Who are these people who seek to compromise the confidentiality, integrity, or availability of our information assets? Surprisingly, many attackers are simply amateurs who act opportunistically. As an example, such an amateur might find someone’s lost mobile device or laptop computer and decide to sift through the files, or perhaps might be a script kiddie or wannabe hacker who finds pre-packaged hacking tools on some underground website, and attempts to apply those tools to the computers at her school or place of work.
Amateurs notwithstanding, there are also hackers (or white-hats) and crackers (or black-hats), with the difference between the two depending upon the attacker’s intent. Specifically, hackers are attackers whose intent in attacking a system is non-malicious, while crackers are attackers who attack a system with the intent of causing harm. A computer security expert, for example, might be hired by a company to try to break into an information system for the purpose of evaluating the robustness of the system’s defenses. Such an attacker would be properly classified as a hacker (or as a white-hat). By contrast, an attacker who attacks a system with a malicious goal -- such as stealing data or disrupting the availability of the system -- would be properly classified as a cracker (or as a black-hat).
Some common types of crackers include both career criminals and organized crime syndicates who seek to engage in malicious breaches of information security for the purpose of financial or other gain. More recently, the information security world has also witnessed the rise of cyber terrorists, who are not necessarily affiliated with a particular state or government, but nevertheless are conducting attacks on information systems in support of some ideological or political agenda. Finally, and importantly, there are state-supported information warriors and spies. Most modern countries -- including powerful countries such as the United States and China -- employ vast armies of information warriors whose job it is to surveil government offices, military organizations, and even corporations in other countries for the purpose of collecting intelligence through digital means. Further, such officially sanctioned digital espionage is no longer just a minor consideration. In the United States, for example, the Department of Defense now considers cyberspace to be the fifth battlefield (with the first four battlefields being land, sea, air, and space). With cyberspace being acknowledged as a legitimate battlefield, substantial portions of many nations’ defense assets are now being directed toward efforts aimed at establishing superiority in cyberspace.
0 comments :
Post a Comment