Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, September 23, 2008

‘Profiler’ Hacks Global Hacker Culture

A hacker once called the Italian Kevin Mitnick has spent the past two years surveying various types of hackers from around the world to profile the hacker culture—all in an effort to help combat cyber crime.  Raoul Chiesa, a reformed black-hat hacker who in his heyday was a notorious social engineer and X.25 hacker, is about to publish the first fruits of research from the so-called Hackers Profiling Project he launched nearly two years ago.

The ultimate goal of the project is to help prevent cyber crime gaining a better understanding of different types of criminal hackers, their movements, and the types of attacks they perform, as well as their possible ties to organized crime activity and cyber terrorism.

There are so many typologies of hackers, especially if we consider why they do it and how they do it,” says Chiesa, director of communications the Institute for Security and Open Methodologies (ISECOM), which is spearheading the project.  ISECOM envisions a methodology where you can identify the type of attacker who hit you based on forensic data that correlates with his or her profile.

The project includes detailed psychological profiles of script kiddies, crackers, and mercenaries, for example, and eventually will correlate honeynet data with the various hacker profiles to match behaviors and methodologies.

“I’m thinking about building a honeypot in order to act like a fake e-banking system, [or] a government Web site,” Chiesa says.  “It will help to break some myths and preconception that the society and law enforcement agencies have on cyber criminals.”

Chiesa says one company that wanted to move its IT headquarters to Romania asked ISECOM to analyze the Romanian hacking scene so it could determine the risk of the move.  And the United Nations Interregional Crime & justice Research Institute is using the HPP data for studying new threats, he says.

But some security experts have questioned whether it’s truly possible to reach the bad guys and get accurate information from them to actually profile them.  “That’s why the whole Hackers Profiling Project was carried out by psychologists, criminology researchers, and infosec people…

http://www.darkreading.com/document.asp?doc_id=164364&WT.svl=news2_5

Posted on 09/23
NewsPermalink