Hackers spent about 25 percent of their time in forums giving other hackers beginner tips, according to a survey by cyber security firm Imperva.
Hackers devote a lot of time to hacking tutorials, which means there is a strong and steady interest in content related to learning the tricks of the trade. About 22 percent of the discussions related to hacking tools and programs, while 21 percent related to web site and forum hacking.
This kind of analysis provides a bird’s-eye view of where hacking is going and what topics are important to hackers — and should therefore be important to security professionals.
Hackers talk about attacks commonly, and the No. 1 type of attack they discuss is distributed denial of service (when hackers use lots of traffic to shut down a site, about 22 percent of discussions), followed by SQL Injection (19 percent), spam (16 percent), brute force (12 percent), and shell code (12 percent).
Over four years, attack discussions have grown 157 percent. Mobile hacking has also seen very strong growth, with interest in hacking the iPhone leading the way.
A lot of the training is technical, but there is also a lot of nontechnical training. Hackers, for instance, have long tutorials on “social engineering,” or manipulating a person to accomplished goals that may not be in the person’s best interests, such as giving out passwords to a web site. There are also tutorials on how to escape law enforcement.
Hackers use forums to communicate with each other, brag about their exploits, engage in a kind of black market commerce, and socialize with other hackers. But law enforcement officers frequently observe these forums as well.
The survey focused on a major hacker forum with a total of 250,000 members. Imperva applied its content analysis capability to analyze chat sessions by topic, using specific keywords.