Hackers

From SI410
Revision as of 03:17, 11 December 2012 by Brownman (Talk | contribs) (added categories)

Jump to: navigation, search
Back • ↑Topics • ↑Categories

A hacker is a person who uses computers to gain unauthorized access to data. This term has changed over the years as technology has evolved, and there are currently two main definitions. 1) an individual computer enthusiast who enjoys exploring computers and how to stretch their capabilities, and 2) a malicious individual who tries to obtain information by "hacking" computer systems.[1]

For many hackers, hacking is about autonomy, politics, and having fun, but is also about making a difference in the world - whether through maliciously hacking into computer systems or writing software to protect against future hacks.[2]

With the right knowledge, entire computer networks are opened up to hackers.

History

Hacking has been around in different forms since the development of the first computers. The first hackers appeared at MIT and hacked electric trains and tracks to make them perform differently before moving onto the computing systems being developed on campus. Many early hackers began as phone hackers, "phreaks", before moving onto the realm of computers. As the presence of hackers began to grow, they formed hacking groups, such as the Legion of Doom. In 1986, Congress passed the Computer Fraud and Abuse Act, which made it a crime to break into computer systems. Two years later, "the Mentor" (Loyd Blankenship) is arrested and publishes the Hacker Manifesto.The same year, the first worm is distributed through the internet. The self-replicating worm, created by Robert T. Morris Jr. spreads to 6,000 computer networks, including government and university systems. In the early 1990's when Netscape Navigator, which made information on the web much more accessible, begins to take off, hackers quickly move their skills to this new target. The subsequent rise of America On Line led to the release of AOHell, an application that unskilled hackers could used to hack in to AOL, spamming user mailboxes and chat rooms.[3] In 2010, more than 1.5 million hacker-caused defacement were reported, with even more in 2011. 2011 also marked the return to prominance for many hacker groups, including Anonymous, and Lulz Security, who were responsible for Sony, Fox, HBGary, and the FBI. The recent explosion in hackers can likely be attributed to Attack Tool Kits (ATKs) - widely available software that is designed to exploit security holes in websites.[4]

Classifications

Black Hat

Black hat hackers violate computer security out of malicious intent, or for personal gain. Black hats mainly operate by writing programs which work to damage computer systems and networks. Anti-virus software works to protect against these types of hackers.[5]

White Hat

White hat hackers are often considered to be "ethical hackers". They create computer security programs and perform penetration tests to help people protect their computers and networks against attacks. While white hats search out computers and computing systems to hack into, after they have found the weakness of the system, they cease hacking activities and inform owners of vulnerabilities they have found. Some people hire white hats in order to seek out potential security problems in their system. Additionally, white hat hackers can become certified by the International Council of Electronic Commerce Consultants.[5][6]

Gray Hat

Gray hat hackers are are a combination of black hats and white hats. If they find a target which they can successfully hack, they often tell the system's administrator that they found a weak point, but rather than disclosing what it is, they often elect to offer to fix the problem for payment. Gray hats often associate themselves with hacking groups, such as L0pht. While in the past, businesses often extended the job to such hackers (especially if this option was cheaper or more convenient), more recently businesses have begun to prosecute instead, leading to a decline in the practice.[5]

Hacktivist

While hackitivists perform the same hacks as other types of hackers, the motivation behind their attacks is different. Hacktivists are individuals who attack with the goal of spreading a political message. Many of their attacks involve web page defacement, where the hacktivists modify pages to display their own political views or messages. Many extremest organizations employ hacktivists in an attempt to further spread their messages.[5]

Cyberterrorist

Cyberterrorists use hacking in an attempt to instill fear into people. Cyberterrorism is a relatively new term for hackers. [5]

Nation States

Nation states have large amounts of computing power at their disposal, which they use to target the military, the financial and utilities sectors, as well as other critical infrastructures. [7]

Script Kiddie

Script kiddies are low level hackers. They usually have limited knowledge of programming, and simply execute programs written by others in an attempt to cause havoc. Script kiddies sometimes join up with each other to create hacking groups, such as LulzSec, because they are able to cause more serious disruptions as a group than they would be able to individually. The term "script kiddie" is thought to be insulting in the hacking world, because it not only suggests having no skills, but also covering up this lack of skills using scripts in programs that others have written.[2] [7]

Packet Monkey

Similar to Script Kiddies, Packet Monkeys are juvenile hackers who perform denial-of-service attacks on websites. [8]

Techniques

Wireless Network Sniffing

Wireless network sniffing is essentially "eavesdropping" on the network. Network sniffing utilizes sniffers, programs which intercept and decode network traffic. Sniffing also allows hackers to determine the easiest points of entry in a network. While it is possible to sniff wired connections, network sniffing is much easier with wireless connections since it can be done remotely, whereas in a wired connection, the hacker would have to install the sniffing program on one of the hosts within the system. The ultimate goal of wireless network sniffing is usually to discover the secret WEP key.[9]

Scanning

Scanning is the act of sniffing through tuning in to various radio channels used by devices. Passive scanners allow hackers to listen in on the system without being detected. Passive scanning often allows a hacker to identify the SSID of a network.[9]

Wireless Spoofing

Wireless spoofing attacks open a network up to many other forms of attacks. The hacker constructs frames by filling out fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to other individuals. In the case of values that belong to others, hackers have usually obtained these through sniffing. The three main types of wireless spoofing are: MAC address spoofing, IP spoofing, and Frame spoofing. [9]

Wireless Network Probing

Probing, also known as active scanning, occurs when a hacker sends artificially constructed packets to a target which return useful responses. This allows hackers to collect MAC addresses, as well as IP addresses. Unlike passive scanning, active scanning is possible to detect. [9]

Denial of Service

Hackers often deny service in order to allow themselves more control over a computer network. One method of doing this is jamming air waves so that the LAN is unable to function. Another method is forcing a computer into a "doze" state, during which a hacker is able to steal packets from the computer.[9]

Ethics

While, on the surface, hacking appears completely unethical, there are cases in which it is, in fact, ethical. White hats hack in an attempt to find and fix security problems, and are often hacking into computer systems with the permission of their owners. However, outside of white hat hacking, however, there appears to be nothing ethical about hacking. Hackers break into computer systems in order to accomplish their own agendas, whether that be their own amusement, to spread a message, or to incapacitate part of the web. To do this, they steal passwords, find back ways into the system, or forcibly break into the system, all of which involve entry into an area to which they should not have access. Though, hackers seem to put little weight on the ethics of the situation, as they attack computer systems without regard for those who they are hurting or disabling.

See Also

References

  1. Kizza, Joseph. Computer Network Security. Springer, 2005. eBook.
  2. 2.0 2.1 Tim, Jordan. Hacking: Digital Media and Technological Determinism. Polity, 2008. eBook.
  3. "Timeline: A 40-year history of hacking." CNN Tech. N.p., 19 Nov 2001. Web. 2 Oct 2012.
  4. Mark Ward. "A Brief History of Hacking." BBC News Technology. N.p., 9 June 2011. Web. 2 Oct 2012.
  5. 5.0 5.1 5.2 5.3 5.4 Moore, Robert. Cybercrime: Investigating High-Technology Computer Crime. 2. Elsevier, 2010. eBook.
  6. Simpson, Michael T., Kent Backman, and James E. Corley. Hands-On Ethical Hacking and Network Defense. Cengage Learning, 2010. eBook.
  7. 7.0 7.1 Chabrow, Eric. "7 Levels of Hackers: Applying An Ancient Chinese Lesson: Know Your Enemies." govinfosecurity.com. Information Security Media Group, Corp. , 25 Feb 2012. Web. 4 Oct 2012.
  8. Dion, Dennis. "Script Kiddies and Packet Monkeys - The New Generation of "Hackers"." . SANS Institute, 29 Jan 2001. Web. 4 Oct 2012.
  9. 9.0 9.1 9.2 9.3 9.4 Bidgoli, Hossein. Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management. John Wiley & Sons, 2006. eBook.

(back to index)