Hackers ~ who they are, what they get paid, and who pays them

Matt Tett

Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at http://www.testlab.com.au blog at http://enextestlab.blogspot.com and can be found on twitter as @enextestlab.

Recently an acquaintance of mine posed me the questions; Who are the hackers? Who pays them? And, what do they get paid?

How easy is that to answer .. .. .. NOT !

Depending on which camp your foot is in there are a number of interpretations of the term “hacker” which drives me up the wall, it’s like the term “rock star”. We are all rock stars in our own minds, but then there are those individuals who genuinely compose, and perform songs, some amateurs, some professionals, some great, some successful, others not. And then there are the rest of us who do questionable air guitar impressions every time an Acca Dacca song comes on.

The rough interpretation of the hacker moniker from camp 1 is that of one who has an active, hands-on, interest in stuff, and as such often dismantles such stuff physically or electronically to ascertain how it functions. Basically the upshot is a hacker is a reverse engineer exploring technology in an effort to learn how it operates. Simple. Online network or internet “hackers” are simply digital explorers. And as with global explorers may on occasion cross boundaries into others territory either deliberately or un-intentionally. Just as Mechanical Hackers could be amateur motor mechanics pulling their cars apart and trying to put them together and so on.

Essentially anyone with an healthy active thirst for practical knowledge and a willingness to tinker could be called a hacker. Imagine how many calls to help-desks may, or may not, have been saved due to the resourcefulness of hackers in the enterprise and around the home. Now there is a thought! Bunnings is the ultimate hackers resource.

The other camp uses the term hacker to label or define one with nefarious intent bent on wreaking havoc and destruction and something to be feared, a criminal who like an unseen ghost passes quietly through dark shadows to get their hands on your data. This has been born and supported greatly by those wonderful security product vendors to assist in their well formed and often effective Fear, Uncertainty and Doubt (FUD) campaigns. Without “hackers” vendors wouldn’t have a tool to sell their protection to clients. Until skynet is out of control computers don’t attack computers there needs to be a shadowy human hidden somewhere in the world pulling the strings, writing the scripts and code to spread and wreak devastation.

So now we know who they are. We can move on to who pays them, and what they get paid.

In terms of camp one it depends on the level of qualification and the chosen career of the inquisitive “hacker” seeing most people are guilty of having pulled apart a product at some stage in their lifetime to “see how it works” or to “just try and fix it” then anyone could be a hacker, doing any job, employed by anyone. Ultimately the best quizzical hackers end up choosing an educational path and career that may bend to their hobby. So really the sky is the limit in terms of salaries for camp 1 hackers and anyone could be their employer, or indeed they could be students, self-employed or retired.

In terms of camp two there are a number of willing employers, some are seemingly innocuous corporations and government agencies looking to gain a edge on information by employing criminals to obtain data through deception or electronic trespass, break and entering if you will, in some cases this may also include physical break and enter as well. For example corporate espionage stealing trade secrets from a competitor on a product or service under development to beat them to the post. Or in the recent public case of News Corp and their News of the World saga, trying to be the first with breaking news to the point they engaged a criminal to break into systems and steal private information. All illegal activities conducted by criminals.

Then there are the enterprises that make no bones about their activities and are setup solely for criminal activities. These organised crime outfits employ resources to steal valuable information, and then sell that information to all of those for whom it has value (or the highest bidder), or to those to whom it originally belonged as a form of “protection” against its release. Crime groups also engage assets to set-up and operate bot-nets (primarily for use in DDoS attacks) they use these networks to extort money by threatening to bring down websites etc. unless payments are made, essentially an electronic form of blackmail. Now in terms of how much these criminal outfits pay their employees comes down to the level of skill and amount of value the person can generate from their chosen criminal activity. Much the same as any employee building their career. As with most organisations logically those who deliver are rewarded.

In summary, whichever way you look at it, we are all hackers, we all get paid (never enough), and for the most part we are all growing and building our skills and careers. Some of us legally, some of us illegally. You draw the line.

Now where is my Bunnings card, I need to go buy a new hammer and fix this stupid computer !!

Tags: careers, jobs, reverse engineer, skynet, hacking, rock stars

Show Comments