How Hackers Identify Their Targets

narramissic writes "In a recent article, security guru Brent Huston writes about research he did to get inside the minds of spammers and expose some of the processes they use to identify potential targets. Huston says that among the four common ways that spam is spread, the most common method that spammers use is via open relays. Huston's research also revealed that 'they were doing much more server analysis' than he had expected and that they take a multi-step approach: 'They scan the server for proper RFC compliance, and then they send a test message to a disposable address. Only after these are complete did they adopt the tool to dump their spam.'"

hacker /= spammer

[enlefo]

The title to the story says how hackers identify there targets but the story is about spammer. They are different.

Hackers != Spammers

[NaNO2x]

This is the type of negative image that hackers need to stop. I had a long conversation with someone on the differences between hackers and crackers and I can understand the confusion, but spammers and hackers, this is taking it a bit to far.

Re:Hackers != Spammers

[misleb]

WHen spammers have to jump through hoops and be very clever about not being tracked, aren't they hackers? Sure, there are probably many spammers who simply employ pre-made tools to spam. We can equate them with "script kiddies." But there are certainly spammers who go out of their way to find new and novel ways to get their their spam through.

-matthew

Hacky Definitions

[Doc+Ruby]

I'm a hacker. I choose my target by seeing some new device or system that does something at least kinda cool. Then I say "I bet I can make it do something else cool." Then I do it.

They're talking about "crackers", "phishers", scammers and criminals. They're not trying to make a system do anything cool, except when it damages or robs a person. Just making a system do something unexpectedly cool is irrelevant unless it takes something from a person, not the system.

Re:Duh... It's so obvious...

[daeg]

It doesn't take a security vulnerability to make sendmail vulnerable... all it takes is a rookie Linux administrator configuring it and setting it up incorrectly.

Many times I imagine that rookie administrators are trying to get sendmail just to work right so they enable something they shouldn't. It works... and they never bother to address their issue correctly, or even know that they addressed it incorrectly.

Zonk, your stories have high suck ratio.

Zonk dude/chick, not sure. About 2 out of every 3 of your stories are misinformed, not important, or just fud. I admire the 1 of 3 stories you post but damn, lay off the POST button till you get your stuff straight. Spammer = hacker... sometimes yes, but in this community hacker > spammer. That's like calling PeeWee Herman and stud for what he did back in the day.

Thanks but no thanks for this one.

Re:He is wrong.

[vertinox]

Er, ah, what's the difference again?

One is where the person installs a mail server and doesn't know how to configure it.
The other is where someone runs an operating system and doesn't know how to use it.

Of course the latter might be more because it it was made by developers who didn't know how to write it.

Re:Oh, give it up, already!

[kinglink]

except hackers were original and always were good, it's because of the media who has told us over and over hackers are bad.

Read "Hackers" the book, written in 1984, long before any of those media morons that you believe now had even thought of the word.

Hacker is a term of skill, cracker is a term for a person who breaks into systems. And as you say just because the media tells me a banana is a car doesn't make it so.