Hacker Business Models 96
wiredmikey writes "The industrialized hackers are intent on one goal — making money. They also know the basic rules of the business of increasing revenues while cutting costs. As hackers started making money, the field became full of 'professionals' that inspired organized cyber crime. Similar to industrial corporations, hackers have developed their own business models in order to operate as a profitable organization. What do these business models look like? Data has become the hacker's currency. More data, more money. So the attack logic is simple: the more attacks, the more likely victim — so you automate ..."
ITYM "cracker" (Score:5, Insightful)
I'm a hacker and I break out of loops, not into computers.
Re: (Score:1)
Slashdot needs to get with the times and have something similar to a like/digg/whatever button.
Re: (Score:1)
Losing battle (Score:5, Insightful)
Re:Losing battle (Score:5, Insightful)
The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...
The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.
Re: (Score:1)
Re: (Score:2)
Ditto - Even the old geeks...
Maybe an ad campaign will help..., Happy-Hackers, Criminal-Crackers, Phony-Phreaks, MILFs-Bleat with Meek-Geeks....
Re: (Score:2)
Re: (Score:2)
The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...
The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.
It isn't just the Slashdot crowd. Lots of IT folks understand the difference and use the terms appropriately. Especially folks who would actually label themselves as hackers or crackers.
I suppose it wouldn't be quite so annoying if it was just the mainstream media screwing it up... But this is a publication on a website calling itself SecurityWeek. You'd think they might know something about IT.
Re: (Score:2)
Sometimes (like when they call crackers "hackers") I think "Security Week" is one of those spellcheck-friendly homophone typos, and it's supposed to be "Suck your I.T. weak".
Re: (Score:1)
It isn't just the Slashdot crowd. Lots of IT folks understand the difference and use the terms appropriately. Especially folks who would actually label themselves as hackers or crackers
If IT folks aren't a part of the Slashdot crowd, who is?
I don't think I've ever heard someone say cracker without referring to something edible, except on Slashdot. And even on Slashdot, I mostly only see it used when people complain that it should have been used in place of cracker. It's dead Jim.
Re: (Score:1)
Something recently broke inside the latch on my glovebox recently. Nissan couldn't replace the part that broke, so I managed a fix by replacing the part with some appropriately bent wire and superglue.
This would be a hack using available resources.
Re: (Score:2)
Re: (Score:2)
Erm ... okay, although Ghandi said that "you christians are so unlike Christ" I'm still going to say "bad analogy" because I consider hackers and crackers are not merely variant of the same but very nearly *opposites* (which, mind you, is not the same thing as "opponents").
Re: (Score:2)
Catholics and Protestants interact with the same God in different ways.
How is this different?
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...
The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.
So what would *you* call a person who works to dismantle a computer problem, bit by bit, until it is solved?
Re: (Score:2)
The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker ...
The *only* people that differentiate between the two are the Slashdot crowd. To *everyone* else, an hacker is a hacker is a hacker.
First, keep in mind that the bulk of the Slashdot crowd happens to fit in the broader "hacker" category, and so would be much more aware of the distinction than the ones using the term as a blanket statement.
Second, keep in mind that times always change. To everyone else, once, geeks were geeks too. Now it tres chic to call oneself a geek when they know how to install and configure desktop applications in Windows.
Third, as times change, so do generations. I've seen enough evidence that the "hacker" label i
Re: (Score:2, Insightful)
I don't know any geek who uses the word "cracker" to refer to bad hackers.
Re: (Score:1)
From Wikipedia, the free encyclopedia:
A cracker is a baked good commonly made from unleavened grain flour dough and typically made in quantity in various hand-sized or smaller shapes.
We definitely need a better word.
Re: (Score:1)
Yes, better terms like, say, good hacker and bad hacker?
We have the terms now (Score:2)
White Hack (http://en.wikipedia.org/wiki/White_hat) versus Black Hat (http://en.wikipedia.org/wiki/Black_hat).
Re: (Score:2)
You don't have to know much about computers to crack them, all you need to know is where to find the software to do it for you. Hackers write code and modify hardware.
And I think "cracker" is apt. For one thing, they're in it for the money, which I'm told [slashdot.org] is more addictive than crack cocaine.
As to your hundred year old perjorative, I with my hazel eyes have been called "nigga" and "bro" by black friends; the walls are crumbling down. And you don't know that these crackers are white, I'm sure there are some
Re: (Score:2)
Only in the US, and even then only for a certain type of poor white person in the south.
In the UK, for example, the two most common uses for the word are: Jacobs crackers (biscuits for cheese) and safe-cracker (someone who breaks into safes). This latter usage is the one that springs to my mind when I see the word "cracker" and makes perfect sense, referring to someone who breaks into computers
Re: (Score:3, Insightful)
Perhaps it is a losing battle. Then again, in the spirit of "you miss all the shots you *don't* make", please bear with us as we keep repeating this.
Re: (Score:2)
I believe it is customary to spell that word "loosing" on slashdot. It's an old tradition, or a charter, or something.
Re: (Score:3, Informative)
News flash: in English, words can have multiple definitions. I'm a hacker and I break golf clubs in frustration.
Re:ITYM "cracker" (Score:5, Funny)
News flash: in English, words can have multiple definitions. I'm a hacker and I break golf clubs in frustration.
I'm a cracker, though I prefer the term "honky".
Re: (Score:2)
Perhaps no one gives a damn what youd digg. You are an AC. The mods take care of that stuff for you.
Hunky! (Score:2)
I knew a guy named "Webjunky". I kept teasing him as "Webhunky" so I will do the same for you "hunky". :P
Re: (Score:2)
Re: (Score:2)
Especially since if we're going to complain about "misuse" this way, then the proposed use of "cracker" here is incorrect: in computing, a cracker is a person who cracks copy-protection. A person who breaks into bank accounts or servers is not a "cracker" under the long-accepted definition. (Breaking encryption can also be called "cracking encryption", but those people aren't usually called "crackers", at least not without some other adjective, like "code crackers".)
Re: (Score:2)
(Breaking encryption can also be called "cracking encryption", but those people aren't usually called "crackers", at least not without some other adjective, like "code crackers".)
So, if "Weird Al" can get it right [wikipedia.org], why can't everyone else?
Re: (Score:1)
Re: (Score:2)
It's worse than that. Used to be, you could easily guess by context whether "hacker" meant someone who programs, tinkers with, or reverse engineers technology or someone who breaks into other people's systems through technological skill (your definition of "cracker"). And even then, the line was sometimes blurry. In the olden days, you had to be a hacker in order to be a cracker but the reverse was obviously never true.
Now, the media uses "hacker" to refer to anyone who is somehow linked to crime involving
Re: (Score:1)
Re: (Score:2)
Agreed. Hackers don't have business models, we just hack our hardware and software. Let the goddamned suits worry about business models.
The crooks who plant viruses for cash aren't hackers, they're businessmen. Sad that these days "hacker" has become synonymous with "electronic burglar" in the common man's mind.
Finally a Job! (Score:2)
Cracker != Hacker (Score:1, Insightful)
Can Slashdot please be the lone voice of reason that doesn't feed into the newsmedia's misuse of the word "hacker"?
Re: (Score:3, Insightful)
I officially give up on the cracker vs. hacker distinction. Hacker is a word with two meanings related respectively to exploration and compromise of computer systems. Crackers are things that go in your soup.
Re: (Score:2)
Crackers are things that go in your soup.
I thought those were called "busboys".
Re: (Score:2)
You put busboys in your soup? That cant taste good.
Man I certainly hope you tip well.
Re: (Score:2)
Traditionally, people who worked around computer security restrictions were referred to as "hackers" [wikipedia.org]. My understanding is that "cracking" [wikipedia.org] generally only refers to breaking the encryption that protects something, whereas "hacking" is a general term that refers to using a variety of methods to get elevated privileges on a system. Unfortunately, "hacking" also generally refers to any manipulation of the code on a system, which can muddy the distinction between "black hat hackers" and code developers who are co
Re: (Score:2)
You're wrong.
Heh... thanks, I got a chuckle from this. There's something poetic about that response. :-)
No. I have proof! (Score:1)
Can Slashdot please be the lone voice of reason that doesn't feed into the newsmedia's misuse of the word "hacker"?
No - Hackers == crackers.
Here's is my proof - a movie about hackers that break into things [imdb.com].
It wasn't called Crackers but Hackers!
:-P
And...? (Score:2)
This isn't exactly a crazy revelation. OMGZ "HACKERS" (that's not even the right term) WANT MONEY. There's so many things wrong with this article, especially the fact that it's not even bringing new information, that I don't understand why this is even on /.
Re: (Score:2)
Re: (Score:2)
How do you pronounce it?
Basic rules of business don't necessarily apply (Score:4, Insightful)
True, but not all hackers/crackers/slackers do it to cut costs and increase revenue. Sometimes, it is just for notoriety.
There's some perfectly cromulent words for the... (Score:3, Insightful)
...thieves and vandals that steal data, set up botnets or vandalize websites.
"Thieves and Vandals".
Thank you for your kind attention.
Re: (Score:1)
It's bizarre that you would highlight the malleability and flexibility of English while complaining about a word changing meaning.
Re: (Score:2)
Yeah, I know. Used to be, "nigger", "chink", "wop" were all socially acceptable words.
But not today.
Funny how that happened, isn't it?
Re: (Score:1)
I do not follow.
Re: (Score:2)
Yeah, that doesn't really surprise me.
Re: (Score:1)
No no, I get that you are making an argument about the people fighting for cracker choosing the wrong battle, I just don't get how your reply pertains to my post (unless you are complaining that the word 'hacker' is headed towards the same status as the ones you threw around).
Re: (Score:2)
As a member of the former roaming tribes of barbarians that invaded and pillaged Europe I'm displeased by the use of "vandals" in this context.
Re: (Score:2)
As a descendant of the indigenous peoples your ancestors invaded and pillaged, I understand your concerns and I feel your pain
Obtain (Score:1)
Re: (Score:2)
They steal data.
They sell data.
I'm sure a significant portion wouldn't be caught dead using stolen identities. It's far safer to sell them.
Re: (Score:2)
Well yeah -
You think the guys boosting cars are the ones who want to own them?
Re: (Score:2)
Sources, or GTFO (Score:3, Informative)
Reads like a lot of obvious consultant-wank generalities to me.
I don't care who this broad claims to be, she needs to either cite case examples, or go bake me some cookies.
Oh, client confidentiality. Well, that's convenient, ain't it? On the internets, nobody can prove you're not a 1337 security ninja.
Re: (Score:1)
Re: (Score:1)
On the internets, nobody can prove you're not a 1337 security ninja.
Did you fail to turn up on my security payroll without me hiring you or noticing the addition? Then you're not a security ninja. :)
What's more dangerous? (Score:4, Interesting)
Industrialized hackers or non-industrialized hackers?
We recently had a run-in with a hacker, very recently, not this past Friday but the one before. Exploit because our Web Server wasn't patched up on Windows Updates (or so one expert tells us), we weren't more than a month behind. All that really seemed to occur is that the index.html file was overwritten by the hacker's web page. This has, of course, brought the spot light on IT and the CEO is now asking about our security practices.
This is the same CEO who insisted that we as IT staff dole out the passwords for users, make them simple enough to remember, and don't let them change. It is quite possibly the weakest password security I've ever seen and I have no doubts that this could have easily played a part in why there was a security breach. Reason being, sometimes a manager doesn't let us know of a person's dismissal till after they are gone - so their account is still fully active for a while. If they put in the request AFTER 5 on a Friday? Well lets hope we check our email when we get home and do it remotely. Just September we're dealing with the blow of someone leaving the company and taking contact information with them to their next job (I think that falls into trade secrets?), so theres a whole bunch of legal stuff around that, and of course people are asking if they were able to access this information after they left the company. Regardless, if someone puts in their 2 weeks - and they intend on taking it to their next job, they're going to grab what they can to take it off-site, and we have the worst policy regarding cell phones with data plans as well. Essentially if its not a blackberry, we set up the email forwarding, if it is a blackberry, we have an Enterprise server, and we can send the kill command to wipe all data from the blackberry including grandma's phone number... it's a pretty stupid policy, lets just leave it at that.
Basically, its going like this: The company went from small to medium pretty fast, and the plans are set to grow into a large company very quickly. All along the way, security was never that much of an issue, at least network wise. We had issues with people downloading movies and seemingly random attacks on the webserver, most of which have been dealt with by our firewall. All in all, the IT group is too small though, there's a team of 4 programmers to handle all the in-house applications we need, one of our critical systems is still on powerbuilder 5 or 6... Ontario just went from GST+PST to the Harmonized Sales Tax... Lets just say the Programmers are swamped. On the other side we've got 4 technicians and a manager. The manager contracts out our firewall setups to some guy who really doesn't seem any more competant than the rest of us, in fact he tries to keep us distracted while he does his work so we can't actually learn his job. I guess most contractors are probably like that though. But otherwise, its just 4 of us to handle ~800 PCs which is probably going to bump up to 1000 before December here, as we have roughly 5 new locations opening up.
So we're not equipped to handle hackers - and we've officially been hacked. What do we do? Turn to an industrialized hacker and hope we can pay more than our competitor's might pay? After all, it's a double edged sword. If we go looking for help on our security, it shows we have a weakness, and if we don't want to pay for his services he can go right next door and try and sell our goods with confidence. To me that sounds like a scenario where they can name just about any price they like. And with the current state of the company (growing) it would seem we have a lot of money to lose.
More devastating though, would be a hacker who ISN'T in it for the money. We get a lot of turn over here - and not just the summer student temps but in pretty much every division but IT and accounting. Someone who wants the company to fail and has a friend with expertise, or the expertise themselves, could easily bring this place down. I think we got lucky that we were hit by someone who seems to do nothing but self promotion of his abilities. Things aren't good right now, but they could be a lot worse.
Re: (Score:1)
Re: (Score:2)
Haha, figured that'd be brought up.
I fear I've already given away enough already - that anyone with sufficient expertise might already figure it out.
Re: (Score:1)
Exploit because our Web Server wasn't patched up on Windows Updates
Hacked web server, Windows, same sentence, tl;dr.
Sorry, had to ;)
Re: (Score:1, Informative)
Your server updates should be applied as soon as they come out. Being a month behind was unacceptable. Sometimes Microsoft releases them out of band (outside of Patch Tuesday). Those are really important and should be installed and the server rebooted that night. Web server should be in a DMZ. Should only have one or two local admin accounts that only the IT people know. Should not have any ports open to the internet except 80 and 443 if you need it. Any other server software on it should be fully up
Re: (Score:3, Informative)
So we're not equipped to handle hackers - and we've officially been hacked. What do we do?
Hiring 'hackers' is a media fiction - you wouldn't hire someone who was convicted of armed robbery to guard your local bank just because he was really good at it, would you? Hire a security professional who actually takes what they do for a living seriously, has credentials to prove it, and has a reputation for honesty and integrity they're not afraid to defend with references from previous employers and clients. Or contract the same. Or hire a consulting firm that specializes in security. A CISSP should be
Re: (Score:3, Informative)
>Turn to an industrialized hacker and hope we can pay more than our competitor's might pay?
NO NO NO NO. If you hire a criminal they will steal from you. This is like hiring a wolf to guard the sheep except the sheep are chopped up into cutlets and served to him on fine china.
Turn to a decent computer consulting company and bring in an integrated security solution, practices and policies. Use the breach as a lever to get the CEO to cough up the money for it. Business case goes like this: Get good securi
Re: (Score:1)
help needed! (Score:3, Insightful)
Seems that kdawson has "hacked" into CmdrTaco's /. account
Alternative hacker business model (Score:2)
Never heard of Security Week beyond a CIO/CEO's reading table, but that's probably just me showing my ignorance. I guess I still get offended by people messing with the word "hacker", but it especially hits home with something as greasy and vile as this. Here's an alternative Hacker Business Model:
0) Grow up infatuated with all things mechanical and electronic
1) Spend countless hours playing with Linux and Perl while the other kids smash heads together on the football field
2) Convert that time into "years o
Re: (Score:2)
It worked for me as well, but do you think it is still valid? I started working in IT back in 1996 when I was 18 years old. At that point the knowledge I had gained from tinkering on my own, and going to 2600 meetings and Defcon was enough to get me a job doing IT. When I look back at it, I think that I was able to do what I did and embark on the career path that I was on because I was in the right place at the right time. People with the skills to configure networking gear and servers and firewalls wer
replace word 'hacker' by 'cracker' (Score:3, Informative)
More and more articles seems to suffer from the same lack of geekyness in multiple different ways..
Re: (Score:1)
Heck, if you start going around talking about crackers being evil, won't people think you're being racist against Ca