3 Days Left to Save $400 on SANS Scottsdale 2015

Intrusion Detection FAQ: If hackers break into my network, how would the press ever find out and why would anybody else care?

First, the answer is based on the fact that what happens in cyberspace is a mirror to what happens in physical space. Hackers break into networks for a lot of different reasons, most of them illegal. The hackers generally tell their friends because it gains them acceptance in that group. Their group may also be competing against other hacker groups for more or better successful break-ins. This is very similar to how gangs behave in our physical cities. Much of this bragging goes on over the Internet where it can and is monitored by lots of people. This includes everyone from criminals, other hackers, and the press, to law enforcement, the military, interested citizens, security professionals, and even your company’s competitors.

Other hackers may actually be hacking to draw attention to a particular cause they have chosen to champion. In this case, they may collect and publish on the Internet actual evidence of the break-in and/or contact the press directly. This combination of hacking and activism "Hacktivism", often preys on networks and web sites that have nothing to do with the issue they support. The most obvious cause is to protest the fact that many of their hacker friends have already been caught and are in jail. Other hackers may in fact be copycats. They may be activists that wish to protest some social injustice or environmental issue, or to advocate an opinion or belief. In both cases, this has become a way to take their cause both into cyberspace, and with the help of the press, take the issue back into the physical realm in a form that the press will write about and that the public will read about.

Sometimes well-intentioned employees of a company being hacked will tell the press. The employee is genuinely concerned about the company and feels that telling the press will prompt additional action and help the company. This information is usually more reliable than information from hackers.

The press has become fond of reporting hacker break-ins. Perhaps because more people are familiar with the technology so these stories are more understandable then in the past. Perhaps the press feels that more people sense the vulnerability of their system. Maybe, the press likes the "David and Goliath" aspect where small hackers with few resources take on a big company with lots of resources. The real reason that the press likes hacker break-in stories is probably a combination of all of these reasons.

Phil Bandy, Michael Money & Karen Worstell
SRI Consulting