Saturday, February 22, 2014

Threat Agent Profile: Irrationals

The majority of system compromises can be traced to a simple principle – the benefits, at least in the short to medium term, outweigh the cost. Broadly, leaving governments aside, benefits can be divided into either financial or psychological. Money is the root of almost all compromises. The targets these hackers will go after are pretty simple to predict; roughly, they’ll go after systems that provide the highest return at the lowest personal risk of incarceration. Attacks motivated by psychology are more difficult. Most of the psych hacks are web site defacements and limited to simple exploits – more in the vandal category we reviewed. Within the psychology category is a subset that is irrational; system compromises that really can’t be explained or predicted, that stand against reason. What systems they will go after and how much resource they’ll dedicate in doing so is anyone’s guess. Here is one:

During a yearlong period beginning March 2001, Gary McKinnon, a British citizen, compromised scores of sensitive U.S. government and military systems, including systems at the Pentagon, Fort Benning, Fort Meade, the Earle Naval Weapons Station; and the Johnson Space Center.  In responding to journalists regarding the case, the U.S. Attorney heading up the prosecution, Paul McNulty said, “Mr. McKinnon is charged with the biggest military hack of all time.”[1] And what was Gary’s stated motive? It was to discover evidence of a UFO cover-up.[2]

The ‘irrationals’ represent a very small portion of the system hacks, but they are out there and they are very bothersome. Perhaps the people that scare us the most are the ones that we can’t explain.