Active Response

Always A Bad Day For Adversaries

Tag: hacker

A Hacker's Hierarchy of Operational Needs

A Hacker’s Hierarchy of Needs

A Hacker's Hierarchy of Operational Needs

A Hacker’s Hierarchy of Operational Needs

Maslow's Hierarchy of Needs

Maslow’s Hierarchy of Needs

All humans have a basic set of needs which they work to satisfy – as described by Maslow in his seminal, “A Theory of Human Motivation.”  Maslow did not create a true hierarchy.  He describes how there are sometime competing and/or complementary needs.  Instead of a strict hierarchy, these needs form dominating preferences or priorities.

It made me question whether there was a cyber operational equivalent: a set of hierarchical needs or requirements necessary for the adversary/hacker to meet their goal.  Like Maslow, I do not believe that this hierarchy is necessarily serial in nature but rather inform priorities and dominate preferences.  Nor do I believe that they must necessarily be satisfied in order, serially.

For instance, a hacker may create a capability and then sell that capability, or their skills to use the capability, to an organization thereby gaining funding for the rest of the operation.  However, while the capability was the first achieved in the chain, it was a vehicle to achieve a more base need: funding.


Basic Necessities: Obviously those things which allow a person to live and work effectively

Funding: Even the most basic funding is required for equipment (computer(s)) and/or purchasing other things like connectivity to the Internet and the like.

Connectivity: A hacker must be connected to a network to which s/he can reach potential targets

Target Vulnerabilities: A hacker must have a set of vulnerabilities and exposure upon which they can exploit to achieve their goals

Capabilities/Infrastructure: I believe these are both equally important but both are a requirement for operations – the capability to achieve their effect, and the infrastructure to deliver the capabilities to the target victims

Targets: A hacker must have a one or more targets of which they can use to achieve their intent

Access: A hacker must have access to the target to achieve any effects and ultimately achieve a positive outcome

Outcome: The successful exploitation, attack, etc. of which was the entire intent of the hacker

Reward: The reward for their successful operation (fame, fortune, notoriety, etc.)

So, what do you think?  Do they map to your understanding of the hierarchy for the operational needs of a hacker? How would you use this model?


Hacker Motivations or Hackers Need To Eat Too

New research appears to raise questions over the conventional wisdom that pure nation-state cyberspies rarely, if ever, dabble in traditional financial cybercrime.  –  “Cybercriminal By Day, Cyber Spy By Night?” in Dark Reading on 1 March 2012

Dark Reading (@darkreading) wrote from the RSA 2012 conference of an intriguing analytic correlation made by the Dell SecureWorks Counter Threat Unit between the RSA attackers and cyber financial crimes.

The article is interesting in two ways.  First, it showcases some good analytic tradecraft correlating seemingly independent activities through adversary personas and infrastructure (in this case domain name registration).  Second, it asks the question: can a hacker be both a spy and cyber criminal?

The fact that an adversary will be using their skills for two purposes supposedly challenges “conventional wisdom.”  Normally, intrusion analysts work towards identifying the motivation of the hacker/attacker to gauge the best response (hopefully) and potentially offer clues to attribution.  There are many “conventional” terms we use to describe “hacker motivations”: script kiddies, espionage, hacktivism, black/white hat, etc. (see McAfee’s 7 Types of Hacker Motivations).

However, we often look too much towards our technical understanding and fail to acknowledge basic human motivations: safety, physiological needs (water, shelter, food, etc), love, esteem, and self-actualization [see “A Theory of Human Motivation” by Abraham Maslow or a summary of Motivations on Wikipedia].

Hackers, as all humans, are not above the basic motivations which include greed.  This would be a very simple hypothesis of why a cyber espionage actor would turn to cyber crime – for financial gain.  Maybe they were not being paid enough in their espionage job and “honeymoon” as cyber criminals, or they were simply contractors to multiple customers (a state vs. a criminal organization).  Money is a highly motivating factor.

I use the case of the “Wiley Hacker” by Cliff Stoll (on the Reading List) while teaching to highlight that a hacker working day-in-and-day-out needs to eat, live, and provide for the most basic human motivations.  Therefore, it is perfectly reasonable to ask: if they are hacking all day/every day, how are they providing for these motivations?  Is somebody paying them to hack?  Are they living in their parents’ basement?  Do they have a trust fund?  All of these are perfectly reasonable hypotheses with varying degrees of likelihood.  But they all lead to other questions of attribution and higher motivation.

If, in fact, “conventional wisdom” is that espionage actors are not motivated by money to use their skills in other endeavors, an even more fundamental understanding of human motivation contradicts that wisdom.  “Conventional wisdom” is simply another term for analytic assumption and this again highlights that analytic assumptions easily cloud judgement.

Powered by WordPress & Theme by Anders Norén