The Hacker Profiling Project

NewsForge writes "NewsForge is running a story about a project aiming to profile hackers like the police do with common criminals. Not based out of the U.S. per se, this project falls under the auspices of the United Nations Interregional Crime and Justice Research Institute (UNICRI). The project was co-founded by Stefania Ducci, in 2004, along with Raoul Chiesa." From the article: "NewsForge: What would the project concretely produce as final output? Stefania Ducci: The final goal is a real and complete methodology for hacker profiling, released under GNU/FDL. This means that, at the end of our research project, if a company will send us its (as detailed as possible) logs related to an intrusion, we — exactly like in the TV show C.S.I. when evidence is found on the crime scene — will be able to provide a profile of the attacker. By 'profile' we mean, for example, his technical skills, his probable geographic location, an analysis of his modus operandi, and of a lot of other, small and big, traces left on the crime scene. This will also permit us to observe and, wherever possible, preview new attack trends, show rapid and drastic behavior changes, and, finally, provide a real picture of the world of hacking and its international scene."

Something interesting that might be related to it

[Ernesto+Alvarez]

Reminds me of a project the Argentinian military presented about a year ago in a security congress I went to.

The idea was to "fingerprint" hacking attempts by measuring timing in typing on terminals. Say, a hacker would attack a system, a fingerprint would be taken (of the unknown hacker's typing habits) and then on another break-in, a new fingerprint would be taken and compared to previous ones to determine if it is a formely filed hacker.

Another possibility from that idea was to use the fingerprint also to verify the user's identity (you have to enter a password, but the server also fingerprints you and denies access if the fingerprint does not match).

Definitely one of the best expositions in the congress. Pity I cannot find any papers. I found the original presentation, in spanish though, by searching for "Remote identification of keystroke patterns" on google.

Re:Don't like change?

[a.d.trick]

I wouldn't say that hacker no longer refers to a wizardly computer programmer, ever. As you said works can have multiple meanings, and in certain contexts, it's perfectly acceptable to use the word like that. At the moment, there's a problem because there's not really a good word to replace hacker (in the programmer sense) that retains all the connotations. Also, in other context, it has completly different meaning (as in 'css hack'), It may be that hacker is becoming a single morpheme word. All in all, it's a pretty butchered word.

And yes, you can fight what words mean (school teachers do it all the time). Sometimes it works, usually it doesn't, and it's often a waste of time.

Re:Geographic Location?

[Jimmy+King]

I assume they mean determining the region (and I would still consider this just as untrustworthy as using the IP) by figuring in things such as the types of attacks used, apparent knowledge, what they were attacking, what information they took/used/ignored, etc as compared to trends of the same measures from different areas of the world.

Re:Like CSI?

[John+Hurliman]

The goal of the project is to be as cool as a TV drama series? More proof that life imitates art.