The 6 worst kinds of computer hackers

Feb 26, 2013
Fortune default image
fortune.com

If the Internet has one enduring constant, it's that somewhere, somehow, somebody is being hacked. Last month cyberassaults on banks, including BB&T (bbt), Citigroup (c), and SunTrust (sti), made headlines. But a recent Ponemon Institute survey reported that the average company is attacked twice a week and loses $8.9 million a year to cybercrime. Security analysts say the first thing businesses must know is just what types of threats are lurking in the shadows. While many hackers use relatively basic tools, such as phishing or malware, they often wield them with different motives. Here are six of the most effective actors.

Fortune default image
fortune.com

1. State sponsored

Who: China, Iran, Israel, Russia, U.S.

Objectives: Intelligence, state secrets, sabotage

Targets: Foreign governments, terrorists, industry

Signature: Multi-tiered, precisely orchestrated attacks that breach computer systems

Classic Case: One-fifth of Iran's nuclear centrifuges crashed after Stuxnet, a worm reportedly developed by U.S. and Israeli intelligence, penetrated computers at an Iranian enrichment facility. Iran allegedly retaliated by disrupting access to the websites of J.P. Morgan (jpm), PNC (pnc), Wells Fargo (wfc), and others.

Fortune default image
fortune.com

2. Hacktivist

Who: Anonymous, AntiSec, LulzSec

Objectives: Righting perceived wrongs, publicity, protecting Internet freedoms

Targets: Bullies, Scientologists, corporations, governments

Signature: Leaking sensitive information, public shaming, creepy YouTube videos

Classic Case: The websites of PayPal, Visa (v), and MasterCard (ma) were disrupted during Operation Payback, an Anonymous-led effort to punish companies that suspended the accounts of WikiLeaks in 2010. Some $5.6 million was lost by PayPal alone.

Fortune default image
fortune.com

3. Cyber-Criminal

Who: Nigerian "princes," carders, identity thieves, spammers

Objective: Treasure

Targets: The gullible, online shoppers, small businesses, data-rich health care and retail companies

Signature: Stealing data, looting bank accounts

Classic Case: Coreflood, malicious software that records keystrokes and passwords, infected 2.3 million computers in 2009, some in police departments, airports, banks, hospitals, and universities. Affected companies suffered six-figure fraudulent wire transfers.

Fortune default image
fortune.com

4. Insider (You)

Who: Disgruntled employees, contractors, whistleblowers

Objectives: Score-settling, leaks, public good

Targets: Large companies, governments

Signature: Document theft

Classic Case: Maroochy Shire, an Australian district along the Sunshine Coast in Queensland, was inundated with millions of gallons of untreated sewage in 2001 when a contractor hacked and took control of 150 sewage pumping stations. He had been passed over for a job with the district. His dirty work cost Maroochy Shire upwards of $1 million.

Fortune default image
fortune.com

5. Script Kiddie

Who: Bored youth

Objectives: Thrills, notoriety

Targets: Low-hanging fruit such as unprotected websites and e-mail accounts

Signature: Defacing or dismantling websites

Classic Case: An e-mail subject-lined I LOVE YOU duped people -- some of them inside the Pentagon -- in 2001. The virus it contained, which originated in the Philippines, destroyed files and simultaneously replicated itself, seeding in-boxes as it went. The so-called Love Bug caused an estimated $10 billion in digital damage and lost productivity.

Fortune default image
fortune.com

6. Vulnerability Broker

Who: Endgame, Netragard, Vupen

Objective: Hacking as legitimate business

Targets: Agnostic

Signature: Finding so-called zero-day exploits -- ways to hack new software, selling them to governments and other deep-pocketed clients

Classic Case: French firm Vupen hacked Google's (goog) Chrome browser at a security conference last March. Rather than share its technique with the company (and accept a $60,000 award), Vupen has been selling the exploit to higher-paying customers.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions