calce's era was circa 2000, when he pulled off major denial-of-service attacks on several major tech companies, including Amazon, Dell, Yahoo, eBay and CNN — all when he was 15 years old. Calce was eventually caught and arrested for the attacks, serving eight months in a "group facility," he says.
After doing his time, Calce laid low for years, but now he works as a digital security consultant and keynotes at IT conferences. He wrote a book about his experiences in 2008, Mafiaboy: How I Cracked the Internet and Why It's Still Broken.
I asked Calce what he thought motivated hackers such as the ones that infamously hacked Wired writer Mat Honan, who claimed they wanted to get access to his three-character Twitter handle. Calce couldn't see a clear financial reason for that particular hack, but he said that's often the case.
"There's a lot of reasons people hack Twitter accounts," he said. "Some are into skewing data to their advantage. A lot of hacks dont even look like there is monetary gain involved, but normally that's the alterior motive."
With the shift from mischief-making to financial motives, the risk has shifted as well. Whereas 10 years ago hacking was more of a danger to large companies with big online operations, the risk today to individuals is much greater, Calce says.
He cautions individuals to take basic security precautions like setting up a two-way firewall on their computers, turning Bluetooth off (on phones and PCs) when not using the feature and keeping a close eye on what sort of data and information they put online. Password managers are a good idea, too, since Calce says hackers still use "brute force" techniques, which often work on weak passwords.
However, in Honan's case he was using a password manager, and hackers instead slipped through the holes in various companies' security procedures, resetting passwords to accounts over the phone by calling their tech-support departments. Calce says many companies — especially big ones — don't invest nearly enough money in security.
"Sometimes if you don't find a way in electronically, you find a hole through a human being," he says. "[Companies] don't budget enough for security. The IT department is often in charge, and they might not be looking at the how the company handles phone calls or the screening process for personnel."
Predictably, Calce suggests companies contract third-party security consultants to find the holes in their security, but it's tough to disagree with him. It took a high-profile hack like Honan's to prompt Apple and Amazon to re-examine their security procedures.
What do you think are the key security holes that need to be plugged — for businesses and individuals? Share your thoughts in the comments.
Image courtesy of iStockphoto, PashaIgnatov
No hay comentarios:
Publicar un comentario