Shared publicly  - 
Hacker Intelligence Initiative
Monthly Trend Report #5

Imperva has released the latest in their series of reports on hacking. This installment focuses on discussion trends on a widely used hacker forum (over 250,000 active members).

If you've dabbled a bit and perhaps tried on darker colored hats most of the findings won't be a surprise... lots of kiddies wanting to learn how to h4x, a few seasoned vets dishing out advice (mostly "learn to script n00b"), and plenty of tutorials, tools, and scripts to choose from. The hacker community is very active with heavy turnover and works much like any other community out there (like a forum on gardening... but with more 12 year olds... and with shellcode for sale).

All in all a worthwhile read for people wanting to understand how hackers communicate with each other (at first and in public). I'd be interested to know if Imperva has something more up its sleeve like an undercover blackhat who has gotten past the open forums and into the private ones... or better yet the private IRC channels.

Latest report here (#5):
Report 1:
Report 2:
Report 3:
Report 4:

#security #hacking
Thomas V. Fischer's profile photoIng. Damián Pérez Arroyave's profile photoDeepak J's profile photoTeguh Andre's profile photo
The excerpt on page 9 under "Recruitment" leaves me wondering who wrote this.

"Keith Richards described the Rolling Stones’ success saying “It’s really teamwork, one guy supporting the others, and it’s all for one purpose, and there’s no flies in the ointment.” To illustrate his point, Keith explained that Mick Jagger’s solo album “Goddess In The Doorway” should have been titled “dog shit in the doorway.” Likewise, hacking has become a group sport and its success depends on a quality team. To be successful, you need to have expertise in various areas such as web attacks, DDOS, malware, etc… If a single hacker finds or conceives of a potential target but only has some portion of the expertise required to successfully execute an attack, where do they go? Here a hacker group, calling themselves the Wraith, recruits members:"

It has a superscript indicating an endnote or footnote, but I couldn't find the reference.
What I found curious is that they are making it sound that hacker collaboration is new... it's not close to being new. What's new is the emergence of geo-political players and the counter-movement it spawned. That's where I would focus if I were writing these reports.
Infiltrating the deepest reaches of these communities (fora, IRC/SILC, voice conferences, etc) is not terribly difficult, especially if you have a recognizable level of relative skill and a little bit of time to do some social engineering. I know unassuming companies whose internal CIRT teams infiltrate these venues just for grins. Certainly, Imperva has delved into similar territory.
sounds about right, though i think self-reported demographics are bound to be skewed a little bit. didn't realize the % on cryptography was so low... i'm assuming this data was generated from HF or something?
On a whim after I posted this I went on a little journey through my past and I was dismayed to find my old stomping grounds are either gone, neglected, were themselves pwnd, or have gone mainstream...
This is more of an analysis of script kiddie communities, I think. Or at least it feels that way.
Yeah, even the last remnants of the good old days are gone. Hell, people don't even know what you're talking about anymore when you mention BBSes or Beige Boxes, or make a joke about ./ Local meetings have degenerated into WoW and D&D feuds... It's something else man.
LOL. All my old stomping grounds were dial-up BBSes. Also, I met my wife (who is currently DPSing the everloving shit out of something with a giant pumpkin head in WoW) on one of said dial-up BBSes.
+James Dice our 2600 meeting is still going strong, and I started going in 1993. It's not very organized, but it does happen, as stated in the magazine, every first friday of the month at (ugh, a little after) 5:00 PM local time in a public place (bookstore). Discussion ranges from paranoia and conspiracy theory to quantum physics, and, as is to be expected, information security, telephony, cipherpunkery, dumpster diving and high-tech shenanigans.
This is garbage aimed at a lay audience; there's no more actionable intelligence here than could be gained from getting me drunk and asking me to reminisce about the good old days.
+Conrad Constantine yes, I mention it's worthwhile for the layperson... agreed it's not meant for... well let's be honest, the majority of people who have me in circles.

Next time I'll forward it to my boss instead. ;-)
+Dan Glass I was more hoping for a response that entailed getting me drunk and reminiscing about the good old THAT sounds like a worthy expenditure of time and research grants!
Script kiddie is a ridiculously obsolete term. Everyone uses tools now, because tools are useful.

I don't think the average forum hacker doing SQLi or other text-injection attacks is substantially less skilled at "hacking" than the average pentester these days (average, not median).
The distinction isn't whether one uses tools. It's whether one uses them with comprehension or not.
And the average pen tester these days doesn't seem to do actual pen testing, sadly.
Yeah, I don't disagree on the pen testing issues. Kiddies grew up and got their CISSP and a job with some consultancy, which... man, I'm a downer tonight! :p 
I mostly take issue with the term "script kiddie" because it implicitly devalues and trivializes tools. Everyone, from the lowliest forum troll to the leetest most ninja hax0r uses tools someone else made, and generally has very little comprehension of all the underlying systems. It's semantics, but semantics do affect perception.
+Noah Axon The San Antonio, TX 2600 is so invisible, the place that they hold it at wasn't even aware of it. "Yeah, I guess people with laptops come on that day... It's what kind of meeting now?" was their response to asking about it lol
I think a lot of that is a function of cultural changes driven by technology. "Back in the day" exchanging even a few megabytes of interesting data (often in the form of a book or binder!) was most efficiently done with a physical transfer, so a meetup is more or less required. Internet access was expensive and sparse, and shady BBSes usually only had a couple phone lines, so there wasn't a really mainstream option for "chat" until the late 90s; socialization and discussion was also far more efficient in person.

The current generation grew up with communications technologies that we probably wouldn't have believed to be possible, let alone affordable and common, when we were of similar age. People of like minds are still meeting up, they're just doing it on the internets rather than at starbucks.