Cyber-terrorists may lurk on a site near you

They are known as phreakers, crackers, newbies, coders, script kiddies and hacktivists

They are known as phreakers, crackers, newbies, coders, script kiddies and hacktivists. Collectively, they cause hundreds of millions of dollars in losses to businesses and organisations each year. And while we think we know quite a bit about them, actually, we know very little.

That's according to Mr Marc Rogers, a Canadian forensic psychology expert at the University of Manitoba specialising in computer hackers and cyber-terrorists. Mr Rogers, who has also worked as a police detective with the Winnipeg Police Department computer crime unit, had come to explain what he calls "the hacker continuum" to the crowd who think they know it best - the 5,000 attendees of the annual RSA Data Security Conference in San Jose, California.

The conference, the biggest of its type in the world, has nearly doubled in size over last year, largely due to the explosion of interest in protecting the often sensitive information people now routinely store on computers.

The conference-goers are the people who work in the field of cryptography, the mathematical encoding of data on computers. They devote their working lives to trying to keep hackers out of places they shouldn't be - the people who want illegally to break into computer systems.

READ MORE

But first, he wanted people to stop thinking of them as "hackers". "The term hacker is really too general," he says. "It refers more to the activity they're engaging in, not to the people themselves." "Hacker" has become a generic term, equivalent to "criminal", he argues. But there are many different shades of hacker, just as criminals can range from shoplifters to mass-murderers.

Even the term hacker has passed through a number of meanings since its entry into the language in the late 1950s or early 1960s. Originally, the term had an entirely positive cast - hackers were the more creative programmers and scientists. By the 1970s, the term had migrated into use as a way of describing "computer revolutionaries" - entrepreneurial types who ended up founding many of today's best-known computer companies.

In the 1980s, "hacker" was used to describe people who were "actively involved in breaking copyright on computer games" by copying them and distributing them to acquaintances or selling them, says Mr Rogers. And in the 1990s, the word is most commonly used to refer to "criminals or cyberpunks", he says.

"They are no longer the technical elite. They're motivated by greed, power, revenge, and malicious intent."

To understand them adequately as well as to prosecute them, says Mr Rogers, a new taxonomy is needed to describe the categories of hacker, of which there are "several subgroups with vastly differing characteristics". He proposes breaking down hackers into novices, cyberpunks, insiders, coders, professionals, cyber-terrorists, and perhaps a category of malicious political activists known as hacktivists.

Novices, also known as newbies or script kiddies, have limited computer skills, use hacking software which can be found on the Internet, and basically stage nuisance attacks. However, they can cause extensive damage to networks because they don't understand how the software works, and sometimes unleash more than they accounted for. "They also get a lot of media attention, because they don't know how to cover their tracks," says Mr Rogers.

Cyberpunks have better skills and tend to engage in malicious attacks. They, too, get media attention because their attacks are obvious - vandalising Web pages, for example. Insiders, on the other hand, are very computer literate and often fall into the category of disgruntled ex-employee ("or disgruntled current employee," adds Mr Rogers). "This is an interesting group because it's the largest security problem," he says. "It's estimated that 79 to 80 per cent of all security attacks can be attributed to this group."

Coders are highly technically skilled and write the scripts and programs others use to hack systems. They often mentor novices and cyberpunks and "are motivated by power and prestige".

The most worrying categories, and the ones law enforcement knows least about, are the professionals and cyber-terrorists. Both are very highly-trained, use stateof-the-art equipment, and are highly motivated.

They also are often the residue of the end of the Cold War and the break-up of the Eastern Bloc countries. "In the Eastern Bloc, you have a lot of highly-trained espionage experts who are out of a job," says Mr Rogers.

The professional group comprises criminals, thieves, corporate spies, and general guns for hire, he says. Cyber-terrorists overlap with professionals, tend to be well-funded, and mix political rhetoric with criminal activity. They pose a serious threat to national governments.

Most hackers are white, middle-class males of 12 to 28 years of age, have limited social skills and they perform poorly in school, although they have good computer skills.

Although they are loners, hackers "crave membership", says Mr Rogers, and tend to participate in online computer discussion groups. They like the escapism of the Internet.

Being a hacker "is almost a subculture, a counterculture, a contra-culture", he says. However, hackers seem to possess a dangerous need to seek attention.

"That's how most of these people get caught," says Mr Rogers. "They brag about their attacks online. To do an attack and then not tell anyone seems pointless to them."