Security Fundamentals – Who

So we’ve already covered the Where, Why and How, it’s time to look at the Who and When

The Who;

There is no single batch of bad guys. There is no single secret club or fee paying organisation to which you must sign up to in order to become a bad guy. The bad guys come mainly in five flavours, and there is cross over between them as the mood or situation changes/dictates;

  • The Activist ( sometimes known as Hacktivist )
  • The Professional criminal
  • The Wannabe
  • The Enthusiast
  • State Sponsored

The Activist is generally someone who has an axe to grind or a cause to follow. They use technology to further their ends, they look like normal people on the street and in many respects buy groceries from the same stores, play games online, order takeout food, go swimming at the local pool, go to the gym, ride a bike and do all the other things you or I would do. The activist is generally target specific in their selection and generally focused on their objective.

The Professional criminal is much like a lifelong cat burglar. They know how to select a target, they know how to estimate value of the target and they know how to extract that value from the target either in singular or in multiple stages. Some are specific in what they want to achieve, others use a shotgun approach, it really depends on how much time they want to invest versus the reward they expect to gain from their target(s) They also know how to launder the proceeds of their crimes as well. In the digital age, it’s difficult to trace a currency like Bitcoin ( not impossible ) as the amount of cut outs, fake fronts, conversion to other crypto currencies, game currencies and back again make following the money very difficult.

The Wannabe is both the easiest to catch and also the easiest to observe. Sometimes referred to as a “skript Kiddie” They generally are young, seeking peer review, want quick and easy cash outs, use off the shelf tool kits that they have no real understanding on and generally have a little computing knowledge beyond what interests them for their immediate concerns i.e. impressing friends by circumventing school firewalls or filters, getting access to paid for services by using false ID and stolen credit card details obtained from underground websites, minor website defacements etc.

The Enthusiast is someone generally thirsting for knowledge. They are generally less of a threat directly, but indirectly can cause problems by discovering vulnerabilities and then using them and leaving the systems wide open for others. Generally annoying, but not malicious most of the time. Enthusiast generally are all about the discovery, the challenge and the thrill and less about monetising their activities. This does not mean they do not cross over to the activist side or the criminal side, just that it’s not their primary motivator.

State sponsored elements are somewhat shrouded in mystery, the rule of thumb here is two fold

  1. If it’s your government that’s trying to get in, you’re doing something wrong and you should stop and come clean immediately. They will get in and discover what you’re doing and then its bad news all day from then on. They have far more experience and resources than you do.
  2. If it’s a foreign power, you need to contact the authorities and co-operate fully with them. No ifs, no buts, just do it. You are not geared up for or experienced to run a counter intelligence operation on a state scale, so our advice is to ask your government for help if you suspect. They might ask for proof, we can help find this proof, but please be under no illusion, you are not James Bond! And we are not Q!