What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.


Posted on by Divya Aradhya

Actual attackers have the following advantages over penetration testers-

  • Higher motivation levels

Hackers today usually belong to one of these groups: teenagers trying to break into systems for bragging rights, organized criminals who hire skilled hackers, governments trying to break into top-level secrets of other countries, and (hack)activists out to prove a point. But one thing that all these groups share is: extremely high levels of motivation to break the system, and sometimes at all costs.

When this level of motivation is compared to those of a penetration tester, who at the end of the day is working for a salary and clocking hours, it is but obvious why hackers succeed. Their motivation often makes them persistent and relentless.

  • Unlimited time

A hacker who has set his mind on getting into a system (for varied reasons) has unlimited time to try and break it – as the software or the website is released to world and is exposed. A pen test team which is hired by a company works within a tight time-frame – as the company has to justify costs, as well as work towards sending the software from the testing phase to production and release. The luxury of unlimited time definitely gives the hackers an edge.

  • Hold of the law

A law-abiding pen tester is bound by contracts and legalese and cannot step out of boundaries, and he works with an underlining recognition (and fear) of the consequences of breaking the law.
In comparison, a hacker comes into the game having conquered his fear of the law, and is more daring and creative in his attacks.

  • More tools in their tool-box, more knowledge sharing

Hackers, even those who work alone, learn through a variety of sources, underground IRC chatrooms and forums, and builds on the resources and tools of many before him. Often hacking teams (like the hacktivist group Anonymous) are technically brilliant and each bring with them highly skilled expertise which when pooled together make a formidable force.
In comparison, the tools and skills most pen testers are equipped with may often prove inadequate.

  • Greater focus and passion

The stakes are high for hackers. Albert Gonzalez is a master-criminal who hacked 170-million credit cards in one the world’s biggest cyber frauds ever. He had named his hacking plan and execution as “Operation Get Rich or Die Tryin’”4 That sums up the passion and focus of most hackers – and it will be hard for a pen tester to match up to. And working with such single-minded dedication towards their goal, make the hackers more likely to succeed.