As mentioned previously, the bigger picture or the risk context has two sides.
First, there is the users perspective, where the focus is on what the user is aware of and what elements does the user understand. This has been detailed in the users perspective in the risk context post.
Second, there is the adversary perspective, where the focus is on what the adversary sees and how the adversary targets the users assets.
“Know your enemy and know yourself and you can fight a hundred battles without disaster.” Lao Tzu
An adversary is any other actor or entity that has an interest that either conflicts with the users interest, either needs to profit from the users interest in one way or another.
Most people would envision "the bad guys" out there wearing a hoodie in front of a PC trying to steal their money. Adversaries are more than that, hence the reason for mentioning "entities" as well.
The most common adversaries relevant to the average internet users are listed below :
- Script "kiddiez" - "hack" tools have become widely available and usable in the last years. It is (relatively) easy for a bored teenager to download these tools and use them without fully understanding how they work. People doing that are commonly refered to as "script kiddiez" because they don't clearly understand how the tool works but they surely can use them for malicious purposes
- organized crime groups - Europol announced that in 2013 that cyber-crime profits have exceeded international drug trading profits . This shows how cyber-crime is a big business that attracts organized crime groups
- Hacktivists - since the internet is such a necessary part of our modern life, proving a political or non-political point can have a great impact if it is being done online.
- Governments - Our own governments are actively spying on us and this a known fact for some time but has been recently backed up by the Snowden revelations. This topic is widely debated, but the point here is to understand that even our own government, as well as foreign ones, can be an adversary for the average internet user.
- Businesses - make money out of selling products or providing services. Marketing and sales are dramatically boosted when using (potential) consumer data. In other words, the users data is money. The money made from processing user data for marketing purposes is much bigger than what the average user would think about.
Based on the adversary we can quickly assume what kind of goals and motivations they have.
Typical goals for adversaries include but are not limited to the below :
- Financial - as mentioned before, cybercrime is big business. In many cases, it's also an opportunity for easy money, be it either for teenagers or organized crime groups
- Political - nowadays making a political impact and proving a point can be much more easily done online than rallying tens of thousands of people in a public square.
- Personal - these motivations vary, because some people commit online crime just because they can and they want to prove that. Or just because they're bored. Others can be a personal vendetta, where an ex-employee wants to get back at his former boss for firing him. Others can be due to jelousy or any kind of human emotion.
Adversary activity and actions
As examples and based on the goals and motivations above, an adversary would engage in one of the activities below :
- steal personal identifiable info through phishing
- steal credit card details by breaking the database where they are stored in
- steal personal media files by obtaining the credentials, like what happened to multiple "celebrities" in the US.
The examples above follows a simple structure
ACTION + ASSET
In other words, in order to accomplish the goals, the adversary will target the users assets either directly or through the users activities. This is the reason why the adversary activity is seen as a threat by the user.