Netweek
Netweek Features The 10... Archives Write Subscribe
Netweek


features.gif (2700 bytes) Hackers and Hacking by Doug Smith

 

hacker.gif (2668 bytes)Hackers. You know them as gangly kids with radiation tans induced by too many late nights in front of a computer screen. Evil beings who have the power to wipe out your credit rating, cancel your cable TV, raise your insurance premiums, and raid your social security pension. Eccentrics who always avert their eyes and mumble under their breath about black helicopters and CIA transmissions. Paranoid social deviants who could start World War III from the privacy of their bedrooms. Or so the mainstream media would have you believe.

In reality, most hackers are ordinary people with a great deal of curiosity, above-average skills with a computer, a good understanding of human nature, and plenty of time to kill. Hackers have no distinguishing characteristics. Your next door neighbor could be a hacker, as could your niece or nephew, one of your co-workers, or even the kid who serves you coffee in the morning. Not all hackers are dangerous and out to destroy business or damage lives.

The view of the general public toward hackers is mixed. A recent CNN poll shows 33% of respondents labeling hackers as "useful," 17% seeing them "as a menace," and the majority (45%) seeing hackers as "both" useful and a menace.

OVERVIEW

Hackers come in all sizes and shapes, but the type you hear the most about are network hackers, software hackers, and developers of virus and trojan horses.

Network hackers generally will try to gain unauthorized access to private computer networks. Some will hack in just for the challenge, others will do so to look around and satisfy their curiosity, others will do so in an attempt to "liberate" (distribute) the information contained therein, and some will hack in to do damage. Network hackers employ strategies that they refer to as cracking to gain access. Such strategies include bombarding web servers with bogus access requests until it cries uncle, or flooding a mail server with mail until it crashes, spilling sensitive access information all over the net. Another common cracking strategy entails stealing, guessing, or cajoling passwords from users in order to gain complete access to a site or network.

A software hacker attempts to get around software security measures, such as registration, expiration dates, user limits, passwords, and serial number. Software hackers thumb their noses at copyright protections and ignore license agreements by using the Internet to distribute illegally obtained copies of costly applications.

Perhaps the most malicious and dangerous form of hacking has to do with the building and distribution of viruses, worms, and Trojan horses. Though these types of hacks can be harmless, more times than not they cause damage and cause hassle to individuals and companies.

Viruses are programs that attach themselves to a single file and slowly but methodically replicate themselves, spreading from one file to another until your hard disk is filled with copies of the virus code. Viruses often unintentionally damage the files they infect, and some have been known to destroy years worth of work. Worms use a host computer's resources to replicate and spread from machine to machine throughout an entire network. Finally, a Trojan Horse is a program that fools the user into thinking it is doing one thing while it does something else entirely. A common ploy is to hide destructive code inside of an innocuous-looking game or silly multimedia animation. When the user tries to play the game or start the animation, the Trojan Horse erases the poor sap's hard drive or uses his modem to blast personal data across the Internet. The best way to protect against these attacks is to be diligent with programs and have up-to-date virus detection software in use at all times.

Network hackers take great pains to distinguish themselves from the more common software hackers and virus developers. While many software hackers and virus developers seem to act out of self-interest or with evil intent, true hackers see themselves as latter-day Magellans, exploring the electronic frontier to locate and share knowledge.

ARGUMENTS IN FAVOR

Proponents of hacking characterize hackers as intelligent individuals with a great deal of technological skill who see telephones, computers, and networks not as tools, but as toys to be enjoyed. They hack for the challenge and to satisfy their own curiosity. Most hackers try to avoid inflicting harm on the networks they conquer.

Emmanuel Goldstein, the editor-in-chief of 2600:The Hacker Quarterly, pointed out in a recent CNN interview that "While it's certainly possible to use hacking to commit a crime, once you do this you cease being a hacker and commence being a criminal."

This distinction is important within the Hacker subculture. Hackers see hacking as the free distribution of information and not as a crime. Many feel that hackers may infringe on the privacy rights of a few, but they help protect larger society by pointing out weaknesses in computer and network systems.

Goldstein continues, "I'm the first to say that people who cause damage should be punished, but I really don't think prison should be considered for something like this unless the offender is a true risk to society."

ARGUMENTS AGAINST

Those who oppose hacking see it as a serious crime, because hacking generally entails unauthorized entry and access to computer and/or network systems. Hacking opponents see hacks as damaging even if no information is taken or damaged. Most hacking attempts slow down networks, stealing computer time from legitimate users and squandering expensive system resources. Many critics equate the curious hacker who merely snoops around to a criminal who breaks into a house, changes the locks, turns on all the lights, the air conditioner, and other appliances, takes a long shower or two, and goes through personal belongings, but does not steal any tangible objects.

THE KEVIN MITNICK CASE

freekev.jpg (6191 bytes)The hacking subculture sees imprisoned "super hacker" Kevin Mitnick as a poster child for the cause of hacking. The hackers say that Mitnick has been unfairly targeted and imprisoned, while his opponents cite the millions in damages for which they claim Mitnick is responsible.

Mitnick has been in prison since 1995, held on a 25 count indictment with charges ranging from wire fraud to illegal possession of stolen computer files. At one time Mitnick was on the FBI's Most Wanted list.

Interestingly, Mitnick has been held without bail since his arrest, and has been held for over four years without a trial. He is currently housed in a Los Angeles facility reserved for violent criminals. Additionally, he was allowed no computer access until recently to review some 10 gigabytes of evidence against him.

Mitnick recently signed a plea bargain that may set him free after another year in prison. In the plea bargain, Mitnick admits his hacking activities caused between 5 and 10 million dollars in losses to the companies named in the indictment. Mitnick will not be allowed to tell his story for seven years, or be allowed to touch computers or other forms of high technology for three years.

WHAT TO DO

Whatever stance you take on the hacking issue, it's still a good idea to protect your computer, data, or network.

The best way to protect yourself is to back up your most important data files to disk or tape every day. Avoid downloading and opening executable files from sources you do not know and trust. Choose passwords consisting of nonsense words that cannot easily be guessed, don't give them out to anybody, and change them occasionally. Don't open files attached to e-mail messages. And finally, keep informed. Monitor the International Computer Security Association, Symantec Antivirus Research Center, and the other resources listed below to stay abreast of new threats and tools that can help protect your data from malicious attacks.

We must accept one fact: information wants to be free. Information caretakers must be ever-vigilant: once information is made available to some, others will try to access that information if they can. The key words to remember are if they can.

Computer Emergency Response Team
CERT, a government-sponsored agency, was formed in 1988 to address Internet security threats.

Computer Security Institute
A private organization that trains and educates members on computer and network security issues. 

The New Hacker's Dictionary
The online version of "The New Hacker's Dictionary" (1996, MIT Press) compiled by self-described hacker Eric S. Raymond.

2600, The Hacker Quarterly
Articles for and about hackers, written by hackers.

The Hacker's Ethic
An adaptation of principles for hackers. 

Active Matrix's Hideaway
Site includes a dictionary, chat room and media center.

Hackers' Hall of Fame
Highlights the activities of several well-known hackers.

Return to Feature List