Malicious Hackers : A Framework for Analysis and Case Study

Recent years have seen an increase in the number and severity of Information Operations (IO) attacks upon DoD resources. At a higher level, the US as a whole has come under cyber attack by individuals and groups seeking thrills, monetary gain, publicity for their causes, and myriad other goals. This effort develops a first cut model of individual hacker mentality that can be utilized to improve threat assessment, mitigate Information Assurance (IA) vulnerabilities, and improve risk assessment. Further, it is a first step toward automated characterization of Information Warfare (IW) attacks based upon hacker types. All hackers are not the same. In order to best deal with their actions and the intent behind their actions, one must understand who they are. Many hackers are not malicious, in that they hack for the thrill of learning and to "look around". However, others are intent upon gathering information for gain (profit or intelligence aspects), corrupting data or denying access to the system, or to see what harm they can cause. Research for this effort specifically focused on malicious hackers working for nation states, although the basic framework presented applies in part to any type of hacker. This results in advances in the way that hackers are classified and profiled, with a better understanding of their values, skills, and approaches to hacking. Responses can then be tailored to specifics of a given class of hackers. The model developed is illustrated by a case study.Air Force Inst of Tech Wright-Patterson AFB OH School of Engineering and Management is the author of 'Malicious Hackers : A Framework for Analysis and Case Study', published 2001 under ISBN 9781423527893 and ISBN 1423527895.