NEWS Hackers who crossover into virus writing territory present the biggest danger to corporate computer systems as they perfect the 'blended threat' seen in recent virus outbreaks such as Sobig.
That's the assertion of Sarah Gordon, senior research fellow at Symantec Security Response, who has worked with the White House and the FBI to research the psychological profile of hackers and virus writers.
Gordon told silicon.com that hackers are driven by the motivation to complete a technology challenge and are usually not interested in the basic task of writing viruses and worms.
"There are people in the virus writing community who hack and people in the hacking community who write viruses but for the most part they are very separate communities. The virus writers are seen at the lower end of the food chain," she said.
But Gordon warned that creating a virus such as Sobig or Bugbear, only with much more damaging payloads, is well within the capabilities of even the most inexperienced hacker.
"Many of the threats are the result of the crossover between hackers and virus writers. Erasing a hard drive is a couple of key strokes. It isn't rocket science. A hacker of any skill level could write a self-replicating program but most find it too boring," she said.
And it seems the traditional stereotype of a spotty teenager hacking away in a dark bedroom is nothing more than a myth from the movies.
"The population is diverse. It just takes the ability to manipulate a computer system. It is not guys sat in a basement with piercings everywhere. It could be the 50-year-old accountant because she is bored, or the boss' 15-year-old daughter, or your 9-year-old nephew," she said.
There is also a distinct difference between hackers and virus writers, according to Gordon's research.
"Virus writers have normal relationships with peers and families. Hackers tend to be more introverted. Hacking is a very personal thing. One is power and control and the other is letting go."
Although Gordon works for a security software company, she says 'ethics' education at an early age would help prevent children and teenagers using their computer knowledge to cause damage.
"One thing that is important is introducing ethics in technology at an early age. On the computer there is less context and security. Teaching them that there's a person on the end of that modem is important," she said.
Comments
There are 3 comments. Join the discussion
1. John Quinlan
There is a lot of publicity recently about "Spam" and the methods the big players like AOL and Microsoft are implementing to stop it. Not to be outdone European MP's are throwing their thoughts and ideas in the ring, as are some of the US senate.
My feeling is that simple is best. What the World needs is a global law making it a criminal offence to send an email purporting to be from somebody other than yourself, or your company!
The latest wave of Spam appears to be coming from individuals, so as to throw off Spam filtering software, obviously none of these individuals exist and if one does try to bounce the email, the bounce in turn gets bounced back to you because the account inbox is too full.
Surely the point of the email is to sell something, so somewhere down the line somebody has to exchange details with the spammer or at least the individual that employed them.
At this point, once identification has been proved, the individual should be brought to task.
By employing the spammer, they have bestowed upon them the legal term of “Agent” and as such are responsible for the actions of that agent.
It appears to me that all we need is for some individuals to be made an example of, to totally discredit and deter this method of promotion.
Just a thought…….
2. Andrew Rice
What do you think hackers have been doing for the last 6 years?
We started protecting ourselves from this threat when Word 6 was released. It's one of the reasons a holisitc approach to security is required including protection from malicious macro code.
It's also the reason why business drivers should be used for the adoption of technology and not techies playing with Active-X, VBScript and Java. The risks and benefits should be reviewed before adopting any new technology.
3. Charlie Squire
A previous contributor wrote "What the world needs is a global law" I think we are miles away from that ever happening, when was the last time any law was past on a global scale. We have to look closer to home and I have heard of the EU Commissions Directive 58. Has anyone seen anything on this?