In the last article in this series, we took a look at the benefits of hacking. However, not very many home computers are hit with sophisticated targeted attacks. The reason is that those attacks simply cost too much. The hacker’s time is the most obvious cost, but the risk of getting caught may also be serious in some cases. This article will attempt to quantify the costs of hacking and compare them to the benefits from the previous article in order to construct a reasonable model of attacks that are likely on your network. (more…)

How much is a hacker’s time worth? The answer will influence a hacker’s decision-making process when looking for targets. This information also helps to estimate the total cost of breaking into your network when building a threat model. The value of a hacker-hour varies greatly with respect to ability level. Scriptkiddies are a dime-a-dozen, while truly talented and influential hackers are very rare and only spend their time on the most cutting-edge security research. The following is a hacking hierarchy with groups corresponding to skill level. In this hierarchy, ideas, techniques, and tools flow from the brightest hackers at the top down to less-skilled hackers at the bottom. (more…)