1.Introduction To Hacking
The term "hacking" in the 1980's became a buzzword in the media which was taken to be derogatory and which by misuse and overuse was attached to any form of socially non-acceptable computing activity outside of polite society. Within this context "hackers" were assumed to be the fringe society of the computing fraternity, mainly characterized as "youngsters" who did not know any better and who had obtained access to a technology with which they terrorized the world of communications and computing. To be tagged as a "hacker" was to portray a person as member of a less than acceptable group of near criminals whose activities were not be to be undertaken by the upright citizenry. These connotations are in contrast to the use of the term in the 1950's and 1960's when hackers were at least to be tolerated for their potential, though not necessarily displayed in public.
In many ways the early use of the term held a connotation similar to that of a "boffin" during World War II who was characterized as a backroom activist who when left to their own devices could produce some wonderful inventions. Scientists such as Edison (electric light bulb, phonograph, etc.), Fleming (penicillin), Barnes-Wallis (the bouncing bomb and swept wing aircraft), Watson-Watt (radar) and possibly even Babbage (the difference and analytical engines), may have been honored to be identified as hackers. Only in more recent times has there been confusion between the terms "hacker", "petty criminal" and possibly "nerd".
1.1 What is hacking?
The process of attempting to gain, or successfully gaining, unauthorized access to computer resources for the purpose of mischievous or malicious use, modification, destruction or disclosure of those resources. The concept of hacking as a methodology to achieve some particular goal has the allusion of working at something by experimentation or empirical means, learning about the process under review or development by ad hoc mechanisms. This may have had an origin from the use of the term "v.t. to chop or cut roughly. v.i. to make rough cuts" as in the process of empirical development where numerous different routes are explored in a search for the most effective approach to a solution, but without necessarily having planned a prearranged ordering of search or necessarily a methodology for evaluation. To chance upon a solution through "hacking through a problem" is often as educational as structured learning, and thus it is not nreasonable to approach a problem in a field which is devoid of structure and methodology by "hacking".
1.2 The history of hacking & how it has grown from over time
1966, Robert Morris Sr., the future NSA chief scientist, decides to mutate these early hacker wars into the first "safe hacking" environment. He and the two friends who code it call their game "Darwin." Later "Darwin" becomes "Core War," a free-form comput er game played to this day by some of the berets of uberhackers.
1969 turns out to be the most portent-filled year yet for hacking. In that year the Defense Department's Advanced Research Projects Agency funds a second project to hook up four mainframe computer so researchers can share their resources. This system doesn't boast the vector graphics of the Plato system. Its terminals just show ASCII characters: letters and numbers.
1969 John Goltz teams up with a money man to found CompuServe using the new packet switched technology being pioneered by ARPAnet. Also in 1969 we see a remarkable birth at Bell Labs as Ken Thompson invents a new operating system: UNIX. It is to become the gold standard of hacking and the Internet, the operating system with the power to form miracles of computer legerdemain.
1978, Ward Christenson and Randy Suess create the first personal computer bulletin board system. Soon, linked by nothing more than the long distance telephone network and these bulletin board nodes, hackers create a new, private cyberspace. Phreaking becomes more important than ever to connect to distant BBSs.
1984 Emmanuel Goldstein launches 2600: The Hacker Quarterly and the Legion of Doom hacker gang forms. Congress passes the Comprehensive Crime Control Act giving the US Secret Service jurisdiction over computer fraud. Fred Cohen, at Carnegie Melon University writes his PhD thesis on the brand new, never heard of thing called computer viruses.
June 1990 Mitch Kapor and John Perry Barlow react to the excesses of all these raids to found the Electronic Frontier Foundation. Its initial purpose is to protect hackers. They succeed in getting law enforcement to back off the hacker community
In 1993, Marc Andreesson and Eric Bina of the National Center for Supercomputing Applications release Mosaic, the first WWW browser that can show graphics. Finally, after the fade out of the Plato of twenty years past, we have decent graphics! This time, however, these graphics are here to stay. Soon the Web becomes the number one way that hackers boast and spread the codes for their exploits. Bulletin boards, with their tightly held secrets, fade from the scene.
In 1998, Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for 30 seconds, shows two Russian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. They decide to blow up the world anyway. In January, the federal Bureau of Labor Statistics is inundated for days with hundreds of thousands of fake information requests, a hacker attack called "spamming." Hackers break into United Nation's Children Fund Web site, threatening a "holocaust" if Kevin Mitnick is not freed.
1.3 Hacker
A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never, ever intentionally damage data
1.4 Cracker
A cracker is a person who breaks into or otherwise violates the system integrity of remote machines, with malicious intent. Crackers, having gained unauthorized access, destroy vital data, deny legitimate users service, or basically cause problems for their targets. Crackers can easily be identified because their actions are malicious.
1.5 Why do crackers exists?
Crackers exist because they must. Because human nature is just so, frequently driven by a desire to destroy instead of create. No more complex explanation need be given. The only issue here is what type of cracker we are talking about. Some crackers crack for profit. These may land on the battlefield, squarely between two competing companies. Perhaps Company A wants to disable the site of Company B. There are crackers for hire. They will break into almost any type of system you like, for a price. Some of these crackers get involved with criminal schemes, such as retrieving lists of TRW profiles. These are then used to apply for credit cards under the names of those on the list. Other common pursuits are cell-phone cloning, piracy schemes, and garden-variety fraud. Other crackers are kids who demonstrate an extraordinary ability to assimilate highly technical computer knowledge. They may just be getting their kicks at the expense of their targets.
1.6 Difference between hacker and cracker.
Modern hackers, however, reach deeper still. They probe the system, often at a microcosmic level, finding holes in software and snags in logic. They write programs to check the integrity of other programs. Thus, when a hacker creates a program that can automatically check the security structure of a remote machine, this represents a desire to better what now exists. It is creation and improvement through the process of analysis.
In contrast, crackers rarely write their own programs. Instead, they beg, borrow, or steal tools from others. They use these tools not to improve Internet security, but to subvert it. They have technique, perhaps, but seldom possess programming skills or imagination. They learn all the holes and may be exceptionally talented at practicing their dark arts, but they remain limited. A true cracker creates nothing and destroys much. His chief pleasure comes from disrupting or otherwise adversely affecting the computer services of others.
This is the division of hacker and cracker. Both are powerful forces on the Internet, and both will remain permanently. And, as you have probably guessed by now, some individuals may qualify for both categories. The very existence of such individuals assists in further clouding the division between these two odd groups of people. Now, I know that real hackers reading this are saying to them "There is no such thing as this creature you are talking about. One is either a hacker or a cracker and there's no more to it.
1.7 Which operating system crackers use?
Operating systems used by crackers vary. Macintosh is the least likely platform for a cracker; there simply aren't enough tools available for MacOS, and the tools needed are too much trouble to port. UNIX is the most likely platform and of that class, probably FreeBSD or Linux.
The most obvious reason for this is cost. For the price of a $39 book on Linux (with the accompanying CD-ROM), a cracker gets everything he could ever need in the way of tools: C, C++, Smalltalk, Perl, TCP/IP, and much more. Moreover, he gets the full source code to his operating system.
This cost issue is not trivial. Even older workstations can be expensive. Your money will buy more computing power if you stay with an IBM compatible. Today, you can get a 100MHz PC with 8MB of RAM for $300. You can put either FreeBSD or Linux on that machine and suddenly, you have a powerful workstation. Conversely, that same $300 might buy you a 25MHz SPARCstation 1 with a disk, monitor, and keyboard kit. Or perhaps an ELC with an external disk and 16MB of RAM. Compounding this is the problem of software. If you get an old Sun, chances are that you will also be receiving SunOS 4.1.x. If so, a C compiler (cc) comes stock. However, if you buy an RS/6000 with AIX 4.1.x, you get a better deal on the machine but you are forced to get a C compiler. This will probably entail getting GCC from the Internet. As you might guess, a C compiler is imperative. Without it, you cannot build the majority of tools distributed from the void. This is a big consideration and one reason that Linux is becoming much more popular.
I should mention that professional crackers (those who get paid for their work) can probably afford any system. You can bet that those forces in American intelligence investigating cyber war are using some extreme computing power. For these individuals, licensing and cost are not issues.
SUN
It is fairly common to see crackers using either SolarisX86 or SCO as a platform. This is because even though these products are license ware, they can easily be obtained. Typically, crackers using these platforms know students or are students. They can therefore take advantage of the enormous discounts offered to educational institutions and students in general. There is a radical difference between the price paid by a student and the price paid by the average man on the street. The identical product's price could differ by hundreds of dollars. Again, because these operating systems run on PC architecture, they are still more economical alternatives. (SolarisX86 2.4 became enormously popular after support was added for standard IDE drives and CD-ROM devices. Prior to the 2.4 driver update, the system supported only SCSI drives: a slightly more expensive proposition.) And of course, one can always order demo disks from Sun and simply keep the distribution, even though you are in violation of the license.
UNIX
UNIX platforms are popular because they generally require a low overhead. A machine with Windows 95 and all the trimmings requires a lot of RAM; in contrast, you can run Linux or FreeBSD on a paltry 386 and gain good performance (provided, of course, that you do not use X). This is reasonable, too, because even tools that have been written for use in the X environment usually have a command-line interface as well (for example, you can run SATAN in CLI).
MICROSOFT
The Microsoft platform supports many legitimate security tools that can be used to attack remote hosts. Of that class, more and more crackers are using Windows NT. It outperforms 95 by a wide margin and has advanced tools for networking as well. Also, Windows NT is a more serious platform in terms of security. It has access control as well, so crackers can safely offer remote services to their buddies. If those "friends" log in and attempt to trash the system, they will be faced with the same controls as they would on a non-cracker-friendly box.
Moreover, NT is becoming more popular because crackers know they must learn this platform. As NT becomes a more popular platform for Internet servers (and it will, with the recent commitments between DEC and Microsoft), crackers will need to know how to crack these machines. Moreover, security professionals will also develop tools to test internal NT security. Thus, you will see a dramatic rise in the use of NT as a cracking platform.
1.8 Why do people hack?
There is an on-going debate about the definition of the word hacker. A hacker can be anyone with a deep interest in computer-based technology; it does not necessarily define someone who wants to do harm. The term attacker can be used to describe a malicious hacker. Another term for an attacker is a black hat. Security analysts are often called white hats, and white-hat analysis is the use of hacking for defensive purposes.
Attackers' motivations vary greatly. Some of the most notorious hackers are high school kids in their basements planted in front of their computers looking for ways to exploit computer systems. Other attackers are disgruntled employees seeking revenge on a company. And still other attacks are motivated by the sheer challenge of penetrating a well-secured system.
Just for fun
Show off
Hack other systems secretly
Notify many people their thought
Steal important information
Destroy enemy’s computer network during the war.
Spite--Plainly stated, the cracker may dislike you. Perhaps he is a disgruntled employee from your company. Perhaps you flamed him in a Usenet group. One common scenario is for a cracker to crack an ISP with which he once had an account. Perhaps the ISP discovered the cracker was cracking other networks or storing warez on its box. For whatever reason, the ISP terminated the cracker's account, and now the cracker is out for revenge.
Sport--Perhaps you have been bragging about the security of your system, telling people it's impenetrable. Or worse, you own a brand-spanking-new system that the cracker has never dealt with before. These are challenges a cracker cannot resist.
Profit--Someone pays a cracker to bring you down or to get your proprietary data.
Stupidity--Many crackers want to impress their friends, so they purposefully undertake acts that will bring the FBI to their door. These are mostly kids.
Curiosity--Many crack purely for sake of curiosity, simple enjoyment of the process, or out of boredom.
Politics--A small (but significant) percentage of crackers crack for political reasons. That is, they seek press coverage to highlight a particular issue. This could be animal rights, arms control, free speech, and so forth. This phenomenon is much more common in Europe than in the U.S. Americans fall victim to pride or avarice far more often than they do to ideology.
No comments:
Post a Comment