Hacker Economics: Three Cost Effective Ways to Tackle Hackers

Greg Bunt, Director of Security, APAC, Juniper Networks contributed an article entitled Hacker Economics: Three Cost Effective Ways to Tackle Hackers, which he wrote about the hacking pattern observed from Juniper's customers. The pattern found that most hackers are impatience in nature and seek only instant gratification.

His article wrote that by and large, hackers usually spent not more than 8 minutes on hacking small web sites; not more than 3 hours on larger web sites; and usually not more than a single day on a typical large assignment.

Greg Bunt, Director of Security, APAC, Juniper Networks

While his findings made no attempt to identify further into pecuniary issues, personally I agree with him on certain terms. Here is what I think:

First of all, assuming that hackers are above average gifted IT person with penchant for solving difficult problems, it then brings us to make an assumption that these people would usually lead a normal life working at technology related companies doing technical jobs such as software engineering.

Now here is the tough part; if you have a great future, why would you want to risk going to prison ???

Unless, you are from a country that is poorer, devastated by political crisis and exacerbated by societal issues, otherwise, it will contribute little gratification by involving with hacking and being part of the cyber-underworld - unless you have nothing much to lose anyway !!!

In retrospect, I feel that most predominant hackers usually rooted from a few places only - it all depend on the social-political culture of that community.

In Malaysia, I would tell you that chances are very low. Why ???

The reason is because the Malaysian dream is not about seeking gratification such as achieving technological breakthrough - the dream is usually about leading a normal life, get married, getting high pay jobs, buying big houses,cars and branded imported products.

Some people don't even want to invest 2 years into a business idea - usually will wrap things up by end of 1 year, sometimes even 6 months.

I found that most Malaysians have everything to lose !!!

In the article, Greg Bunt suggested that one approach is to trick attackers into exposing themselves when they target a site, and finding ways to frustrate their progress by leading them to hack data that ultimately doesn't exist. This can include slowing connections to the server for the attacker, creating fake directories, simulating broken applications and flooding attacker scanning programs with information about vulnerabilities that don't exist.

Hence, we ought to lay traps.

I just can't help thinking - I'm a Malaysian in every sense !!!