Software Forensics: Chapter 2 -- The Players: Hackers, Crackers, Phreaks, and Other Doodz

Written by Robert M. Slade; published by McGraw-Hill

This excerpt is from Chapter 2, Players: Hackers, Crackers, Phreaks, and Other Doodz in Software Forensics written by Robert M. Slade and published by McGraw-Hill. You can download the entire Chapter 2 here for free.

    Requires Free Membership to View

Because we may be using software forensics to attempt to identify authors of software, it may help to have a rough idea of the type of people we are looking for. Those who write malicious software, or attempt to distribute or resell commonly available commercial software, tend to belong to communities of like-minded individuals. Over the years, we have been able to glean ideas about the characteristics of this tribe. For this information, we are all indebted to researchers such as Sarah Gordon, Dorothy Denning, Ray Kaplan, and, more recently, the members of the Honeynet Project.

A couple of provisos: Whenever you deal with people, there will always be exceptions. There are those who seem to pursue security breaking from motives that are, if not exactly admirable, at least untainted by thoughts of commerce or attention. Indeed, we can't really say that all endeavors related to the creation of viral software or intrusion utilities are even illegal. While most of the activity involved in security breaking is highly repetitive, there are also those few who do come up with one or two original ideas, and experiment with them.

As another example of a deviation from a stereotype, most studies of those involved in security breaking activities have been done in western societies: Europe, North America, and Australia. Recently, groups have been quite visible in China. There are two major populations, the red guests, and the black, or terrible, guests. The black guests are apparently quite akin to Western groups, with a lack of cooperation, antiestablishment positions, and random activities. The red guests, on the other hand, seem to form very stable groups, are executives in technology companies, have links with the Chinese government, and run coordinated exercises. In this case, we have a very large group running completely contrary to the expected norms for the community, and this may be derived from the differing foundations of Eastern and Western social thought.

Therefore, we can't make blanket statements about all of those within such a community. However, as with almost any stereotypes, there are reasons for the characterizations presented here.

Particularly in doing forensic analysis, we need to beware of falling into mental traps occasioned by our own "profiles" of the adversary. If we get too caught up in any one idea, we are going to blind ourselves to important evidence, whether it be proof of innocence or guilt. While it is beneficial to have an idea of the attributes of the majority of the people we are studying, it is absolutely vital always to accept the possibility of exceptions.

Download this entire chapter for free.

For more info on this topic, visit these SearchSecurity.com resources:
  • Security Tool Shed: Must-haves for your network forensic toolbox
  • Featured Topic: Network forensics
  • Web Security Tip: Computer forensics -- Tracking an offender

    This was first published in March 2004

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.