Hacker Business Models

wiredmikey writes "The industrialized hackers are intent on one goal — making money. They also know the basic rules of the business of increasing revenues while cutting costs. As hackers started making money, the field became full of 'professionals' that inspired organized cyber crime. Similar to industrial corporations, hackers have developed their own business models in order to operate as a profitable organization. What do these business models look like? Data has become the hacker's currency. More data, more money. So the attack logic is simple: the more attacks, the more likely victim — so you automate ..."

ITYM "cracker"

[Kaz Kylheku]

I'm a hacker and I break out of loops, not into computers.

Re:

[eyenot]

Slashdot needs to get with the times and have something similar to a like/digg/whatever button.

Re:

[mehemiah]

they do. see here [elamb.org]

Losing battle

[Infonaut]

The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker treated as equivalent terms in this, the last bastion of geekdom.

Re:Losing battle

[Frosty Piss]

The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...

The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.

Re:

[zeroshade]

Actually it's not just the Slashdot crowd. A lot of geeks differentiate between the two. Especially actual hackers.

Re:

[OldHawk777]

Ditto - Even the old geeks...

Maybe an ad campaign will help..., Happy-Hackers, Criminal-Crackers, Phony-Phreaks, MILFs-Bleat with Meek-Geeks....

Re:

[mjwalshe]

yep but unfortunately the hacker vs cracker train has left the station along time ago we aint going to get back to the 60's usage so let it go. Usage changes we have to live with it

Re:

[Ephemeriis]

The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...

The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.

It isn't just the Slashdot crowd. Lots of IT folks understand the difference and use the terms appropriately. Especially folks who would actually label themselves as hackers or crackers.

I suppose it wouldn't be quite so annoying if it was just the mainstream media screwing it up... But this is a publication on a website calling itself SecurityWeek. You'd think they might know something about IT.

Re:

[mcgrew]

Sometimes (like when they call crackers "hackers") I think "Security Week" is one of those spellcheck-friendly homophone typos, and it's supposed to be "Suck your I.T. weak".

Re:

[Tarsir]

It isn't just the Slashdot crowd. Lots of IT folks understand the difference and use the terms appropriately. Especially folks who would actually label themselves as hackers or crackers

If IT folks aren't a part of the Slashdot crowd, who is?

I don't think I've ever heard someone say cracker without referring to something edible, except on Slashdot. And even on Slashdot, I mostly only see it used when people complain that it should have been used in place of cracker. It's dead Jim.

Re:

[fuyu-no-neko]

I find a car analogy comes in handy at times like these ;)
Something recently broke inside the latch on my glovebox recently. Nissan couldn't replace the part that broke, so I managed a fix by replacing the part with some appropriately bent wire and superglue.
This would be a hack using available resources.

Re:

[SudoGhost]

And the only people who see the difference between Catholics and Protestants are the respective groups. To everyone else they're all Christians. Tell them they're the same thing.

Re:

[KlaymenDK]

Erm ... okay, although Ghandi said that "you christians are so unlike Christ" I'm still going to say "bad analogy" because I consider hackers and crackers are not merely variant of the same but very nearly *opposites* (which, mind you, is not the same thing as "opponents").

Re:

[SudoGhost]

Hackers and Crackers interact with the same computer in different ways.

Catholics and Protestants interact with the same God in different ways.

How is this different?

Re:

[matthiasvegh]

Because so does the secretary. And you wouldn't call him/her a hacker/cracker/phreak/etc. Nor would any member of the public.

Re:

[SudoGhost]

You're missing the point. I would call I layman a priest either.

Re:

[SudoGhost]

Thank you pointman, for stating the obvious. "The secretary interacts with the computer in a different way than a hacker." Wow. Only thing is, what does that have to do with these increasingly idiotic analogies? The initial point was Hacker:Cracker::Catholic:Protestant. Outsiders typically don't know and don't care the difference between the two. Anyone who spends five seconds looking at the two can tell the difference between a hacker and a secretary.

Re:

[arthur01]

The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...

The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.

So what would *you* call a person who works to dismantle a computer problem, bit by bit, until it is solved?

Re:

[Reteo Varala]

The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...

The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.

First, keep in mind that the bulk of the Slashdot crowd happens to fit in the broader "hacker" category, and so would be much more aware of the distinction than the ones using the term as a blanket statement.

Second, keep in mind that times always change. To everyone else, once, geeks were geeks too. Now it tres chic to call oneself a geek when they know how to install and configure desktop applications in Windows.

Third, as times change, so do generations. I've seen enough evidence that the "hacker" label i

Re:

[LordNimon]

I'm sorry, but the word cracker is a perjorative for white people [wikipedia.org], and has been for at least a hundred years. If geeks want to differentiate among "good" and "bad" hackers, they (we) must come up with a better term.

I don't know any geek who uses the word "cracker" to refer to bad hackers.

Re:

[Noughmad]

From Wikipedia, the free encyclopedia:
A cracker is a baked good commonly made from unleavened grain flour dough and typically made in quantity in various hand-sized or smaller shapes.

We definitely need a better word.

Re:

[drcheap]

Yes, better terms like, say, good hacker and bad hacker?

We have the terms now

[catherder_finleyd]

White Hack (http://en.wikipedia.org/wiki/White_hat) versus Black Hat (http://en.wikipedia.org/wiki/Black_hat).

Re:

[mcgrew]

You don't have to know much about computers to crack them, all you need to know is where to find the software to do it for you. Hackers write code and modify hardware.

And I think "cracker" is apt. For one thing, they're in it for the money, which I'm told [slashdot.org] is more addictive than crack cocaine.

As to your hundred year old perjorative, I with my hazel eyes have been called "nigga" and "bro" by black friends; the walls are crumbling down. And you don't know that these crackers are white, I'm sure there are some

Re:

[tehcyder]

I'm sorry, but the word cracker is a perjorative for white people, and has been for at least a hundred years

Only in the US, and even then only for a certain type of poor white person in the south.

In the UK, for example, the two most common uses for the word are: Jacobs crackers (biscuits for cheese) and safe-cracker (someone who breaks into safes). This latter usage is the one that springs to my mind when I see the word "cracker" and makes perfect sense, referring to someone who breaks into computers

Re:

[KlaymenDK]

Perhaps it is a losing battle. Then again, in the spirit of "you miss all the shots you *don't* make", please bear with us as we keep repeating this.

Re:

[tehcyder]

Perhaps it is a losing battle.

I believe it is customary to spell that word "loosing" on slashdot. It's an old tradition, or a charter, or something.

Re:

[Lord Ender]

News flash: in English, words can have multiple definitions. I'm a hacker and I break golf clubs in frustration.

Re:ITYM "cracker"

[Kozz]

News flash: in English, words can have multiple definitions. I'm a hacker and I break golf clubs in frustration.

I'm a cracker, though I prefer the term "honky".

Re:

[Cwix]

Perhaps no one gives a damn what youd digg. You are an AC. The mods take care of that stuff for you.

Hunky!

[antdude]

I knew a guy named "Webjunky". I kept teasing him as "Webhunky" so I will do the same for you "hunky". :P

Re:

[flappinbooger]

My kids are crackers, meaning they were born in Florida.

Re:

[Trepidity]

Especially since if we're going to complain about "misuse" this way, then the proposed use of "cracker" here is incorrect: in computing, a cracker is a person who cracks copy-protection. A person who breaks into bank accounts or servers is not a "cracker" under the long-accepted definition. (Breaking encryption can also be called "cracking encryption", but those people aren't usually called "crackers", at least not without some other adjective, like "code crackers".)

Re:

[nabsltd]

(Breaking encryption can also be called "cracking encryption", but those people aren't usually called "crackers", at least not without some other adjective, like "code crackers".)

So, if "Weird Al" can get it right [wikipedia.org], why can't everyone else?

Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?

Re:

[slackbheep]

What about this guy doesn't strike you as gloriously geeky?

Re:

[Eil]

It's worse than that. Used to be, you could easily guess by context whether "hacker" meant someone who programs, tinkers with, or reverse engineers technology or someone who breaks into other people's systems through technological skill (your definition of "cracker"). And even then, the line was sometimes blurry. In the olden days, you had to be a hacker in order to be a cracker but the reverse was obviously never true.

Now, the media uses "hacker" to refer to anyone who is somehow linked to crime involving

Re:

[arndawg]

It's GNU/Linux not linux. Get over it, will ya?

Re:

[mcgrew]

Agreed. Hackers don't have business models, we just hack our hardware and software. Let the goddamned suits worry about business models.

The crooks who plant viruses for cash aren't hackers, they're businessmen. Sad that these days "hacker" has become synonymous with "electronic burglar" in the common man's mind.

Finally a Job!

[eldavojohn]

A job awaits me after I graduate from Cash Paradise University [krebsonsecurity.com]! With classes like "Botnet or How to Get My Own Bank Accounts" I'll never need to learn math!

Cracker != Hacker

[Anonymous Coward]

Can Slashdot please be the lone voice of reason that doesn't feed into the newsmedia's misuse of the word "hacker"?

Re:

[autocracy]

I officially give up on the cracker vs. hacker distinction. Hacker is a word with two meanings related respectively to exploration and compromise of computer systems. Crackers are things that go in your soup.

Re:

[tool462]

Crackers are things that go in your soup.

I thought those were called "busboys".

Re:

[Cwix]

You put busboys in your soup? That cant taste good.

Man I certainly hope you tip well.

Re:

[jdgeorge]

Traditionally, people who worked around computer security restrictions were referred to as "hackers" [wikipedia.org]. My understanding is that "cracking" [wikipedia.org] generally only refers to breaking the encryption that protects something, whereas "hacking" is a general term that refers to using a variety of methods to get elevated privileges on a system. Unfortunately, "hacking" also generally refers to any manipulation of the code on a system, which can muddy the distinction between "black hat hackers" and code developers who are co

Re:

[jdgeorge]

You're wrong.

Heh... thanks, I got a chuckle from this. There's something poetic about that response. :-)

No. I have proof!

[AnonymousClown]

Can Slashdot please be the lone voice of reason that doesn't feed into the newsmedia's misuse of the word "hacker"?

No - Hackers == crackers.

Here's is my proof - a movie about hackers that break into things [imdb.com].

It wasn't called Crackers but Hackers!

:-P

And...?

[iONiUM]

This isn't exactly a crazy revelation. OMGZ "HACKERS" (that's not even the right term) WANT MONEY. There's so many things wrong with this article, especially the fact that it's not even bringing new information, that I don't understand why this is even on /.

Re:

[Maarx]

I propose the use of there're as an abbreviation of there are.

Re:

[Cwix]

How do you pronounce it?

Basic rules of business don't necessarily apply

[digitaldc]

"They also know the basic rules of the business of increasing revenues while cutting costs."

True, but not all hackers/crackers/slackers do it to cut costs and increase revenue. Sometimes, it is just for notoriety.

There's some perfectly cromulent words for the...

[Chris Tucker]

...thieves and vandals that steal data, set up botnets or vandalize websites.

"Thieves and Vandals".

Thank you for your kind attention.

Re:

[maxume]

It's bizarre that you would highlight the malleability and flexibility of English while complaining about a word changing meaning.

Re:

[Chris Tucker]

Yeah, I know. Used to be, "nigger", "chink", "wop" were all socially acceptable words.

But not today.

Funny how that happened, isn't it?

Re:

[maxume]

I do not follow.

Re:

[Chris Tucker]

Yeah, that doesn't really surprise me.

Re:

[maxume]

No no, I get that you are making an argument about the people fighting for cracker choosing the wrong battle, I just don't get how your reply pertains to my post (unless you are complaining that the word 'hacker' is headed towards the same status as the ones you threw around).

Re:

[ergean]

As a member of the former roaming tribes of barbarians that invaded and pillaged Europe I'm displeased by the use of "vandals" in this context.

Re:

[Chris Tucker]

As a descendant of the indigenous peoples your ancestors invaded and pillaged, I understand your concerns and I feel your pain

Obtain

[NoSig]

I think it's too complimentary to say that these people "make" money, though they may succeed in taking money.

Re:

[Crudely_Indecent]

They steal data.
They sell data.

I'm sure a significant portion wouldn't be caught dead using stolen identities. It's far safer to sell them.

Re:

[Monkeedude1212]

Well yeah -

You think the guys boosting cars are the ones who want to own them?

Re:

[sleeper0]

you are fucking awesome

Sources, or GTFO

[Rogerborg]

Reads like a lot of obvious consultant-wank generalities to me.

I don't care who this broad claims to be, she needs to either cite case examples, or go bake me some cookies.

Oh, client confidentiality. Well, that's convenient, ain't it? On the internets, nobody can prove you're not a 1337 security ninja.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Geminii]

On the internets, nobody can prove you're not a 1337 security ninja.

Did you fail to turn up on my security payroll without me hiring you or noticing the addition? Then you're not a security ninja. :)

What's more dangerous?

[Monkeedude1212]

Industrialized hackers or non-industrialized hackers?

We recently had a run-in with a hacker, very recently, not this past Friday but the one before. Exploit because our Web Server wasn't patched up on Windows Updates (or so one expert tells us), we weren't more than a month behind. All that really seemed to occur is that the index.html file was overwritten by the hacker's web page. This has, of course, brought the spot light on IT and the CEO is now asking about our security practices.

This is the same CEO who insisted that we as IT staff dole out the passwords for users, make them simple enough to remember, and don't let them change. It is quite possibly the weakest password security I've ever seen and I have no doubts that this could have easily played a part in why there was a security breach. Reason being, sometimes a manager doesn't let us know of a person's dismissal till after they are gone - so their account is still fully active for a while. If they put in the request AFTER 5 on a Friday? Well lets hope we check our email when we get home and do it remotely. Just September we're dealing with the blow of someone leaving the company and taking contact information with them to their next job (I think that falls into trade secrets?), so theres a whole bunch of legal stuff around that, and of course people are asking if they were able to access this information after they left the company. Regardless, if someone puts in their 2 weeks - and they intend on taking it to their next job, they're going to grab what they can to take it off-site, and we have the worst policy regarding cell phones with data plans as well. Essentially if its not a blackberry, we set up the email forwarding, if it is a blackberry, we have an Enterprise server, and we can send the kill command to wipe all data from the blackberry including grandma's phone number... it's a pretty stupid policy, lets just leave it at that.

Basically, its going like this: The company went from small to medium pretty fast, and the plans are set to grow into a large company very quickly. All along the way, security was never that much of an issue, at least network wise. We had issues with people downloading movies and seemingly random attacks on the webserver, most of which have been dealt with by our firewall. All in all, the IT group is too small though, there's a team of 4 programmers to handle all the in-house applications we need, one of our critical systems is still on powerbuilder 5 or 6... Ontario just went from GST+PST to the Harmonized Sales Tax... Lets just say the Programmers are swamped. On the other side we've got 4 technicians and a manager. The manager contracts out our firewall setups to some guy who really doesn't seem any more competant than the rest of us, in fact he tries to keep us distracted while he does his work so we can't actually learn his job. I guess most contractors are probably like that though. But otherwise, its just 4 of us to handle ~800 PCs which is probably going to bump up to 1000 before December here, as we have roughly 5 new locations opening up.

So we're not equipped to handle hackers - and we've officially been hacked. What do we do? Turn to an industrialized hacker and hope we can pay more than our competitor's might pay? After all, it's a double edged sword. If we go looking for help on our security, it shows we have a weakness, and if we don't want to pay for his services he can go right next door and try and sell our goods with confidence. To me that sounds like a scenario where they can name just about any price they like. And with the current state of the company (growing) it would seem we have a lot of money to lose.

More devastating though, would be a hacker who ISN'T in it for the money. We get a lot of turn over here - and not just the summer student temps but in pretty much every division but IT and accounting. Someone who wants the company to fail and has a friend with expertise, or the expertise themselves, could easily bring this place down. I think we got lucky that we were hit by someone who seems to do nothing but self promotion of his abilities. Things aren't good right now, but they could be a lot worse.

Re:

[umberleigh]

So, where do you work?

Re:

[Monkeedude1212]

Haha, figured that'd be brought up.

I fear I've already given away enough already - that anyone with sufficient expertise might already figure it out.

Re:

[drcheap]

Exploit because our Web Server wasn't patched up on Windows Updates

Hacked web server, Windows, same sentence, tl;dr.

Sorry, had to ;)

Re:

[Anonymous Coward]

Your server updates should be applied as soon as they come out. Being a month behind was unacceptable. Sometimes Microsoft releases them out of band (outside of Patch Tuesday). Those are really important and should be installed and the server rebooted that night. Web server should be in a DMZ. Should only have one or two local admin accounts that only the IT people know. Should not have any ports open to the internet except 80 and 443 if you need it. Any other server software on it should be fully up

Re:

[savanik]

So we're not equipped to handle hackers - and we've officially been hacked. What do we do?

Hiring 'hackers' is a media fiction - you wouldn't hire someone who was convicted of armed robbery to guard your local bank just because he was really good at it, would you? Hire a security professional who actually takes what they do for a living seriously, has credentials to prove it, and has a reputation for honesty and integrity they're not afraid to defend with references from previous employers and clients. Or contract the same. Or hire a consulting firm that specializes in security. A CISSP should be

Re:

[BigSlowTarget]

>Turn to an industrialized hacker and hope we can pay more than our competitor's might pay?
NO NO NO NO. If you hire a criminal they will steal from you. This is like hiring a wolf to guard the sheep except the sheep are chopped up into cutlets and served to him on fine china.

Turn to a decent computer consulting company and bring in an integrated security solution, practices and policies. Use the breach as a lever to get the CEO to cough up the money for it. Business case goes like this: Get good securi

Re:

[severn2j]

You don't need to hire a '{cr|h}acker' for this, as others have said, wolf -> hen house.. Firstly tho, don't let your CEO dictate your IT security policy. Seriously. That's your IT managers job, he should've pushed back on that one, so he should be getting flak for not doing that. If you want to improve security, I would hire a sysadmin with a decent background in security, and get him to manage that side of things (patching, hardening, etc) and also to spread the knowledge and a more security focuse

help needed!

[Kvasio]

Seems that kdawson has "hacked" into CmdrTaco's /. account

Alternative hacker business model

[Target Practice]

Never heard of Security Week beyond a CIO/CEO's reading table, but that's probably just me showing my ignorance. I guess I still get offended by people messing with the word "hacker", but it especially hits home with something as greasy and vile as this. Here's an alternative Hacker Business Model:

0) Grow up infatuated with all things mechanical and electronic
1) Spend countless hours playing with Linux and Perl while the other kids smash heads together on the football field
2) Convert that time into "years o

Re:

[dave562]

It worked for me as well, but do you think it is still valid? I started working in IT back in 1996 when I was 18 years old. At that point the knowledge I had gained from tinkering on my own, and going to 2600 meetings and Defcon was enough to get me a job doing IT. When I look back at it, I think that I was able to do what I did and embark on the career path that I was on because I was in the right place at the right time. People with the skills to configure networking gear and servers and firewalls wer

replace word 'hacker' by 'cracker'

[Device666]

Come on the editors of Slashdot should know about the difference between the word hacker and cracker. A hacker has only a negative sound to those who don't know the history about the word or know what they are talking about, you know the way Hollywood uses the word for example. Crackers are the criminal oness. Or at least say something like "black hats" instead of hacker, when it's the criminals you are writing about.

More and more articles seems to suffer from the same lack of geekyness in multiple different ways..

Re:

[neminem]

Important consideration: words often have multiple meanings that are made distinct only through context. Yes, the MIT-type hacker is totally different from the average black hat hacker. But it's obvious which the article meant, in the same way that you can tell that the piracy off Somalia doesn't involve copyright infringement, and the piracy of Windows in Russia doesn't involve boats or guns.

Heck, if you start going around talking about crackers being evil, won't people think you're being racist against Ca