The dawn was cold and gray as Joe slipped on his coat and swallowed the last bit of coffee. Last night's research was profitable for his bank account and beneficial to the company. He was glad he followed that tip from his buddy on a new toolkit. It didn't cost much and he more than got his money back with his bonus check.
Sometimes he longed for the good old days as a command line commando. But, now that he's more mature, he likes that the tools allow him to have a personal life with a predictable daily routine. He stepped through the door into the damp mist and headed for home …
The protection of our networks has become much more difficult than in the past when threats focused primarily on manipulating electronic funds and skimming cash from the careless. Over time, our economy has accepted information as a new commodity that is valued and in demand.
In the past and still today, hackers might try to use a stolen or hacked credit card to buy hundreds of dollars of items for resale. But the more lucrative market today is the sale of credit card numbers and personal identities — information.
Credit card numbers with valid account information can fetch up to $5 per account, and bank account numbers with valid account information can yield up to $400 per account, depending on available balances.
The incentive has shifted from the more risky use of the card or account to the sale of information. Figure 1 summarizes the monetary value of this underground economy.
Along with the increase in return for hackers, there has also been an increase in demand for tools or toolkits that automate hacking and identify vulnerabilities for possible exploitation.
The best tools and newly discovered system vulnerabilities are auctioned off to the highest bidders online, creating a thriving market for "black hat" software programmers. The tools automate repetitive techniques and probes, freeing up the user to do other things, or the user can leave the machine unattended and return later to collect the results.
The tools also add precision in targeting systems and information. The ready availability of tools means a hacker no longer has to be an expert in computer languages, or interface through the command line. Some tools even provide an easy to use graphical interface that makes hacking a point-and-click exercise.
When Joe returned that night, he grabbed a cup of coffee before checking his terminal for the results. His trained eye quickly spotted anomalies in the printouts. Eureka! One of the reports identified several improperly configured servers and multiple network and user systems without proper patches.
He quickly went to his computer files and retrieved the account and password information he had gotten several weeks ago by pretending to be a technician on the help desk. He now has all the pieces needed to attack his assigned target.
Joe heard the bump of the office doors closing and the arrival of one of the apprentices. Her youthful exuberance and naivety reminded him of his younger days as an idealistic social activist hacker.
Nothing felt as good as tagging a Web site or using his skills for political statements. As he got older, he got smarter. He realized he was being exploited by causes for the monetary gain of a few, and quit for awhile, until he was tipped off about this gig.
Despite his disillusionment, he still gets a sense of youthful satisfaction from defeating a challenge, but now the rewards are so much more substantial …
The motives of hackers have changed with the increased reliance on the Internet by government and commercial firms for sharing and storing information.
In the earlier days of the Internet, hacking attracted the curious and the thrill seekers. Hackers were more likely to be inspired by the 1983 movie Wargames than an