Robert Graham says that many hackers are graduating into the pro ranks, a development that carries worrisome implications for corporate security.
“Before this year, we really saw just kids that are playing and pretending to be masterminds,” said Graham, who did important early work in the development of intrusion-prevention systems. “But this year, we saw the rise of the professional hacker.”
For many years, hackers were content with the thrill of breaking into other systems, or with whatever elevated peer status they achieved through their exploits. But not anymore, according to Graham, who says that both the pattern of hacker attacks, and the motives behind the attacks, are changing. Hackers are now far more coordinated, and they no longer merely rely on copycat tools and random attacks. What’s more, Graham detects a dangerous intent to profit financially from hacking. He recently spoke with CNETAsia about this evolving security challenge.
Q: Are hackers getting paid now?
A: It’s not so much that they get paid to hack, but that they earn money from hacking. Take phishing attacks: It’s usually the people who are running the attacks themselves that are earning money; no one is paying them to do it.