3. The Adversary of Cybersecurity: Hackers “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” - The Art of War by Sun Tzu Cybersecurity is predicated on the existence of cyber threat actors. These people are commonly called hackers. This term predates cybersecurity, and it was originally a compliment, referring to students working with the earliest computers on college campuses in the 1960s. It meant they were good at finding creative ways to make computers accomplish different tasks. Later, the media used the word hacker to describe a few early cybercriminals, and the term stuck. Today, it is a good catch-all term for cyber adversaries. A hacker is a person who attempts to gain unauthorized access to a computer system or deny access to authorized users. Hackers may work alone or in groups. In this text the term hacker will frequently be used as a short-hand for cyber attackers. The previous chapter outlined the context of cybersecurity, cyberspace, from a technical perspective. Because of the centrality of hackers to cybersecurity, this chapter covers who these people are and what motivates them. The next chapter explores how they accomplish their objectives. 3.1 Hackers Hackers exploit vulnerabilities. A vulnerability is a weakness and an exploit is an action that takes advantage of a vulnerability to compromise security. While exploiting vulnerabilities sounds nefarious, it is simplistic to say that hackers are bad guys. For example, good guys may attempt to gain unauthorized access to computers belonging to terrorists to thwart an attack. So while the term hacker generally has a negative connotation, the hacker’s motivation and goals must be considered before passing judgment. Not all hacking is against the law or even unethical. Chapter 3
RkJQdWJsaXNoZXIy MTM4ODY=