T hanks to the media, the word “hacker” has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there’s no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community. The term computer hacker first showed up in the mid-1960s. A hacker was a programmer — someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers — they saw the potential of what computers could do and created ways to achieve that potential. A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug — a section of bad code that prevented the program from working properly — hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they’d happily do for free. As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning — a person using computers to explore a network to which he or she didn’t belong. Usually hackers didn’t have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge. In fact, that’s still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious — they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors. Let us explore the common techniques hackers use to infiltrate systems. We’ll examine hacker culture and the various kinds of hackers as well as learn about famous hackers, some of whom have run afoul of the law.
The Hacker Toolbox
The main resource hackers rely upon, apart from their own ingenuity, is computer code. While there is a large community of hackers on the Internet, only a relatively small number of hackers actually program code. Many hackers seek out and download code written by other people. There are thousands of different programs hackers use to explore computers and networks. These programs give hackers a lot of power over innocent users and organizations — once a skilled hacker knows how a system works, he can design programs that exploit it.
Malicious hackers use programs to:
Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim’s computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone’s identity.
Hack passwords: There are many ways to hack someone’s password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields.
Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system’s hard drive. A hacker might install a virus by infiltrating a system, but it’s much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker’s system. The hacker can secretly control the victim’s computer, using it to commit crimes or spread spam.
Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages — the Internet’s equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won’t be able to read it.
Individually, many hackers are antisocial. Their intense interest in computers and programming can become a communication barrier. Left to his or her own devices, a hacker can spend hours working on a computer program while neglecting everything else.Computer networks gave hackers a way to associate with other people with their same interests. Before the Internet became easily accessible, hackers would set up and visit bulletin board systems (BBS). A hacker could host a bulletin board system on his or her computer and let people dial into the system to send messages, share information, play games and download programs. As hackers found one another, information exchanges increased dramatically. Some hackers posted their accomplishments on a BBS, boasting about infiltrating secure systems. Often they would upload a document from their victims’ databases to prove their claims. By the early 1990s, law enforcement officials considered hackers an enormous security threat. There seemed to be hundreds of people who could hack into the world’s most secure systems at will [/source]. There are many Web sites dedicated to hacking. The hacker journal “2600: The Hacker Quarterly” has its own site, complete with a live broadcast section dedicated to hacker topics. The print version is still available on newsstands. Web sites like Hacker.org promote learning and include puzzles and competitions for hackers to test their skills.
When caught — either by law enforcement or corporations — some hackers admit that they could have caused massive problems. Most hackers don’t want to cause trouble; instead, they hack into systems just because they wanted to know how the systems work. To a hacker, a secure system is like Mt. Everest — he or she infiltrates it for the sheer challenge. In the United States, a hacker can get into trouble for just entering a system. The Computer Fraud and Abuse Act out laws unauthorized access to computer systems.
Hackers and Crackers
Many computer programmers insist that the word “hacker” applies only to law-abiding enthusiasts who help create programs and applications or improve computer security. Anyone using his or her skills maliciously isn’t a hacker at all, but a cracker. Crackers infiltrate systems and cause mischief, or worse. Unfortunately, most people outside the hacker community use the word as a negative term because they don’t understand the distinction between hackers and crackers. Not all hackers try to explore forbidden computer systems. Some use their talents and knowledge to create better software and security measures. In fact, many hackers who once used their skills to break into systems now put that knowledge and ingenuity to use by creating more comprehensive security measures. In a way, the Internet is a battleground between different kinds of hackers — the bad guys, or black hats, who try to infiltrate systems or spread viruses, and the good guys, or white hats, who bolster security systems and develop powerful virus protection software. Hackers on both sides overwhelmingly support open source software, programs in which the source code is available for anyone to study, copy, distribute and modify. With open source software, hackers can learn from other hackers’ experiences and help make programs work better than they did before. Programs might range from simple applications to complex operating systems like Linux. There are several annual hacker events, most of which promote responsible behavior. A yearly convention in Las Vegas called DEFCON sees thousands of attendees gather to exchange programs, compete in contests, participate in panel discussions about hacking and computer development and generally promote the pursuit of satisfying curiosity. A similar event called the Chaos Communication Camp combines low-tech living arrangements — most attendees stay in tents — and high-tech conversation and activities.
Hackers and the Law
In general, most governments aren’t too crazy about hackers. Hackers’ ability to slip in and out of computers undetected, stealing classified information when it amuses them, is enough to give a government official a nightmare. Secret information, or intelligence, is incredibly important. Many government agents won’t take the time to differentiate between a curious hacker who wants to test his skills on an advanced security system and a spy. Laws reflect this attitude. In India, there are several laws forbidding the practice of hacking. Distribution and use of codes and devices that give hackers unauthorized access to computer systems. The language of the law only specifies using or creating such a device with the intent to defraud, so an accused hacker could argue he just used the devices to learn how security systems worked. Another important law forbids unauthorized access to government computers. Even if a hacker just wants to get into the system, he or she could be breaking the law and be punished for accessing a non public government computer [Source: Department of Justice]. Punishments range from hefty fines to jail time. Minor offenses may earn a hacker as little as six months’ probation, while other offenses can result in a maximum sentence of 20 years in jail. One formula on the Department of Justice’s Web page factors in the financial damage a hacker causes, added to the number of his victims to determine an appropriate punishment.
Hacking a Living
Hackers who obey the law can make a good living. Several companies hire hackers to test their security systems for flaws. Hackers can also make their fortunes by creating useful programs and applications, other countries have similar laws, some much more vague than legislation in the U.S. A recent German law forbids possession of “hacker tools.” Critics say that the law is too broad and that many legitimate applications fall under its vague definition of hacker tools. Some point out that under this legislation, companies would be breaking the law if they hired hackers to look for flaws in their security systems Hackers can commit crimes in one country while sitting comfortably in front of their computers on the other side of the world. Therefore, prosecuting a hacker is a complicated process. Law enforcement officials have to petition countries to extradite suspects in order to hold a trial, and this process can take years. One famous case is the United States’ indictment of hacker Gary McKinnon. Since 2002, McKinnon fought extradition charges to the U.S. for hacking into the Department of Defence and NASA computer systems. McKinnon, who hacked from the United Kingdom, defended himself by claiming that he merely pointed out flaws in important security systems. In April 2007, his battle against extradition came to an end when the British courts denied his appeal. It’s likely that there are thousands of hackers active online today, but an accurate count is impossible. Many hackers don’t really know what they are doing — they’re just using dangerous tools they don’t completely understand. Others know what they’re doing so well that they can slip in and out of systems without anyone ever knowing