Since the day it was invented in the late fifties, computer technology has developed immeasurably. People nowadays depend on computers for almost everything as it is now capable in handling large amounts of data in a very short time. We are not only able to use personal computers for simple tasks like keeping track of household budgets but more complex tasks like transferring money now can be made at a click of a mouse while we are in our bedroom or anywhere and anytime for that matter.
However, as with any new advancement in science, the developments in information technology (IT), while contributing to society by way of providing convenience, also has its dark side. Cyber crimes in the form of hacking are just one of the serious problems that came with the invention of computers since its early days.
CYBER CRIMES
Hacking usually refers to the act of breaking into computer systems. Hackers usually steal and manipulate information from other databases.
Eric Raymond, compiler of ‘The New Hacker’s Dictionary’ defines a hacker as a clever programmer. A “good hack” is a clever solution to a programming problem and hacking is the act of doing it. Raymond lists five possible characteristics that qualify ones as a hacker which are:
Eric Raymond, compiler of ‘The New Hacker’s Dictionary’ defines a hacker as a clever programmer. A “good hack” is a clever solution to a programming problem and hacking is the act of doing it. Raymond lists five possible characteristics that qualify ones as a hacker which are:
- A person who enjoys learning details of a programming language or system
- A person who enjoys actually doing the programming rather than just theorizing about it
- A person capable of appreciating someone else’s hacking
- A person who picks up programming quickly
- A person who is an expert at a particular programming language or system
In common usage, a hacker is a person who breaks into computers and computer networks, either for profit or motivated by the challenge. The subculture that has evolved around hackers is often referred to as the ‘computer underground’ but is now an open community.
HISTORY OF HACKING
The term hacker can be traced back to Massachusetts Institute Technology (MIT) during the 60s. MIT was the first institution to offer a course in computer programming and computer science and it is here in 1960 where a group of MIT students taking a lab on Artificial Intelligence first coined this word. These students called themselves hackers because they were able to take programs and have them perform action not intended for that program. The term was developed on the basis of a particle joke and feeling of excitement because the team member would “hack away” at the keyboard hours at a time.
Hacking developed alongside “Phone Phreaking”, a term referred to exploration of the phone network without authorization, and there has often been overlap between both technology and participants. The first recorded hack was accomplished by Joe Engressia also known as The Whistler. Later came to be known as the grandfather of Phreakin, Engressia’s hacking technique was that he could perfectly whistle a tone into a phone and make a free call.
American science fiction author Bruce Sterling traces part of the roots of the computer underground to the Yippies (yuppies + hippies), a 1960s counterculture movement which published the Technological Assistance Program (TAP) newsletter. Other sources of early 70s hacker culture can be traced towards more beneficial forms of hacking, including MIT labs or a defunct computer hobbyist club in Silicon Valley called the Homebrew Computer Club (which members include high-profile hackers and IT entrepreneurs including the founders of Apple Inc.), which later resulted in such thing as early personal computer or the open source movement (practice that promotes access to the end product's source materials such as free sharing of technological information).
Hacking developed alongside “Phone Phreaking”, a term referred to exploration of the phone network without authorization, and there has often been overlap between both technology and participants. The first recorded hack was accomplished by Joe Engressia also known as The Whistler. Later came to be known as the grandfather of Phreakin, Engressia’s hacking technique was that he could perfectly whistle a tone into a phone and make a free call.
American science fiction author Bruce Sterling traces part of the roots of the computer underground to the Yippies (yuppies + hippies), a 1960s counterculture movement which published the Technological Assistance Program (TAP) newsletter. Other sources of early 70s hacker culture can be traced towards more beneficial forms of hacking, including MIT labs or a defunct computer hobbyist club in Silicon Valley called the Homebrew Computer Club (which members include high-profile hackers and IT entrepreneurs including the founders of Apple Inc.), which later resulted in such thing as early personal computer or the open source movement (practice that promotes access to the end product's source materials such as free sharing of technological information).
DIFFERENT BREEDS OF HACKERS
Hackers can be divided into different categories according to their purpose or principle behind their act of hacking. There are five types of hackers:
White Hat
A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. This classification also includes individuals who perform penetration tests and vulnerability assessment within a contractual agreement. This type of hacker often called an ethical hacker.
Black hat
A black hat hacker, sometimes called "cracker", is someone who breaks computer security without authorisation or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy or other types of illegal activity.
Grey Hat
A grey hat hacker is a combination of a black hat hacker and a white hat hacker. A grey hat hacker will surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked. Then they will offer to repair their system for a small fee.
Blue Hat
A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term Blue Hat to represent a series of security briefing events.
Script Kiddie
A script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept – hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child – an individual lacking knowledge and experience, immature).
White Hat
A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. This classification also includes individuals who perform penetration tests and vulnerability assessment within a contractual agreement. This type of hacker often called an ethical hacker.
Black hat
A black hat hacker, sometimes called "cracker", is someone who breaks computer security without authorisation or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy or other types of illegal activity.
Grey Hat
A grey hat hacker is a combination of a black hat hacker and a white hat hacker. A grey hat hacker will surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked. Then they will offer to repair their system for a small fee.
Blue Hat
A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term Blue Hat to represent a series of security briefing events.
Script Kiddie
A script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept – hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child – an individual lacking knowledge and experience, immature).
COMMON HACKING METHODS
Usually there are three methods in an attack on Internet-connected system. The typical approaches are:
- Network enumeration: Discovering information about the intended target.
- Vulnerability analysis: Identifying potential ways of attack.
- Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.
FAMOUS HACKERS
Hackers has always portrayed by the media as the high-tech super-spy or the geeky anti-social teen who is simply looking for entertainment. The truth is hackers are a bunch of group that can cause billions of dollars in damages. However, there are also hackers who managed to found major tech companies such as the famous Steve Jobs and Steve Wozniak of Apple Computers. Here are some of the most legendary ‘black hat’ hackers:
Jonathan James
James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was just 16 at the time of sentencing. In an anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was the challenge to see what I could pull off”.
James’s major intrusions targeted high-profile organisations. He installed a backdoor into a Defense Threat Reduction Agency (DTRA) server. The DTRA is an agency of the Department of Defense in charge of reducing the threat to the US and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately US$1.7 million. According to the Department of Justice, "The software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, "The code itself was crappy... certainly not worth $1.7 million like they claimed."
Given the extent of his intrusions, if James, also known as "c0mrade," had been an adult he would likely have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he's learned his lesson and might start a computer security company.
Adrian Lamo
Lamo's claim to fame is his break-ins at major organisations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's (printing shop), coffee shops and libraries to do his intrusions. In a profile article, ‘He Hacks by Day, Squats by Night’, Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in DC. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
Things got serious when he broke into The New York Times' intranet. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately US$65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Remarkably, Lamo is currently working as an award-winning journalist and public speaker.
Kevin Mitnick
A self-proclaimed "hacker poster boy," Mitnick went through a highly publicised pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as "the most wanted computer criminal in United States’ history." His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.
His troublemaking ways took a different turn when he went on a two and a half year "coast-to-coast hacking spree." A CNN article entitled ‘Legendary Computer Hacker Released from Prison’, reported that "he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defence warning system." He then hacked into computer expert and fellow hacker Tsutomu Shimomura's home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and became a productive member of society. He served five years, about eight months of it in solitary confinement. He is now a computer security consultant, author and speaker.
Kevin Poulsen
Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio's KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him "the Hannibal Lecter of computer crime."
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones. Poulsen's most famous hack, KIIS-FM, was accomplished by taking over all of the station's phone lines. In a related feat, Poulsen also "reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency." Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.
Robert Tappan Morris:
Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined US$10,500.
Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.
James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was just 16 at the time of sentencing. In an anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was the challenge to see what I could pull off”.
James’s major intrusions targeted high-profile organisations. He installed a backdoor into a Defense Threat Reduction Agency (DTRA) server. The DTRA is an agency of the Department of Defense in charge of reducing the threat to the US and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately US$1.7 million. According to the Department of Justice, "The software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, "The code itself was crappy... certainly not worth $1.7 million like they claimed."
Given the extent of his intrusions, if James, also known as "c0mrade," had been an adult he would likely have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he's learned his lesson and might start a computer security company.
Adrian Lamo
Lamo's claim to fame is his break-ins at major organisations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's (printing shop), coffee shops and libraries to do his intrusions. In a profile article, ‘He Hacks by Day, Squats by Night’, Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in DC. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
Things got serious when he broke into The New York Times' intranet. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately US$65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Remarkably, Lamo is currently working as an award-winning journalist and public speaker.
Kevin Mitnick
A self-proclaimed "hacker poster boy," Mitnick went through a highly publicised pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as "the most wanted computer criminal in United States’ history." His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.
His troublemaking ways took a different turn when he went on a two and a half year "coast-to-coast hacking spree." A CNN article entitled ‘Legendary Computer Hacker Released from Prison’, reported that "he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defence warning system." He then hacked into computer expert and fellow hacker Tsutomu Shimomura's home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and became a productive member of society. He served five years, about eight months of it in solitary confinement. He is now a computer security consultant, author and speaker.
Kevin Poulsen
Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio's KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him "the Hannibal Lecter of computer crime."
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones. Poulsen's most famous hack, KIIS-FM, was accomplished by taking over all of the station's phone lines. In a related feat, Poulsen also "reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency." Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.
Robert Tappan Morris:
Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined US$10,500.
Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.
FROM MISDEEDS TO GOOD DEEDS
Sure many people tend to strongly disagree with what hackers do. But hackers can contribute to betterment of a human kind. These highly skilled breed of computer experts have the ability to contribute to the stability of the dissemination of information via the virtual world. There are hackers that were hired by intelligence agencies and big IT companies for their expertise.
Like it or not, no one would be more qualified to resolve the nuisance of hack attacks than hackers themselves. For one, the hackers listed above ended up contributing to society using their specialised skills and experience after serving time for their crime. The famous Steve duo of Apple Computers came up to be two of the biggest names in the IT industry who had done very well for themselves without getting in trouble with the law. This shows that hackers can do something positive with the knowledge.
Sources: Wikipedia and www.focus.com
Like it or not, no one would be more qualified to resolve the nuisance of hack attacks than hackers themselves. For one, the hackers listed above ended up contributing to society using their specialised skills and experience after serving time for their crime. The famous Steve duo of Apple Computers came up to be two of the biggest names in the IT industry who had done very well for themselves without getting in trouble with the law. This shows that hackers can do something positive with the knowledge.
Sources: Wikipedia and www.focus.com
No comments:
Post a Comment