While I was writing this document a book "Hack Proofing Your Network" was released. I haven't been able to read it (dunno if its in print yet, and besides - everything takes a while to get to South Africa). I did however read the first chapter, as it is available to the public. In this chapter the author writes about different views on IT security - hackers, crackers, script kiddies and everything in between. I had some thoughts about this and decided that it was a good starting point for this document....
Some hackers destroy people's files or entire hard drives; they're called
crackers or vandals. Some novice hackers don't bother learning the
technology, but simply download hacker tools to break into computer
systems; they're called script kiddies. More experienced hackers with
programming skills develop hacker programs and post them to the Web
and to bulletin board systems. And then there are individuals who have no
interest in the technology, but use the computer merely as a tool to aid
them in stealing money, goods, or services.
“If the Internet were a city street, I would not travel it in daylight,” laments a chief information
security officer for a prestigious university.
The Internet is critical infrastructure at the world’s commerce. Cybercrime is escalating; once the
domain of hackers and script kiddies, cyber-gangs and organized criminal organizations have discovered
the business opportunities for extortion, embezzlement, and fraud that now surpasses
income from illegal drug trafficking.
.Praise for Enemy at the Water Cooler
“Brian Contos has created what few security specialists can claim: a truly readable book about the threats to our businesses from insiders who know how to attack the critical components of modern business, the computers, applications and networks that make it all work. During the last ﬁfteen years we have witnessed incredible strides in network centric business processes that have spawned the productivity of our workforce and the globalization of our supply chains.
There are generally two reasons someone is attacked
You are specifically targeted
Company with money
Company with secrets
Hard to stop..
You are a target of opportunity
Low hanging fruit
Most common, make yourself less easy