More often than not, political hacktivism is intent on causing monetary pain to its victim in an attempt to change the victim's behavior in some way. Individuals can be collateral damage in this fight, and regardless of whether one believes in the hacktivist's political cause, the intent and methodology remain criminal.
While the likelihood of dealing with hacktivists may be low, most IT security pros have to contend with the large group of malicious hackers that exist only to steal intellectual property from companies or to perform straight-up corporate espionage.
The method of operations here is to break into a company's IT assets, dump all the passwords, and over time, steal gigabytes of confidential information: patents, new product ideas, military secrets, financial information, business plans, and so on. Their intent is to find valuable information to pass along to their customers for financial gain, and their goal is to stay hidden inside the compromised company's network for as long as possible.
To reap their rewards, they eavesdrop on important emails, raid databases, and gain access to so much information that many have begun to develop their own malicious search engines and query tools to separate the fodder from the more interesting intellectual property.
This sort of attacker is known as an APT (advanced persistent threat) or DHA (determined human adversary). There are few large companies that have not been successfully compromised by these campaigns.
No matter what the intent or group behind the cyber crime, someone has to make the malware. In the past, a single programmer would make malware for his or her own use, or perhaps to sell. Today, there are teams and companies dedicated solely to writing malware. They turn out malware intended to bypass specific security defenses, attack specific customers, and accomplish specific objectives. And they're sold on the open market in bidding forums.
Often the malware is multiphased and componentized. A smaller stub program is tasked with the initial exploitation of the victim's computer, and once securely placed to ensure it lives through a reboot, it contacts a "mothership" Web server for further instructions. Often the initial stub program sends out DNS queries looking for the mothership, itself often a compromised computer temporarily acting as a mothership. These DNS queries are sent to DNS servers that are just as likely to be innocently infected victim computers. The DNS servers move from computer to computer, just as the mothership Web servers do.
Once contacted, the DNS and mothership server often redirect the initiating stub client to other DNS and mothership servers. In this way, the stub client is directed over and over (often more than a dozen times) to newly exploited computers, until eventually the stub program receives its final instructions and the more permanent malicious program is installed.
Sign up for CIO Asia eNewsletters.