recognizing motivation and predictive factors of cyberattacker … · 2018. 9. 25. · self control...
Post on 09-Mar-2021
0 Views
Preview:
TRANSCRIPT
Recognizing Motivation and Predictive Factors
of Cyberattacker Behavior
Thomas J. Holt Professor
School of Criminal Justice Michigan State University
holtt@msu.edu 517-353-9563
@spartandevilshn; @IIRCC1
Computer Hackers Hacking is a skill that has multiple applications
Theft
Terror
Espionage
Fraud
Hacking
Hacker Skills• Hackers vary significantly in terms of knowledge,
skill, and technical ability • How do we explain participation in hacking?
Skilled hackers
Semi-skilled attacker/hacker
Unskilled attacker/hacker
Innovator and game changer
Applied skillsFeeds off the top tiers to learn and attack
Motivations• There are several recognized motives within the
hacker community • Money • Entertainment • Ego • Cause • Entrance to a social group • Status
• These motives are mutable, regionally influenced and impacted by macro and micro social trends
The Hacker Subculture• The hacker subculture is driven by three key norms which
structure behavior • Structures both malicious and ethical hacker activities
• Technology
• Knowledge
• Secrecy
Self Control and Cybercrime• The General Theory of Crime is well supported in research
on real world and cybercrimes • Online harassment, digital piracy, and economic crimes • Those with low self control are impulsive and gain
gratification through these activities
• This theory is complex when accounting for computer hacking • Low self control accounts for simple hacking • Complex hacks require a social learning process to
successfully complete
Personality and Hacking• There is some evidence of personality characteristics that are
associated with computer hacking and forms of cyberattack • Exploitative manipulative amoral dishonesty • Interpersonal antagonism • Disinhibition • Low internal moral values • Low extraversion • Low agreeableness • Some substance abuse • Unclear ties to ASD
Motivations: Cause
Ideological CyberattacksM. As-Salim, 39 Ways to Serve and Participate in Jihad, 2003
Principle 34 (Electronic Jihad) on media operations and cyber attacks
Hacking “... is truly deserving of the term „electronic Jihad‟ since the term carries the meaning of force; to strike and to attack. So whoever is given knowledge in this field, then he should not be stingy with it in regards to using it to serve the Jihad. He should concentrate his efforts on destroying any American websites, as well as any sites that are Anti-Jihad and Mujahidin, Jewish websites, modernist and secular websites.”
Ideological Cyberattacks
• To the owners of "The twisted pine fur and leather company" you have no excuse to sale the flesh, skin and fur of another creature. Your website lacks security. To the customers, you have no right to buy the flesh, skin or fur of another creature. You deserve this. You're lucky this is the only data we dumped. Exploiters, you've been warned. Expect us.
• | custFirst | custLast | custCity | custState | custZip | | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | MIKE | WALLUP | peyton | CO | 80831 | | chris | mccave | peyton | CO | 80831 || Kent | Smith | peyton | CO | 80831 |
• These were just some of the vulnerable columns in the "customers" table of the "twistedp_db" database: "custFirst" "custLast""custAdd1" "custAdd2" "custCity" "custState" "custZip" "custCountry""custEMail" "custPhone""cardType" "cardName" "cardExp" "cardCVS" "cardNumber"
• Can you really put that much faith into the security of a company that sales the fur, skin and flesh of dead animals to make a profit?
• We are Anonymous. We are Legion. We do not forgive. We do not forget. We are antisec. We are operation liberate. Expect us.
Far Left Oriented Cyber and Physical Attacks
Attack Method Year Data Breach Defacement DOS DOX Total Physical Attack 2000 0 0 0 0 0 18 2001 0 0 0 0 0 22 2002 0 0 0 0 0 9 2003 0 0 0 0 0 27 2004 0 0 0 0 0 17 2005 0 0 0 0 0 18 2006 0 0 0 0 0 4 2007 1 1 0 0 2 10 2008 0 0 0 0 0 18 2009 0 0 2 0 2 3 2010 0 1 0 0 1 10 2011 3 1 1 1 6 2 2012 4 1 0 2 7 2 2013 3 1 0 1 5 0 2014 2 2 1 2 7 0 2015 3 3 2 1 9 1 Totals 16 10 6 7 39 161
Attacks in Action- Defacements
Hacked by Animal Liberation Front
Stop Animal Testing
You carry centuries torturing, maiming,
killing animals for the good of, what?
From science? Of humanity? No.
You do it to fatten your pockets.
The money is who has corrupted and has made you sadists murderers.
And think… You managed to improve the conditions of people or animals?
Answer is NO!
You have not achieved anything.
Getting scholarships and leaving your names in scientific journals.
But all this is going to end soon.
We will not let you continue your crimes unpunished.
Do not let it.
Vivisection is a scientific fraud and moral !!!
We are approaching !!
Attacks In Action- Breach and DefacementThere is a section of the website with a number of pdf files for visitors to download. We replaced all of this big pharma funded propaganda with pdfs from the Physicians Committee for Responsible Medicine (PCRM) explaining the scientific flaws with animal testing. These have now been on the website for quite some time. Until UAR fix the several security holes we found in their website you can see the replacement pdfs by visiting http://www.animalrightsextremism.info/resources/documents and clicking any of the links. We did a few other even less obvious things to the site besides replacing the pdfs but it will be amusing to let UAR try to find everything for themselves without being told what to look for. The login details to the sites mysql database are included here. database: animalextremism username: animalextremism password: f1ght4rights Thanks to codegent of london england for their fantastic work coding insecure web sites for the vivisection lobbyists.
Attacks in Action- DDoS • DDoS is one of the least “noisy” attack methods from an
ideological perspective
• Unless the attackers directly call you out as a target prior to the incident it may not be clear why it is occurring
• The lack of broadcasting makes DDoS a potentially hidden form of attack from an ideological standpoint
Conclusions• Scan your organization for potential ideological threats
• What is your industry sector, environmental impact, public positions, contracting space?
• Scan the Internet, esp. social media for potential threats
• We need to better understand the motives and actions of the ideological actor • Is the ideological attacker a hacker first, believer second, or the other way
around
• What can account for differences in jihadi, far left, and far right attacks and targeting preferences? • The far left corresponds to what we can find about physical action, but more
data is needed to understand other beliefs
Discussion• Though many hacks appear to be economically motivated, we cannot
underestimate the ideological offender • Appear tied to changes in ideological activity offline • Any organization or sector could be targeted • Target selection does not appear to be driven by convenience
• They may differ from the economic in terms of how they attack and what they do • When breaching, they release data online rather than sell • Unclear what the economic impact is for victims • Defacements appear coupled with breaches for maximum impact
• The attackers criticize security as well as highlight ideological beliefs
Questions?
• Thank you for having me! If you have any questions: • Please feel free to call: 517-353-9563
• Email: holtt@msu.edu
• Follow us on Twitter: @IIRCC1
top related