Virus-writing hackers are biggest threat

Hackers who crossover into virus writing territory present the biggest danger to corporate computer systems as they perfect the 'blended threat' seen in recent virus outbreaks such as Sobig.

That's the assertion of Sarah Gordon, senior research fellow at Symantec Security Response, who has worked with the White House and the FBI to research the psychological profile of hackers and virus writers.

Gordon told silicon.com that hackers are driven by the motivation to complete a technology challenge and are usually not interested in the basic task of writing viruses and worms.

"There are people in the virus writing community who hack and people in the hacking community who write viruses but for the most part they are very separate communities. The virus writers are seen at the lower end of the food chain," she said.

But Gordon warned that creating a virus such as Sobig or Bugbear, only with much more damaging payloads, is well within the capabilities of even the most inexperienced hacker.

"Many of the threats are the result of the crossover between hackers and virus writers. Erasing a hard drive is a couple of key strokes. It isn't rocket science. A hacker of any skill level could write a self-replicating program but most find it too boring," she said.

And it seems the traditional stereotype of a spotty teenager hacking away in a dark bedroom is nothing more than a myth from the movies.

"The population is diverse. It just takes the ability to manipulate a computer system. It is not guys sat in a basement with piercings everywhere. It could be the 50-year-old accountant because she is bored, or the boss' 15-year-old daughter, or your 9-year-old nephew," she said.

There is also a distinct difference between hackers and virus writers, according to Gordon's research.

"Virus writers have normal relationships with peers and families. Hackers tend to be more introverted. Hacking is a very personal thing. One is power and control and the other is letting go."

Although Gordon works for a security software company, she says 'ethics' education at an early age would help prevent children and teenagers using their computer knowledge to cause damage.

"One thing that is important is introducing ethics in technology at an early age. On the computer there is less context and security. Teaching them that there's a person on the end of that modem is important," she said.