Chapter 10. Case Studies: Different Perspectives

Hacking is not just a skill set. It is also a mindset. As we have shown in this book, attackers have been and will continue to exploit a combination of vulnerabilities to get what they want.

In Chapter 9, we looked at specific examples of how a determined attacker is able to target executives. In this chapter, we will take a look at two examples that further illustrate the motivations of attackers from two different perspectives.

In the first case study, we will look at a situation in which a disgruntled employee chooses to exploit his former employer after resigning and moving on to a competitor. In this example, the former employee’s actions are primarily driven by his emotions.

The second case study illustrates a typical corporate scenario. In this example, we will see how an executive in charge of information security at a major corporation is perpetually wooed by security product vendors who continually promise him the ultimate silver bullet: “just buy our latest product, plug it in, and you will be safe.” Meanwhile, an external attacker is able to use crafty techniques to exploit vulnerabilities and compromise confidential data from the corporation.

The Disgruntled Employee

It is often assumed that the motivation on the part of malicious parties targeting a given corporation is only to seek financial gain. This isn’t always the case. Those who decide to abuse and steal data from a given target can also be driven by their emotions. ...

Get Hacking: The Next Generation now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.