I’m often asked: what’s the most common type of hacker and attack? Over time I’ve discovered that the general public holds a somewhat romantic image of hackers. One mental picture involves an emaciated young man in a poverty-stricken corner of the world. Greasy-haired and red-eyed, he types late into the night on an old TRS-80 workstation, trying desperately to get your American Express account number for nefarious purposes.
Another favorite image is of a cherub-faced pre-teen with extreme computer skills and little knowledge of law and order. Thanks to too much hardware and too little parental supervision, she creates a new virus that brings down every business on the Eastern seaboard.
Both images couldn’t be more wrong.
According to the FBI, the most common hacker is probably sitting in the cubicle next to you, right now. This is someone who gets to work early, takes his or her turn cleaning out the office fridge, tells funny stories at lunch and, at some point, makes a very dumb move. It often starts when this hacker-next-door sees a file directory or workstation that’s just too juicy to pass by, like one named “Salary Comparison.” It’s simply too tempting NOT to peek inside.
In other words, curiosity is one scenario motivating the most common hacker. Another is revenge. These situations take place when a web-savvy employee gets ticked off. Maybe their Christmas raise didn’t make them too merry. Perhaps their boss just handed them a Work Improvement Plan and a reason to cause trouble. This same hacker-next-door spends some time on the network and wonders… what if I could get into the email server files? What if I could open a few financial statements?