Slashdot Mirror
Hacker Business Models
wiredmikey writes "The industrialized hackers are intent on one goal — making money. They also know the basic rules of the business of increasing revenues while cutting costs. As hackers started making money, the field became full of 'professionals' that inspired organized cyber crime. Similar to industrial corporations, hackers have developed their own business models in order to operate as a profitable organization. What do these business models look like? Data has become the hacker's currency. More data, more money. So the attack logic is simple: the more attacks, the more likely victim — so you automate ..."
I'm a hacker and I break out of loops, not into computers.
A job awaits me after I graduate from Cash Paradise University! With classes like "Botnet or How to Get My Own Bank Accounts" I'll never need to learn math!
My work here is dung.
Meh
Can Slashdot please be the lone voice of reason that doesn't feed into the newsmedia's misuse of the word "hacker"?
This isn't exactly a crazy revelation. OMGZ "HACKERS" (that's not even the right term) WANT MONEY. There's so many things wrong with this article, especially the fact that it's not even bringing new information, that I don't understand why this is even on /.
http://crackstation.net/bruteprice.php
Like picking candy at the store!
"They also know the basic rules of the business of increasing revenues while cutting costs."
True, but not all hackers/crackers/slackers do it to cut costs and increase revenue. Sometimes, it is just for notoriety.
He who knows best knows how little he knows. - Thomas Jefferson
The mainstream media has screwed this one up for years, but it's embarrassing to see hacker and cracker treated as equivalent terms in this, the last bastion of geekdom.
Read the EFF's Fair Use FAQ
...thieves and vandals that steal data, set up botnets or vandalize websites.
"Thieves and Vandals".
Thank you for your kind attention.
Guaranteed! This comment 100% Anthrax free!
I think it's too complimentary to say that these people "make" money, though they may succeed in taking money.
And make their money on touring.
Reads like a lot of obvious consultant-wank generalities to me.
I don't care who this broad claims to be, she needs to either cite case examples, or go bake me some cookies.
Oh, client confidentiality. Well, that's convenient, ain't it? On the internets, nobody can prove you're not a 1337 security ninja.
If you were blocking sigs, you wouldn't have to read this.
Industrialized hackers or non-industrialized hackers?
We recently had a run-in with a hacker, very recently, not this past Friday but the one before. Exploit because our Web Server wasn't patched up on Windows Updates (or so one expert tells us), we weren't more than a month behind. All that really seemed to occur is that the index.html file was overwritten by the hacker's web page. This has, of course, brought the spot light on IT and the CEO is now asking about our security practices.
This is the same CEO who insisted that we as IT staff dole out the passwords for users, make them simple enough to remember, and don't let them change. It is quite possibly the weakest password security I've ever seen and I have no doubts that this could have easily played a part in why there was a security breach. Reason being, sometimes a manager doesn't let us know of a person's dismissal till after they are gone - so their account is still fully active for a while. If they put in the request AFTER 5 on a Friday? Well lets hope we check our email when we get home and do it remotely. Just September we're dealing with the blow of someone leaving the company and taking contact information with them to their next job (I think that falls into trade secrets?), so theres a whole bunch of legal stuff around that, and of course people are asking if they were able to access this information after they left the company. Regardless, if someone puts in their 2 weeks - and they intend on taking it to their next job, they're going to grab what they can to take it off-site, and we have the worst policy regarding cell phones with data plans as well. Essentially if its not a blackberry, we set up the email forwarding, if it is a blackberry, we have an Enterprise server, and we can send the kill command to wipe all data from the blackberry including grandma's phone number... it's a pretty stupid policy, lets just leave it at that.
Basically, its going like this: The company went from small to medium pretty fast, and the plans are set to grow into a large company very quickly. All along the way, security was never that much of an issue, at least network wise. We had issues with people downloading movies and seemingly random attacks on the webserver, most of which have been dealt with by our firewall. All in all, the IT group is too small though, there's a team of 4 programmers to handle all the in-house applications we need, one of our critical systems is still on powerbuilder 5 or 6... Ontario just went from GST+PST to the Harmonized Sales Tax... Lets just say the Programmers are swamped. On the other side we've got 4 technicians and a manager. The manager contracts out our firewall setups to some guy who really doesn't seem any more competant than the rest of us, in fact he tries to keep us distracted while he does his work so we can't actually learn his job. I guess most contractors are probably like that though. But otherwise, its just 4 of us to handle ~800 PCs which is probably going to bump up to 1000 before December here, as we have roughly 5 new locations opening up.
So we're not equipped to handle hackers - and we've officially been hacked. What do we do? Turn to an industrialized hacker and hope we can pay more than our competitor's might pay? After all, it's a double edged sword. If we go looking for help on our security, it shows we have a weakness, and if we don't want to pay for his services he can go right next door and try and sell our goods with confidence. To me that sounds like a scenario where they can name just about any price they like. And with the current state of the company (growing) it would seem we have a lot of money to lose.
More devastating though, would be a hacker who ISN'T in it for the money. We get a lot of turn over here - and not just the summer student temps but in pretty much every division but IT and accounting. Someone who wants the company to fail and has a friend with expertise, or the expertise themselves, could easily bring this place down. I think we got lucky that we were hit by someone who seems to do nothing but self promotion of his abilities. Things aren't good right now, but they could be a lot worse.
Can Slashdot please be the lone voice of reason that doesn't feed into the newsmedia's misuse of the word "hacker"?
No - Hackers == crackers.
Here's is my proof - a movie about hackers that break into things.
It wasn't called Crackers but Hackers!
:-P
RIP America
July 4, 1776 - September 11, 2001
It's bizarre that you would highlight the malleability and flexibility of English while complaining about a word changing meaning.
Nerd rage is the funniest rage.
White Hack (http://en.wikipedia.org/wiki/White_hat) versus Black Hat (http://en.wikipedia.org/wiki/Black_hat).
Seems that kdawson has "hacked" into CmdrTaco's /. account
Yeah, I know. Used to be, "nigger", "chink", "wop" were all socially acceptable words.
But not today.
Funny how that happened, isn't it?
Guaranteed! This comment 100% Anthrax free!
I'm uncertain as to what constitues a "hacker" vs. a "cracker" today.
I started out with computers before they were even programmable. Back then you had to "hack" the hardware to get it to perform other functions than the ones it was designed for (like you'd call it a hack today, if you can get your MP3 player to play FLAC files or whatever).
Later when OS'es became programmable, and interchangeable, games, and programs were sold on highstreet. Computers became a household item. When this happened, people stopped trying to "hack" the computer, and instead started to "crack" the software. The first pieces of software came with it's own OS, so you'd generally want to "crack the shell" or even crack the software to get to the shell, and remove copyprotections, change functions of the program or even add functions as you needed them, oftentimes the underlying OS contained some very useful tidbits. "Crackers" worked their voodoo on the software side only, and some did so brilliantly, carving the software into usable bits that you could play with as you saw fit to. The best could circumvent encryption and even emulate required hardware (like dongles).
This definition of "cracker", being the software exploiter/copier/bundler/whatever, is the one I'm familiar with. I'm unaware of any reason why some people would bother to call all the scanner slaves, or other people doing repetitious work collecting data (by phishing, IP scanning, etc) for crackers ?!? They're not cracking anything, they're just exploiting weaknesses in software or hardware that the actual crackers or hackers have found and shared long ago.
So please enlighten me. What is the definition of a "cracker" today ?!? And why call all the little exploiters for crackers, when they're not cracking anything ?
Never heard of Security Week beyond a CIO/CEO's reading table, but that's probably just me showing my ignorance. I guess I still get offended by people messing with the word "hacker", but it especially hits home with something as greasy and vile as this. Here's an alternative Hacker Business Model:
0) Grow up infatuated with all things mechanical and electronic
1) Spend countless hours playing with Linux and Perl while the other kids smash heads together on the football field
2) Convert that time into "years of experience with Linux and Perl" on a resume
3) Get a job where they actually pay you to do what you like, albeit with some weird social obligations
4) Back to the basement, ad nauseum.
I don't necessarily see money as the direct result, though the money from your job certainly helps to buy more gadgets that run Linux, or even a mini trebuchet for your desk. Your personal Hacker Business Model may vary, but this one worked for me and many of my coworkers.
There's a 68.71% chance you're right.
As a member of the former roaming tribes of barbarians that invaded and pillaged Europe I'm displeased by the use of "vandals" in this context.
I do not follow.
Nerd rage is the funniest rage.
I knew a guy named "Webjunky". I kept teasing him as "Webhunky" so I will do the same for you "hunky". :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Yeah, that doesn't really surprise me.
Guaranteed! This comment 100% Anthrax free!
As a descendant of the indigenous peoples your ancestors invaded and pillaged, I understand your concerns and I feel your pain
Guaranteed! This comment 100% Anthrax free!
No no, I get that you are making an argument about the people fighting for cracker choosing the wrong battle, I just don't get how your reply pertains to my post (unless you are complaining that the word 'hacker' is headed towards the same status as the ones you threw around).
Nerd rage is the funniest rage.
Come on the editors of Slashdot should know about the difference between the word hacker and cracker. A hacker has only a negative sound to those who don't know the history about the word or know what they are talking about, you know the way Hollywood uses the word for example. Crackers are the criminal oness. Or at least say something like "black hats" instead of hacker, when it's the criminals you are writing about.
More and more articles seems to suffer from the same lack of geekyness in multiple different ways..