Meet Jim Script Kiddie (skiddie). He is the guy (usually in his early to mid teens) who comes into a hacker forum, asking inane questions like, “how can I be a hacker?” He also tends to over-indulge in “hacker speak” making him look pretty much like a moron to seasoned (and not so) computer netizens.
Skiddie earned his name for using existing malicious scripts without truly understanding or even trying to learn how they work, much less writing his own. Skiddie is also generally the hacker community’s low hanging fruit, so to speak. He’s the guy who is most likely to be caught in a sting because not only does he not know how to cover his tracks, he tends to metaphorically shoot at everything. He is more often than not motivated by hate due to his own self-loathing and inability to fit and/or play well within normal social settings. Some refer to him as a “basement dweller” due to his requsite dependence upon family. Most DDoS attacks are initiated by skiddies.
Meet Joe wants to be (Wantabee). He is the guy (usually in his late teens to mid twenties) who comes into a hacker forum, claiming he is a “leet hacker” Like skiddie, he tends to over-indulge in “hacker speak” as well, thereby providing comic releif to other forum members. Wantabee is more likely to be caught purely due to his need to brag… to let people know just how “leet” he is. Wantabee will rarely make it to the next level, though he will learn how to execute some of the simpler hacks (i.e.,SQL injections). Primarily due to his need to be publicly recognized, thereby increasing the likelihood of being caught. Otherwise put, he lives for the brag. Web defacements are therefore his preferred hack.
Meet Jane hearts hackers (Scene Whore). She is the female (usually in her mid 20s to mid-40s) who has no problem sending topless pictures of herself to hacker groups and/or sleeping with group members, in the hopes of gaining status, or as one defcon attendee stated years ago, “The scene whores aren’t respected for what they do but for who they are doing.” Though, the term “respect” is arguably an overstatement. Regardless, her behavior ushered in and sealed the now common “show us your tits!” request to any female who attempts to engage with the hacker community. Her goals will vary depending upon whether she’s simply visiting a hacker con, or trying to become a member of the community. The former will likely not care how “leet” the hacker is, as long as she gets free food, drinks, and fun. Whereas the latter will likely spend some time observing, even fending off advances to strengthen the perception as “prize” to the most eligible, or in this case “leet” hacker.
Meet John hacker (Hacker God). He is the guy (usually in his mid twenties to mid thirties) who knows his way around networks, often due to his experience in IT. He is mostly self-taught when it comes to programming. His hacks however are not limited to software. He’s the guy who created the pringles antena for war driving. He is intimately familiar with various transfer protocols, knows how to spoof headers, and more likely than not, heavily relies upon proxies. He may favor one area of hacking over another. For example, cryptography, steganography, virus writing, etcetera. He wears different hats (white, gray, or black) to not only define his ethical (or lack thereof) behavior but to also rationalize his actions.
The above are but a smattering of the personality types that make up the hacker community. And said community is often divided into smaller groups. Think, cyber space’s version of street gangs, where guns are replaced by computer worms, trojans, and keyloggers.
Within this context, hacker demographics track to the Bureau of Justice, National Gang Center data, with the exception that their ethnicity demographic is inversely proportional; with hacker gang members being predominately middle to upper middle class white males. Their behavioral and motivational typologies tend to track street gang motivational typologies, including but not limited to identification, status, women, money, peer pressure, the fun/violence aspect, and male bonding. Otherwise put, their motivations are rarely, if ever, altruistic, though they may latch on to and/or claim a cause to mitigate punishment severity should they ever be caught.
While age differs, hacker gang organization seems to map as well. For example, from the 2009 book, “Juvenile Justice,” the author notes that 5-10% of a gang are “hard core,” with the remaining divided between regulars, “Claimers, Associates, or Wannabes,” and “Potentials or Could Be’s.” Notably, within gang research circles, “Wannabes” are thought to be the most dangerous and violent group due to their intense and almost pathological desire to “prove themselves” to hard core gang members. Exclusive of age variance, this demographic strikingly resembles hacker culture, where Hard Core‘s cyber equivalent is Hacker God, Claimer’s cyber equivalent is Skiddie, and Wannabes cyber equivalent is Wantabee.
Unlike street gangs however there appear to be few notable hacker wars. For example, the hacker war between the “Masters of Deception” and the “Legion of Doom” occurred two decades ago. And while mini-spats do occur, the news of such generally does not travel beyond the circle of those involved. This is primarily due to the lack of news worthiness (i.e., major network outages, hacks, etcetera).
Still, hacker news will make headlines every so often.
The recent case of the Anonymous hacking gang and the HB Gary Federal document dump is but one example. While some media pundits put Anonymous forward as crusaders for truth and light, they are anything but. Consider their chosen term for breaking into HB Gary servers. And then, visit their Anonops IRC channel where some have expressed a desire to “rape” the HB Gary women, specifically the female president of the company. Add to that mix the racist remarks and sprinkle it with their pro-communist sentiments, and you have a group of individuals who are far from human rights activists. After all, anyone who would not only wish such violence upon another human, but who would also fantasize about enacting such is far from a purveyor of truth and light. Importantly, they unanimously decry the moniker that Peter Ludlow attempted to hijack for his pet 4chan’s. The very group from which this Anonymous hacking gang sprouted.
Nevertheless, they are unsurprisingly milking this for all it’s worth. In the bigger picture however their hack and subsequent doc dump that revealed HB Gary’s bag of “dirty tricks” is of little relevance. That is, outside of the fact that it exemplifies what is arguably common practice within the cyber security industry. After all, Hard Core Hackers don’t die. They just go to work for iSec. Or, start their own company.
What is and should be of relevance to the public at large is this gang’s new hyper-awareness that is in direct proportion to public reaction. A hyper-awareness that is galvanized by new-found blood lust. So much so that they are looking for new targets. Hunton & Williams is one such target, The U.S. Chamber of Commerce, another. As is their renewed interest in Bank of America. And they are not planning a DDoS, this time. They are talking about breaching (or, as they put it, “raping”) the aforementioned servers, harvesting, and distributing data.
This should matter to people on all sides of the various issues raised. Even those who are pleased with the HB Gary data dump and all that it has revealed. Then again, perhaps it will take another ATT email hack for people to recognize the nihilistic fabric of the Anonymous gang. If so, the public will learn sooner than later that this hacker gang will not stop at Hunton & Williams, the U.S. Chamber of Commerce, or the Bank of America. Unfortunately, the sin of naiveté can be a painful lesson. Especially when surfing the hackpocalypse.