The previous post explored different types of threats.
Now that we’ve taken a look at what some of the threats are, let’s look at who might be behind these threats. One goal is to determine who the greatest threat is. You may be surprised…
Igor the Hacker
Igor is who you think of when someone says “hacker”. True hackers have always been skilled. Igor is very skilled and is in it for the money. He may have the backing of considerable resources from criminal organizations or even from state entities.
There are two ways Igor may be after you. If he is building a zombie botnet for spam and ddos attacks he will be looking for systems that are easy to take over. Normal security precautions should provide a good defense.
On the other hand, if you have assets that Igor is after, you have a real problem. Almost no level of security will be enough to stop him. And he won’t stop with computer attacks; social engineering is one of his most powerful tools. In some cases he may even resort to physical penetration to get to your systems.
Fortunately, there aren’t that many Igors around. You can’t build a security strategy around nothing but stopping Igor – it isn’t cost effective and truly hardened systems are often difficult to use. We will examine how a defense in depth approach can be used to manage Igor.
(Note: Igor is actually a cracker, not a hacker. A hacker is someone with deep computer skills who makes computers do amazing things. It describes someone with exceptional knowledge and skills. Unfortunately, hacker has been hijacked by the media to refer to criminal crackers…)
techponder 
I think “hacker” has been hijacked more than once.
If memory serves (and it’s certainly possible that it does NOT serve), “hacker” once meant a programmer who resorted to inelegant and logically suspicious solutions in the interest of getting something done quickly, rather than well.
I remember that one. One of the definitions of hacker is “a person who engages in an activity without talent or skill: weekend hackers on the golf course.”
For computing, Wikipedia has:
Hacker (computer security) someone who seeks and exploits weaknesses in a computer system or computer network
Hacker (hobbyist), who makes innovative customizations or combinations of retail electronic and computer equipment
Hacker (programmer subculture), who combines excellence, playfulness, cleverness and exploration in performed activities
But, yes, “hacker” has been hijacked more than once.
I’m impressed that western people always use eastern names for bad guys. And I really don’t like that, it is rude! (You still live in cold war era?) When I’m explaining something to people here, I never use western names for bad guys (for any person, but “bad guys” are related to this story), because it is logical to me to use “local” names to present some random person.
First of all, thank you for your comment. You raise some valid points.
Please stay tuned – over the coming weeks I’m going to cover many other threats, which will include a strong focus on middle age white american males.
Having said that, I’m dividing the hacking threat into several levels. I chose to start with the stereotypical sinister hacker – a highly skilled individual with extensive criminal or state resources behind him. From a US and Western Europe perspective, the “Russian Mafia” (I’m aware that this is a code term for a variety of criminal organizations based in the former Soviet Union) and attacks originating from China, allegedly with state backing, tend to be the most publicized threats.