A common Hollywood trope is the use of ex-convicts to help catch a criminal mastermind that has confounded the very best the law enforcement agencies have to offer. Such evil geniuses are often released from prison under the proviso that they will help catch the gang, and a back and forth of trust ensues, with the viewer left wondering if the criminal can ever change his (it’s always a man) ways, or whether he’ll stay true to his law breaking ways and double cross the police.
For their part, the police hope that the criminal will be able to shed new light on the situation. After all, they’re looking at it through their law-abiding eyes, rather than those of the criminals they’re trying to catch. It’s a logic that has seen many convicted hackers don their white hats and start helping ensure that digital systems are secure, and it’s an approach that new research from Michigan State University suggests has a robust logic to it.
They argue that to truly tackle cybercriminals, it’s vital that we understand the intentions of the people behind the attacks. If we can understand their motives, then it becomes easier to predict, identify and prevent cyberattacks in future. This is important, because despite the use of former cybercriminals in a white hat capacity, many cybersecurity projects today start and end with technology, whether it’s antivirus software or ensuring your systems have the latest updates and patches. These are undoubtedly useful, but they’re passive initiatives rather than proactive.
The best form of defence
The researchers believe that cybersecurity teams need to think more like an attacker in order to secure systems and transition away from a mindset whereby technology and software is the key to good cybersecurity, as they argue that the best hackers can usually get around even the most robust security tool.
The study looked specifically at a common form of cyber attack, known as web defacement, whereby the attacker manipulates the content of a website to express an alternative message. Such attacks are commonly driven by protest in some way, and as such, the researchers believe their decision-making process can be modeled, which in turn makes it possible to step into the shoes of the attacker.
In the grand scheme of things, it can seem that defacements are a relatively trivial form of hacking, but they are certainly timely, not least because groups linked to the Iranian state managed to deface an American government website this January. The attack saw the Federal Depository Library Program website defaced and a pro-Iran message posted alongside an image of a bloodied Donald Trump.
While embarrassing for the Americans, the attack provides a timely reminder that hackers aren’t always driven by financial motives.
Getting to the heart
The researchers examined over 100,000 distinct web defacement incidents on websites from January 2011 to April 2017. The aim was to explore just how connected the targets of each defacement was with the motivation of the attackers, while also exploring the methods used in conducting the attack.
The data suggests there are a wider variety of motives for defacing a website, with the very public nature of the attack a key factor in this variety. Equally, the methods of gaining access to the websites also vary considerably, although attackers commonly attempt to gain access to a large number of sites in one attack. The ability to target thousands of sites in one swoop requires more skill than if a single site is targeted, unless, of course, the site is a high profile one with considerable defences.
Of course, while sometimes, the attacker is directly linked to the cause they’re promoting, other times they are merely a “gun for hire.” The researchers highlight how once hackers gain a brand and reputation for certain activities, then their value in the marketplace goes up considerably, and they become highly attractive to help promote particular causes. This can be especially true if your work has a certain flair to it that attracts a great deal of attention to your activities.
By understanding these motives, it becomes easier to both predict when attacks might occur, and to then defend against them. It’s clear that economic factors aren’t the sole motivator behind cyber attacks, despite ransomware or data breaches gaining so much popular attention, and the greater our awareness of the different kinds of attacks and the reasons behind them, the more effective our defences are likely to be.