Recruitment of Hackers

[<MEGAPRIMER 1.0.6.1> FRAUD <B>FRAUD RECRUITMENT>HACKER RECRUITMENT]

Getting a Job as a Hacker

An assignment is requested as follows:Recently,multiple government sites in a certain region of our world has been victim to defacing and DDOS.Its your job first understand how this online gang operates with the view of infiltrating and dismantling the group.The c-level in organisation X need an executive summary on how recruitment is carried out by this gangs and a rationale of what motivates this kind of illegal groups.

Deliverable:Explain how hackers are recruited in the black market.

ssvforensic labs:Tool Kit for this operation not limited to;

Case  Undisclosed X company

411 about the firm Private Contractor

Mission        home_and_away

Objective   Underground Recruitment of Hackers

RV choice   Kali Linux[Maltego Casefile,Graph Search,IRC,Twitter,socialNet,GREP,Google]

POC                 Sample Below

Sample of POC on how these three elements aid in the recruitment process

For fraud to take place,3 elements have to be present;

1.Rationalization >> 2.Perceived opportunity >> 3.Perceived pressure.

In order to understand this phenomena, three rationales can be used;

1.Zero Order reasoning >> 2.First Order reasoning >> 3.Higher Order reasoning.Our discussion is limited to first order reasoning in which we are considering the condition s that directly affect the hacker.To do that lets consider this with a visual aid.

With hackers , the greater the perceived opportunity or the more intense the pressure(Mostly financial or vice), the less rationalization it takes to motivate someone to commit fraud. Likewise,the more dishonest a perpetrator is, the less opportunity and / or pressure it takes to motivate fraud.It must be understood that hacking or any forms of hacking are and is fraud.

SAMPLE OF THE POC ON RECRUITMENT

How is the organisation and leadership of any hackers or hacking legions created ?Power is the single most element that catalyses organisation and recruitment of any hacking entities.How ?

In 1947, Max Weber  introduced power as the probability that a person can carry out his or her own will despite resistance. When a hack takes place, the conspirator has the desire to carry out his or her own will—influence another person to act and do as the perpetrator wishes—regardless of resistance.Consider the below diagram on the recruitment process of hacktivist groups

.

The effectiveness of the perpetrator to influence the potential recruit depends upon the susceptibility of the victim as well as the perpetrator’s ability to manipulate the various types of power. The figure, is interactive,meaning that the more susceptible a victim is to the various types of power, the less effective the perpetrator has to be for recruitment to occur. Often, after the initial victim is recruited into the fraud scheme,that individual will then become a conspirator (in position A) and begin to influence other individuals to participate in the fraud.

conclusions

In conclusion,as a security analyst,its importance to understand that fraud examination provides insights to the likelyhoods of hacking activities.As a security consultant,it is prudent to know who you are dealing with and how to set up counter measures to mitigate security related issues.A mere pentest only serves to inform your client of vulnerabilities but remember risk assesement by any standard  be it COBIT,COSO,NIST or ISO is a 4 to 6 tier  process model.To my fellow security analysts,olympics is over so wacheni mchezo,tufanye kazi mzuri
Special Thanks:Credits  to  Prof.XYZ(Risk Analysis)  & Sun Tzu(Art of War) my Defacto Mentor