Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Not Afraid of Being Caught

Posted by CmdrTaco on from the they-are-masters-of-disguises dept.

An anonymous reader wrote in to point us to an interview with Honeynet Founder Lance Spitzner where he says "Years ago it was hackers who were doing it for the bragging rights, now it's the criminals. The motivation has changed, hacking is now profitable and there's so much money to be made with very little risk to the actual hackers."

27 of 169 comments (clear)

  1. I smell a business opportunity. by dada21 · · Score: 5, Insightful

    Of course hacking is profitable -- the laws of supply and demand cover this as any service or product. The laws making hacking illegal only add more gold to the pot. For acts considered criminal, the value to the service provider will still meet what the market dictates. In this case, the chance of getting caught is low, so hacking might not be as profitable as selling pot, but it also depends on the demand. If hackers are making money, that means there is a demand for their service. If only a few hackers are willing to take the risk, a high demand and low supply of service providers means a high cost/profit. That's the nature of the free market.

    Yet I don't think this profit will necessarily last forever -- even if laws change to make it easier to catch a hacker and even if the penalties are raised. The Internet is global, not local. With more third party countries gaining Internet access and more people willing to invest the time to learn to hack, I believe hackers will find their jobs outsourced as quickly as call centers and web developers have. So what?

    The State will write laws to defend against hacking, but the reality is that the free market will provide better defense. There are laws against breaking and entering, but do they work? No, locks do. In situations where locks don't work, alarms work. In situations where alarms aren't enough, a Colt 45 used once usually fixes that situation. The law has almost no effect on crime other than raising the profit for those willing to take the risk. Hackers make a profit only means that anti-hackers have a new business opportunity -- and if you're good with security, you should make a windfall NOW before the law interferes with YOUR ability to secure your clients. Regulations against hacking might harm you more than they harm the "criminals."

    Take advantage of this business opportunity today -- on either side of the "battle."

    1. Re:I smell a business opportunity. by Anonymous Coward · · Score: 1, Insightful

      "The law has almost no effect on crime other than raising the profit for those willing to take the risk."

      So I guess Hammarapi and every form of social organization since his time are wrong and we should have no laws?

    2. Re:I smell a business opportunity. by MadEE · · Score: 3, Insightful
      The State will write laws to defend against hacking, but the reality is that the free market will provide better defense. There are laws against breaking and entering, but do they work? No, locks do. In situations where locks don't work, alarms work. In situations where alarms aren't enough, a Colt 45 used once usually fixes that situation. The law has almost no effect on crime other than raising the profit for those willing to take the risk. Hackers make a profit only means that anti-hackers have a new business opportunity -- and if you're good with security, you should make a windfall NOW before the law interferes with YOUR ability to secure your clients. Regulations against hacking might harm you more than they harm the "criminals."
      What complete and utter unsubstantiated bullshit. First of all the novelty of an alarm system is notification of the police, who job it is to *gasp* uphold the law. There are plenty of processionals that can or profession demands the ability to pick locks, bypass alarm systems and assault a building in a manner that would make a gun have very little effect. Despite this you see professionals in all of these trades work in legitimate trades despite the fact that illegal ones would be far more profitable. Perhaps the knowledge that maybe losing a chunk of your life to jail may put some second thoughts into these people.
    3. Re:I smell a business opportunity. by Fred_A · · Score: 2, Insightful
      Not exactly "free" then, is it? Unless you want a "market of one."
      Yes, that's how "free" markets usually end up.
      --

      May contain traces of nut.
      Made from the freshest electrons.
    4. Re:I smell a business opportunity. by s20451 · · Score: 4, Insightful

      The market provides for both sides, the law provides for no one.

      Anyone who thinks anarchocapitalism is a good idea should move to Somalia. The governmental vacuum is basically filled by loosely organized and bad-tempered gangs of mercenaries, although cell phone service is apparently cheap and plentiful. I would prefer the law, thanks.

      --
      Toronto-area transit rider? Rate your ride.
    5. Re:I smell a business opportunity. by maxume · · Score: 2, Insightful

      Locks keep honest people out. Alarms send bad guys next door. They solve the immediate problem. Note that alarms don't work so well in the absence of the police+justice system, which is so graciously provided by the market .

      Yes, the free market does provide the Colt 45, but society has collectively decided that there are better ways of controlling the assholes than shooting them all the time. Get used to it.

      --
      Nerd rage is the funniest rage.
    6. Re:I smell a business opportunity. by Archangel+Michael · · Score: 4, Insightful

      "I would prefer the law"

      Somalia has laws. What they don't have is ORDER. Laws do not create order. Enforcement of laws does.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    7. Re:I smell a business opportunity. by 99BottlesOfBeerInMyF · · Score: 5, Insightful

      First of all the novelty of an alarm system is notification of the police, who job it is to *gasp* uphold the law.

      This is untrue. The chances of the police responding in time to do anything is very slim. The main purpose is to alert the owner and other people nearby, thus increasing the risk of this particular robbery or crime. It is the job of the police to investigate crimes, but they have neither the manpower or the will to prevent crime.

      There are plenty of processionals that can or profession demands the ability to pick locks, bypass alarm systems and assault a building in a manner that would make a gun have very little effect.

      Relative to the general populace or to the criminal populace, this just isn't true. Locks are easy to pick, alarm systems can be bypassed, but very few criminals take the time to do either when there are easier targets.

      Perhaps the knowledge that maybe losing a chunk of your life to jail may put some second thoughts into these people.

      Threat of punishment is a motivational factor, but surprisingly, not a very significant one. Studies have shown people in general believe they can get away with crimes without being caught. The main motivation for not committing them is actually a moral one. People do not feel justified in robbery. One of the strongest correlations with robbery and violent crime worldwide is wealth disparity. In places where some people are very poor and others are very rich, despite the rich not necessarily working harder or being smarter than the poor, the rates of these crimes is higher. It is easy to justify robbery when you were born into debt while others were born into extreme wealth. And that is exactly what people do.

    8. Re:I smell a business opportunity. by xappax · · Score: 5, Insightful

      OK, I hate government just as much as you, but on this matter it seems like you don't really know what you're talking about.

      You claim that tighter laws and enforcement against computer criminals will encourage computer crime by driving down the supply of willing "workers". While this may jive with your anarcho-capitalist theory, it just ain't true.

      The entire point of the article was that hacking is prevalent because there isn't serious enforcement of the law. The author points out that criminals use insecure methods of communication, not even bothering to conceal themselves, because they're confident that the law won't touch them. If the governments in eastern europe cracked down on internet crime, and actively investigated and arrested computer criminals, many of the current participants would be scared out of the game, no longer confident that they're above the law. There is a threshold of risk beyond which very few people are willing to go, even for a huge reward, and this is even more true of a job that requires in-depth training and is inaccessible to the vast majority of people.

      There are plenty of good reasons to oppose cyber-crime crackdowns, and I for one do, but the argument you're making in this case is naive to both the technical and economic realities of international computer crime.

    9. Re:I smell a business opportunity. by mapkinase · · Score: 4, Insightful

      I wholeheartedly agree with the last paragraph. Further, we need to stop glamorizing hackers, the same way movie industry stopped glamorizing the mob (think Godfather -> Goodfellas transition). The main reason it has not been done yet is the hacker world is almost completely non-violent one. When hackers are associates of the multi-area mafia, they are at the same service level as lawyers, drivers, gray-business owners (pimps, dealers, bookmakers), small-business owners of the meeting places (restaurants, motels), etc... which are not particularly glamorized, but also not vilified enough as hitmen and high-level mob managers are.

      Besides this, there are other important differences between breeching brick-and-mortar and breeching digital.

      1. One-target-per-act - many-targets-per-act (hence "going after easy targets" emphasized)
      2. Localized - internationalized (hence "hard to catch" factor)

      Those two factors make huge difference.

      --
      I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
    10. Re:I smell a business opportunity. by diersing · · Score: 2, Insightful

      And if the ORDER, whether from enforcement agencies lack of size/strength/resources/capabilities/perception, can not enforce a law the free market will provide a solution for a fee.

    11. Re:I smell a business opportunity. by technococcus · · Score: 4, Insightful

      Hey, just FYI:

      Alarm systems notify the police. The police come to the house. This process will almost certainly take far longer than the process of Break-and-Enter, Rape-and-Pillage, Then Haul Ass that the criminals in any given breaking and entering situation will be using. If you don't believe me, check the home invasion response times on the FBI's website. Nearly all calls (real live actual person calls, not automated alarm triggers!) take 5+ minutes, and a shocking amount have longer response times.

      Also, just so you're aware of this next time you rely on the police to protect you/your rights:

      It has been upheld three times (to my knowledge, there may have been more, more recent cases that uphold this as well) that a police department and its officers and employees are not responsible for providing for the personal protection or safety of any private citizen's health, life, welfare, or property and that none of these have any obligation to place themselves at any risk to protect any of those. A friend of mine who was a SWAT member on the Indianapolis PD for 20+ years (and spent the last 2 as an entry leader) has mentioned that doing a response to a home invasion call by the book according to many agencies and departments involves showing up and then checking your watch. You sit in the car for 5 minutes. THEN, you go see what's going on. The departments don't want their officers going in where there might still be criminals. So, yeah, the police probably won't be anything like as helpful to you in the defense of your life and property (and the lives and property of your loved ones) as a firearm that you have some skill with. A gun rarely has "very little effect" unless you're storing it improperly for defense (i.e., not near you/on you, not loaded, locked; most of your hunting weapons which stay locked in the safe wouldn't help, but the pistol you carry on a daily basis and the 12-gauge you keep loaded behind the bed would) or are completely unskilled in its use or unwilling to use it as intended (i.e., to fire upon in an attempt to incapacitate an intruder/threat).

      Again, this has been a public service announcement for the instruction of all people interested in their own welfare.

    12. Re:I smell a business opportunity. by egamma · · Score: 2, Insightful

      So basically, you think all laws are useless? Maybe we should legalize murder. According to your logic, by making murder illegal, we are raising the prices that hit men charge, and by making murder legal, we would make it less profitable. At least, that's your logic. ...the gaping hole in your logic is that sometimes people do things because they WANT to do things. Making murder legal would only increase the amount of murder--after all, it would be more affordable and you could get away with it. You could play GTA in real life! Making it legal would only serve to make life even more miserable for those of us who fight against such things. It's not going to make things better, it will make things worse, to where you can't stroll down the sidewalk (cyberwalk?) without fearing for your safety.

      --
      Battlemaster--Game with friends in medival realms
    13. Re:I smell a business opportunity. by El+Torico · · Score: 3, Insightful
      dada21, one minute I want to put you on my "friends" list, and the next minute, I want to put you on my "foes" list (grin).

      The laws making hacking illegal only add more gold to the pot.
      It does, because the potential cost is now higher.

      There are laws against breaking and entering, but do they work?
      Actually, they do, but only if they are rigorously enforced. Locks serve mainly to delay an intrusion, thus increasing the chance of getting caught. Alarms serve to notify owners and police, which then can catch the intruder.

      ...where alarms aren't enough, a Colt 45 used once usually fixes that situation.
      This is where the problem lies. People do not have the time or training to protect their property 24 x 7 and maintaining a private security force is expensive, so they have "contracted" authorities to provide the physical deterrent. There is a fundamental need for order to be maintained, and this is a core function of government.

      Regulations against hacking might harm you more than they harm the "criminals."
      I agree with you on this, but only because these regulations may be made by people who don't understand the issue or by people who misuse law as a weapon. Both are cases of bad government.

      --
      In the land of the blind, the one-eyed man is usually crucified.
    14. Re:I smell a business opportunity. by Kijori · · Score: 2, Insightful

      Over here in England you can't shoot people for breaking into your home - you're not even allowed to hurt them more than is absolutely necessary. A lot of people leave doors unlocked when they're in the garden, and those that don't frequently have doors that could be broken into in seconds. We rely mainly on two things to prevent robbery: trying to create a social climate where robbery isn't acceptable, and the threat of being caught by the police if you do break the law. It works pretty well; I've only ever been robbed once (in 20 years) and the 2 kids that did it were quickly caught and sentenced to community service and enforced social service intervention into their home life.

  2. Give them new authority by suso · · Score: 4, Insightful

    Hackers can think whatever they want. The real problem right now is that the governments of the countries they live in don't care and don't do anything about it. Perhaps that's understandable since many of those countries have enough non-tech issues to deal with already. But I think that if that's the case, they just shouldn't be allowed on the internet yet. There really needs to be a bar for entry. I can't tell you how many applications we get for people using stolen credit card numbers and coming from IPs in Africa, Indonesia, etc. Fortunately, we check applications by hand and weed those out. But many hosting companies probably just accept them and create accounts, opening their systems to escalated privlige attacks.

    I'm surprised we haven't started seeing vigilantes tracking down hackers and spammers. When governments can't handle things, the mob takes over.

  3. Oh for crap's sake.. by Rob+T+Firefly · · Score: 5, Insightful

    Being a hacker is not a punishable offense. If criminals are using so-called "hacker" skills in criminal pursuits, they're still criminals. Call them criminals.

    I'd expect the OMG SCARY word "hacker" to be misused like this in Hollywood films and mainstream news, but not on Slashdot of all places.

    --
    Slashdot Burying Stories About Slashdot Media Owned
    1. Re:Oh for crap's sake.. by B11 · · Score: 5, Insightful

      [blockquote] Being a hacker is not a punishable offense. [/blockquote] Not yet anyways. But being a tinkerer and an "outside-the-box" thinker, non-comformist, etc is certainly NOT something being encouraged today, vis-a-vis things like the DMCA, the Patriot Act, etc, etc. Kinda sad actually.

      --
      insert inflammatory anti-microsoft comment here
    2. Re:Oh for crap's sake.. by mentrial · · Score: 2, Insightful

      OK, I know most of you are going to hate me for this, but English is a live language, words change meaning constantly, get over it already. I myself don't like using the word hacker to describe a computer criminal, but I don't go around wrongly correcting people when they do.

      Hacker is used by 99% (and I'm being generous) of people to describe a computer criminal. Is a synonym of computer criminal, according to most sources, including the Britannica (I can feel your hateful eyes on me now).

      Words are just conventions, if 99% of the English speaking people (and even those who don't speak English) use Hacker as computer criminal, then it IS computer criminal. No matter what meanings it has previously had or what the 0.1% of an intelectual elite like to call themselves.

  4. Re:Well by otacon · · Score: 2, Insightful

    I'd have to say I share the same philosophy as you. While I have 'hacker' roots and a 'hacker' mindset, that doesn't mean I break into things that aren't mine and break laws. Not to say I couldn't, I just don't care to. Even when I was younger and some of the things I did to learn and experiement may have been questionable, I would have never done it for anyone else, it was all for my personal desire to learn, not a financial motivation.

    --
    In a world of acronyms, the words are the real victims.
  5. Re:Well by Pojut · · Score: 3, Insightful

    unfortunately, that desire to simply LEARN is what has slipped away and given rise to the new definition of the term hacker.

    A true hacker desires KNOWLEDGE. Not power, not finances, KNOWLEDGE. That is the hacker's reward.

    Not retarded WinNuke attacks (showing my age slightly), not stealing identities, not peeking at your hard drive...knowledge. The knowledge of how things work, why they work, what DOESN'T work, and what can be done to make them work BETTER.

    --
    Living With a Nerd
  6. Re:It's all about risk-reward by 99BottlesOfBeerInMyF · · Score: 2, Insightful

    When it comes to (criminal) hacking, or any other illegal activity, the smart perp will consider the risk-reward of his behavior. Unless the potential payoff of a crime is significant, it simply does not make good economic sense to do it.

    This is a common perspective, but there is another motivation that comes into play. Most people are bound mostly by moral reasons to not commit crimes. What is interesting with computer crimes is they could easily have been a predicted consequence of globalization. Crime correlates strongly with wealth disparity. This speaks to both the risk/reward you mention and the ability of criminals to justify their behavior to themselves. Opening up the global market brings people with vast wealth disparity into the same arena. It would be surprising if a hacker in some poor country did not turn to crime which can pay him a year's salary in a day for a low risk crime and at the same time be robbing those fat Americans and Europeans born into extreme luxury while they have had to work long hours just to feed themselves.

  7. Hacking costs BILLIONS by Shohat · · Score: 2, Insightful

    Quite frankly, I don't understand why there is almost no active lobbying for harsh laws towards hacking. Just think about it - When launching an online server, be it an an application server , gaming or communication server , a hosting service or a website - what is your most major concern after the development is over(even if the development was done with it in mind )?
    Security. The FEAR of getting your server hacked pretty much doubles the development cycle, and is around 70% of the patches and fixes issued after it is launched. It's retarded that not having enough security = invitation for being hacked. Sleeping with the windows (no pun intended) open and getting a "I walked around your house and took a shower, don't forget to close your windows tomorrow night" letter on the next morning in case of a white hat or "I stole your stereo and PS2, why the fuck you left the windows open" in case of a black hat, is how the internet works these days, and it needs a major fix.

    --
    My Starcraft 2 Blog
  8. Words change by Moraelin · · Score: 4, Insightful

    Welcome to the real world: words change meanings continuously. "Thing" once meant a council meeting (waay back in the norse times), now it mean, well, "thing". "Gay" once meant cheerful/happy, then it meant "homosexual", and now it's in the middle of becoming just "uncool". Etc.

    That's how we ended up with so many languages. As a species we have a sort of a "Babel tower" mechanism built in. Get two communities isolated for long enough, and even starting from the same language you end up with two new languages or dialects. Each of the two changed words independently, and eventually you end up with the whole language of each not even resembling the language of the other. (Don't believe me? English and Greek both evolved from the same Indo-European roots.)

    People hear some cool new word, or a new way to use an existing word, or some wisecrack and latch to it. And if it gets enough followers, there you go, you have a new word or a new meaning for a word.

    Some cool kid uses, say, "twink" in a MMO once for someone buffed or equipped beyond the means of a normal player that level. Some people hear it, like it, and start using it too. Repeat a few iterations, and next thing you know it becomes the new primary meaning of that word in relation to MMOs.

    And so it was with "hacker" too. Except this time it was also boosted by a whole generation of clueless journalists, who promptly bombarded everyone with their new meaning. Everyone has had it hammered into their heads that "hacker" doesn't mean the old-style "guy who really likes computers and doing amazingly hard/low-level stuff", but, yes, basically "high tech criminal".

    As early as the end of the 90's I've had the surprise to hear even computer engineers using it that way. Yes, literally. I was for example at some training back then and the guy teaching goes, "anyone knows what a 'hacker' is?" Me: "Someone who really loves computers and programming?" Him: "Nope, a criminal breaking into other people's computers." Go figure.

    So, way I figure it, we might as well let go. That battle is lost, and we don't even have the means to fight it. For every time you tell someone "no, no, no, 'hacker' was never supposed to mean 'criminal'", they'll promptly have a dozen TV show hosts, pseudo-tech journos, etc, hammering the opposite right back into them. That word is lost. By now it's not just "mis-used", it simply _is_ the new meaning of the word.

    Give up, move on, find another one.

    --
    A polar bear is a cartesian bear after a coordinate transform.
    1. Re:Words change by Hoi+Polloi · · Score: 2, Insightful

      You've lost the war of numbers. The vast majority of the population understands hacker to mean a criminal and no amount of arguing is going to change that. Another example, the word jihad technically means a personal struggle against spiritual obsticles but, at least in the West, has come to mean a violent struggle.

      --
      It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
    2. Re:Words change by Moraelin · · Score: 2, Insightful

      Oh, I understand what you're saying, but that doesn't change that that's how it works. That's all I'm really saying. It may be unfair, it may be stupid, it may hurt a lot, but that word is still lost anyway.

      And yeah, it's happened to other professions too. English is also not my mother tongue, and I don't live in an English-speaking country either, but I think I can come up with a few examples off the top of my head.

      E.g., "butcher" is a very honourable profession normally (at least unless you ask a vegan;), yet it became used for such titles as "The Butcher Of Prague" for Reinhard Heydrich. I'm sure most honest meat merchants wouldn't feel too honoured to be compared to one of the biggest and most hated murderers in history.

      E.g., "shaman" or "witch doctor" were very important and respected positions in many tribes. They weren't just the priests, but also the keepers of knowledge of their people, and often had various justice-related roles too. Seriously, they filled a very important social and cultural role in their communities. Now it's a synonim for a charlatan or con artist, with an additional conotation of stupidity/ignorance/gullibility/superstition/pseud o-science.

      E.g., somewhat in the other direction, "slave" came to be used as basically "the submissive one in a kinky/depraved BDSM relationship". I'm sure that some people whose ancestors (or sometimes relatives they knew, as slavery isn't yet 100% extinct) were kidnapped, sold into slavery, mis-treated, and occasionally killed... well, would find it less than flattering to think of that suffering stripped of all its meaning and associated with just someone being horny and (depending on your morals and/or bigotry) depraved.

      Etc.

      --
      A polar bear is a cartesian bear after a coordinate transform.
    3. Re:Words change by Sancho · · Score: 2, Insightful

      "negative reinforcement" is often used by laymen to sound smarter when they mean "punishment." In fact, in Psychology, "negative reinforcement" is something of an oxymoron.

      In vector physics, "acceleration" has a very different meaning from the general use of the word.

      Specialized mathematicians have different meanings for various words like "product" (because you can be talking about several different types of arguments, such as scalar, vector, matrix, etc).

      Generally, when you're talking to a specialist, they will understand the terms as they apply to their field, but they probably also understand the lay definition. When you're talking to some random person on the street, they probably only understand the lay definition. What's of most interest (to me, anyway) is how these changes get started.