If your computer is a fortress, hackers are the interlopers with pointy metal hats who charge the gate, scale the walls, or use stolen keys to get inside. Their mission? To steal your crown jewels or carve graffiti on the walls. There’s also a really exciting section on how to stop them and what to do if one of them succeeds. It’s like a medieval video game, but scarily, it’s real.
To the popular press, "hacker" means someone who breaks into computers. Among programmers it means a good programmer. But the two meanings are connected. To programmers, "hacker" connotes mastery in the most literal sense: someone who can make a computer do what he wants—whether the computer wants to or not.
To add to the confusion, the noun "hack" also has two senses. It can be either a compliment or an insult. It's called a hack when you do something in an ugly way. But when you do something so clever that you somehow beat the system, that's also called a hack. The word is used more often in the former than the latter sense, probably because ugly solutions are more common than brilliant ones.
In reality, most hackers are ordinary people with a great deal of curiosity, above-average skills with a computer, a good understanding of human nature, and plenty of time to kill. Hackers have no distinguishing characteristics. Your next-door neighbor could be a hacker, as could your niece or nephew, one of your co-workers, or even the kid who serves you coffee in the morning. Not all hackers are dangerous and out to destroy business or damage lives. The basic difference is: hackers build things, crackers break them.
There are probably as many answers to that question as there are hackers (maybe more). It is important to realize that these people are individuals with their own hopes, fears, desires, and everything else that comes with being human. However, there are general patterns to the motivation behind the computer hacker's drive to manipulate technology. The problem of hacker motivation is probably one of the more interesting questions concerning this sub-culture.
To almost all computer professionals the actions of hackers are despicable and justify all sorts of nasty punishments. I fully agree that hacking is a criminal offense and should be prosecuted. The only thing that bothers me from a moral standpoint is that these criminals are essentially the cyberspace equivalent of teenage vandals. They do not know the implications of what they are doing. These people are displaying situational morality, and their actions are random, yet predictable.
Many professionals argue that the cause why hackers hack is about the same as any other criminal. It mostly has to do with their families, and friends and the environment they grew up in. I agree with professionals at this point and I believe that the issue goes back to how they are raised. I am not saying that these people have bad parents. I think that while parents go around telling their children not to do drugs, to study hard in school, etc., they do not tell their children that it is bad to break into computer systems. Parents don't think of discussing it. This leaves teenagers to learn the morals of computer hacking on the streets, and in this case, cyberspace. They learn about hacking on bulletin boards, chat lines, etc. Are there established experts in the field on these forums to discuss the moral issues of hacking? Clearly not, they don't have the time or desire to associate with these people. The hackers therefore learn their morals from other hackers.
The hacker morality has been developed over the years to be self-serving in justifying their actions. Newcomers to the community learn the morality by associating with established hackers. There is a desire to impress each other, and there is a fear about their heroes, such as the Legion of Doom and the Masters of Deception. Are their heroes criminals? Not to the hackers. They are political prisoners for "knowing too much," or at least that is what everyone is telling them. There are no established security experts visible to the general population to let the hackers know the actual damage that these people created or the real criminal actions that they committed.
Hackers also do not know about the costs associated with their actions. All studies indicate that hackers are generally young, and do not have full-time jobs or own property. They do not consider that if they do get into a system and make an unintentional, simple mistake, they could cost the company thousands, and possibly millions, of dollars. I would dare say that every computer professional, including the best, have made a mistake that has caused the loss of data, service or money. Hackers have never been in a real situation to understand this issue. They do not know what a System Administrator is faced with on a day-to-day basis, and neither do they realize the extent of the problem they cause for already overworked people. They also do not comprehend that a company detecting an intrusion must investigate to see the extent of it. This has a cost of thousands of dollars associated with it.
Hacker morality says investigating intrusions is a cost of doing business, and it is the company's fault for having poor security. Hackers, as individuals, have never had to balance limited resources themselves, and cannot empathize with others. There is also a more threatening aspect of hacker morality; there are many variations of it. Some hackers believe that it is all right to punish people and companies that they do not like, while others find the action wrong. Others believe that it is all right to steal money and resources, if it goes to support hacker actions. This is very dangerous. Even though many hackers might disagree with these types of actions, they will not rip off others, which is considered the most degrading thing that a hacker could ever do. In my opinion, all of these attitudes come from the same source; a morality that is learned from other hackers, without role models from the legitimate information security community.
Data is by definition easy to copy. And the Internet makes copies easy to distribute. So it is no wonder companies are afraid. But, as so often happens, fear has clouded their judgement. The government has responded with draconian laws to protect intellectual property. They probably mean well. But they may not realize that such laws will do more harm than good.
Why are programmers so violently opposed to these laws? If I were a legislator, I'd be interested in this mystery—for the same reason that, if I were a farmer and suddenly heard a lot of squawking coming from my hen house one night, I'd want to go out and investigate. Hackers are not stupid, and unanimity is very rare in this world. So if they're all squawking, perhaps there is something amiss.
What is Hacker?
Hacker is one of those terms that has a different meaning depending on who uses it. Among programmers, to be a hacker is to be a star. Hackers are programming code jockeys that can throw together bits of miraculous pieces of programming seemingly at will.To the popular press, "hacker" means someone who breaks into computers. Among programmers it means a good programmer. But the two meanings are connected. To programmers, "hacker" connotes mastery in the most literal sense: someone who can make a computer do what he wants—whether the computer wants to or not.
To add to the confusion, the noun "hack" also has two senses. It can be either a compliment or an insult. It's called a hack when you do something in an ugly way. But when you do something so clever that you somehow beat the system, that's also called a hack. The word is used more often in the former than the latter sense, probably because ugly solutions are more common than brilliant ones.
Hacker vs. Cracker
In mainstream press, the word “hacker” is often used to refer to a malicious security cracker. it’s useful to differentiate between hackers and security crackers, though, and that terms like “malicious security cracker” are sufficiently evocative and clear that their use actually helps make communication more effective than the common journalistic misuse of “hacker”.
In reality, most hackers are ordinary people with a great deal of curiosity, above-average skills with a computer, a good understanding of human nature, and plenty of time to kill. Hackers have no distinguishing characteristics. Your next-door neighbor could be a hacker, as could your niece or nephew, one of your co-workers, or even the kid who serves you coffee in the morning. Not all hackers are dangerous and out to destroy business or damage lives. The basic difference is: hackers build things, crackers break them.Why?
Why do hackers go through all the trouble to do what they do? Most people in society do not spend the time to break into computer systems. It does not have much appeal to them. Why then do certain people spend so much of their time and energy accomplishing these feats of technological wizardry? What is the cause that turns those mostly above-average intelligent people to pursue a criminal career, and destroy their otherwise very successful careers? Why do they commit these computer related crimes as an obsession?There are probably as many answers to that question as there are hackers (maybe more). It is important to realize that these people are individuals with their own hopes, fears, desires, and everything else that comes with being human. However, there are general patterns to the motivation behind the computer hacker's drive to manipulate technology. The problem of hacker motivation is probably one of the more interesting questions concerning this sub-culture.
Many professionals argue that the cause why hackers hack is about the same as any other criminal. It mostly has to do with their families, and friends and the environment they grew up in. I agree with professionals at this point and I believe that the issue goes back to how they are raised. I am not saying that these people have bad parents. I think that while parents go around telling their children not to do drugs, to study hard in school, etc., they do not tell their children that it is bad to break into computer systems. Parents don't think of discussing it. This leaves teenagers to learn the morals of computer hacking on the streets, and in this case, cyberspace. They learn about hacking on bulletin boards, chat lines, etc. Are there established experts in the field on these forums to discuss the moral issues of hacking? Clearly not, they don't have the time or desire to associate with these people. The hackers therefore learn their morals from other hackers.
Hacker morality says investigating intrusions is a cost of doing business, and it is the company's fault for having poor security. Hackers, as individuals, have never had to balance limited resources themselves, and cannot empathize with others. There is also a more threatening aspect of hacker morality; there are many variations of it. Some hackers believe that it is all right to punish people and companies that they do not like, while others find the action wrong. Others believe that it is all right to steal money and resources, if it goes to support hacker actions. This is very dangerous. Even though many hackers might disagree with these types of actions, they will not rip off others, which is considered the most degrading thing that a hacker could ever do. In my opinion, all of these attitudes come from the same source; a morality that is learned from other hackers, without role models from the legitimate information security community.
Hacking a Computer System
Surprisingly enough there is no distinct profile of a hacker. He or she comes from all creeds and breeds, old or young. Some see it as a sport: 'the tinkerers'. Others just want to get to the goodies, some are spies, some are just out to destroy the system, some are even anarchists, and some are pacifists trying to save the world and not to forget some are professionals unveiling the weaknesses of a particular system. They are rich, poor, wealthy, upper or lower class, blue color or white color, smart or just lucky. Hark! Computing does not make a difference.
But, when they are pursuing it, they all WILL find a way to gain access into company, government or other computer systems.
Since not all humans are evenly smart and intelligent there are various types of hackers and methods to gain access to computers. What would you need and need to know whilst to be or becoming a hacker that wants to hack a computer:
- You need to create your own special password crack program, dial in simulators, firewall penetrators, worm "alike" assault mechanisms, listeners, decoding or decrypting engines,
- Need good practical knowledge of C, machine language and at least some Awk or Sed, VI when going for the big irons,
- Know how to handle Artificial Intelligence,
- How knowbots and search agents work and be able to create one,
- Need a good knowledge on TCP/IP mechanisms and other stuff comprising network protocols,
- How to get into PBX or other phone switch components,
- Would need to gain knowledge about the computersystem that wants to be hacked,
- Good to excellent knowledge about the operating system you are likely to encounter,
- Have knowledge about network layouts and system architecture of the system to be hacked,
- Need to understand the security measures in various breeds of security levels,
- How to make use of backdoors,
- Have a good grasp of likely and possible flaws or leaks in firewalls, routers and access server software,
- Must know how to cover their traces (e.g. by masking their presence on the net or computer's logfiles),
- Be VERY VERY secretive and know when to go for cover,
- Time must be abundant,
- the list goes on and on...
Now you should understand why companies want to hire a caught hacker: he or she knows it all!
Also you will understand that to be or become a fairly successful computer hacker you have to be a knowledgeable, intelligent and persistent entity. When you never want to be caught you have to be crazy and genius at the same time. And you will never read this page on hacking.
Generalizing there are three large contingents of hackers.
The hardworking, knowledgeable, and intelligent one
- These persons are the most secretive and intelligent persons and hacking is not a hobby but a convocation
- They design their own software, borrowing means to give away your identity
- Build sometimes there own hardware that switch between PBX's with difficult to trace marks
- Know their way around in networks and play with it as if it are toys
- Are mostly not a member of any group
- They know very well how to hide what they have done
- Are never heard of or they get arrested and convicted under false pretense as to cover the real reason, but would be waited for at the prisons gate by representatives of the same company they hacked
- Or just rot away in a prison or psychiatric institution and only come out when old and useless or crazy as a door
- Have a bit of luck not being caught
The hardworking persisting one
- These types use a mixture of tools, either made by group members or designed by themselves
- There is fair knowledge about operating systems and computing networks
- Most of the time this type of hacker is member of a hacker's group or so you want organization
- Some are working with temporary loose clusters of individuals acting together for a hack
- There are inner circle 'manuals'
- Use information via the Internet of other channels, not much pure individual work is done
- Have a lot of luck not being caught
The easy ones
- Use somebody else's dictionary or programs to generate passwords
- Use a list of often used usernames (e.g. admin)
- Have a list of easy to hack systems
- Have a hacker's "cookbook" to gain access (tips and tricks)
- Don't bother about leaving traces
- Be member of a hacker's ring and exchange information freely
- Have all the world's luck of not being caught
Actually to make a hack the need for hardware or software is modest. All you need is a connection to the Internet, or have a modem of various types (synchronous, asynchronous) or a connection via cable or an existing network. Plenty of time and some intelligence and luck. And to no much surprise you will be in business before you know it.
Why are programmers so violently opposed to these laws? If I were a legislator, I'd be interested in this mystery—for the same reason that, if I were a farmer and suddenly heard a lot of squawking coming from my hen house one night, I'd want to go out and investigate. Hackers are not stupid, and unanimity is very rare in this world. So if they're all squawking, perhaps there is something amiss.
To hackers the recent contraction in civil liberties seems especially ominous. That must also mystify outsiders. Why should we care especially about civil liberties? Why programmers, more than dentists or salesmen or landscapers?
Let me put the case in terms a government official would appreciate. Civil liberties are not just an ornament, or a quaint American tradition. Civil liberties make countries rich. If you made a graph of GNP per capita vs. civil liberties, you'd notice a definite trend. Could civil liberties really be a cause, rather than just an effect? I think so. I think a society in which people can do and say what they want will also tend to be one in which the most efficient solutions win, rather than those sponsored by the most influential people. Authoritarian countries become corrupt; corrupt countries become poor; and poor countries are weak. It seems to me there is a Laffer curve for government power, just as for tax revenues. At least, it seems likely enough that it would be stupid to try the experiment and find out. Unlike high tax rates, you can't repeal totalitarianism if it turns out to be a mistake.
This is why hackers worry. The government spying on people doesn't literally make programmers write worse code. It just leads eventually to a world in which bad ideas win. And because this is so important to hackers, they're especially sensitive to it. They can sense totalitarianism approaching from a distance, as animals can sense an approaching thunderstorm.
It would be ironic if, as hackers fear, recent measures intended to protect national security and intellectual property turned out to be a missile aimed right at what makes America successful. But it would not be the first time that measures taken in an atmosphere of panic had the opposite of the intended effect.
References:
This is why hackers worry. The government spying on people doesn't literally make programmers write worse code. It just leads eventually to a world in which bad ideas win. And because this is so important to hackers, they're especially sensitive to it. They can sense totalitarianism approaching from a distance, as animals can sense an approaching thunderstorm.
It would be ironic if, as hackers fear, recent measures intended to protect national security and intellectual property turned out to be a missile aimed right at what makes America successful. But it would not be the first time that measures taken in an atmosphere of panic had the opposite of the intended effect.
References:
Graham, P (2004) The Word “Hacker” [Online] [October 10th, 2010]. Available from URL: http://www.paulgraham.com/gba.html
"Hacking and Hackers" (March 2010) [Online] [October 14th, 2010]. Available from URL: http://www.thocp.net/reference/hacking/hacking.htm
Perrin, C (April 2009) "Hacker vs. Cracker" [Online] [October 25th, 2010]. Available from URL: http://blogs.techrepublic.com.com/security/?p=1400
Perrin, C (April 2009) "Hacker vs. Cracker" [Online] [October 25th, 2010]. Available from URL: http://blogs.techrepublic.com.com/security/?p=1400
