Security

Tech Tip: Don't assume you know where hackers are coming from

Here's why you shouldn't make assumptions about hackers.

By Jonathan Yarden

Mainstream media has traditionally been more interested in the sensational issues of Internet security. Judging from the content of many of the articles I've read, there's little doubt that the highly technical aspects of Internet security are of little interest to mainstream media.

For example, there was little more than a sentence devoted to explaining that the creation of MiMail, a mass-mailing worm, was for the express purpose of tricking PayPal users into divulging their account information. MiMail was no simple "hack"—it's a sophisticated worm.

The stereotypical view of teenage whiz kids or disgruntled computer programmers as the source of malicious code such as MiMail is often incorrect. Many believe that MiMail is the work of skilled programmers operating in Eastern Europe, who launched a well-planned attack.

So forget those stereotypical images of poorly lit rooms with adolescents plotting to cause mischief so often associated with hackers. The hackers responsible for many of the recent wide-scale exploits often align themselves with organized criminal gangs, many of which operate in the countries of the former Soviet Union.

They are "professional" hackers, available for hire in much the same fashion as mercenaries. Several special circumstances make Eastern Europe a hotbed for hacker activity. It has a large population of highly educated unemployed workers, often unstable governments, and widespread criminal activity.

During a visit to Ukraine, I had the opportunity to learn more about the forces in Eastern Europe that have merged to produce, in my opinion, the largest single threat to Internet security. In Ukraine, higher education is readily available, and it's quite common for people in their twenties to have at least two advanced degrees. But in contrast to this high rate of literacy and education, poverty is also high.

Emerging governments and poor economic conditions continue to contribute to wide-scale criminal activity. Software piracy is rampant, and there are no monetary restrictions on obtaining software. But in my opinion, Eastern Europeans have access to the same, if not better, computer systems as most Western corporations or university computer centers—giving hackers for hire more job opportunities.

I fear that MiMail is only the beginning. Until economic and political conditions improve, I think we'll continue to see a great deal of Internet security problems centered in Eastern Europe.

Today's hackers come in all shapes and sizes. The common stereotypes of the young male or disgruntled "lone hacker" are becoming woefully outdated.

Fueled by organized criminal activity, hacker gangs are on the rise in Eastern Europe. Hacking and Internet security exploits are evolving from annoyances and occasional threats to full-blown criminal enterprises.

Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.

Editor's Picks

Free Newsletters, In your Inbox