Our first ‘‘intermission” begins by taking time out to define the terms hacker, cracker, phreak, and cyberpunk. This is necessary, because they are often used interchangeably; for example, a hacker could also be a cracker; a phreak may use hacking techniques; and so on. To help pinpoint the specifics of each of these, let’s define how they’re related:
• A hacker is typically a person who is totally immersed in computer technology and computer programming, someone who likes to examine the code of operating sys tems and other programs to see how they work. This individual then uses his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data on those systems. At that point, this individual would steal information, carry out corporate espionage, and install backdoors, virii, and Trojans.
• A cracker is a person who circumvents or defeats the security measures of a network or particular computer system to gain unauthorized access. The classic goal of a cracker is to obtain information illegally from a computer system to use computer resources illegally.
Nevertheless, the main goal of the majority is to merely break into the system.
• A phreak is a person who breaks into telephone networks or other secured telecommunication systems. For example, in the 1970s, the telephone system used audible tones as switching signals; phone phreaks used their own custom-built hardware to match the tones to steal long- distance services. Despite the sophisticated security barriers used by most providers today, service theft such as this is quite common globally.
• The cyberpunk can be considered a recent mutation that combines the characteristics of the hacker, cracker, and phreak. A very dangerous combination indeed.
It has become an undeniable reality that to successfully prevent being hacked, one must think like a hacker, function like a hacker, and, therefore, become a hacker.
Acknowledging participation from legendary hacker Shadowlord and various members of the Underground hacker community, who wish to remain anonymous, the remainder of this intermission will address hacking background, hacker style, and the portrait of a hacker.
What Is Hacking?
Hacking might be exemplified as inappropriate applications of ingenuity; and whether the result is a practical joke, a quick vulnerability exploit, or a carefully crafted security breach, one has to admire the technological expertise that was applied.
For the purpose of conciseness, this section treats as a single entity the characteristics of hackers, crackers, and phreaks.
Perhaps the best description of hacking, however, is attributed to John Vranesevich, founder of AntiOnline (an online security Web site with a close eye on hacker activity). He called hacking the
“result of typical inspirations.” Among these inspirations are communal, technological, political, economical, and governmental motivations:
• The communal hacker is the most common type and can be compared to a talented graffiti
“artist” spraying disfiguring paint on lavish edifices. This personality normally derives from the need to control or to gain acceptance and/or group supremacy.
• The technological hacker is encouraged by the lack of technology progression. By exploiting defects, this individual forces advancements in software and hardware development.
• Similar to an activist’s rationale, the political hacker has a message he or she wants to be heard. This requirement compels the hacker to routinely target the press or governmental entities.
• The economical hacker is analogous to a common thief or bank robber. This person commits crimes such as corporate espionage and credit card fraud for personal gain or profit.
• Though all forms of hacking are illegal, none compares to the implications raised by the governmental hacker. The government analogizes this profile to the common terrorist.
Exposing the Criminal
The computer security problem includes not only hardware on local area networks, but more importantly, the information contained by those systems and potential vulnerabilities to remote- access breaches.
Market research reveals that computer security increasingly is the area of greatest concern among technology corporations. Among industrial security managers in one study, computer security ranked as the top threat to people, buildings, and assets (Check Point Software Technologies, 2000).
Reported incidents of computer hacking, industrial espionage, or employee sabotage are growing exponentially. Some statistics proclaim that as much as 85 percent of corporate networks contain vulnerabilities.
In order to successfully “lock down” the computer world, we have to start by securing local stations and their networks. Research from management firms including Forrester indicates that more than 70 percent of security executives reveal that their server and Internet platforms are beginning to emerge in response to demand for improved security. Online business-to-business (B2B) transactions will grow to $327 billion in 2002, up from $8 billion last year, according to Deborah Triant, CEO of firewall vendor Check Point Software, in Redwood City, California. But to protect local networks and online transactions, the industry must go beyond simply selling firewall software and long-term service, and provide vulnerable security clarifications. The best way to gain this knowledge is to learn from the real professionals, that is, the hackers, crackers, phreaks, and cyberpunks
Who are these so-called professionals? Common understanding is mostly based on unsubstantiated stories and images from motion pictures. We do know that computer hacking has been around since the inauguration of computer technology. The first hacking case was reported in 1958. According to the offenders, all hackers may not be alike, but they share the same quest—for knowledge. The following excerpt submission from the infamous hacker guru, Mentor, reveals a great deal about this underground community:
Another one got caught today; it’s all over the papers: “Teenager Arrested in Computer Crime Scandal,’’ “Hacker Arrested after Bank Tampering.”
“Damn kids. They’re all alike.”
But did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker; enter my world… .Mine is a world that begins with school. I’m smarter than most of the other kids; this crap they teach us bores me.
“Damn underachiever. They’re all alike.”
I’m in junior high or high school. I’ve listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn’t show my work. I did it in my head… ”
“Damn kid. Probably copied it. They’re all alike.”
I made a discovery today. I found a computer. Wait a second; this is cool. It does what I want it to. If it makes a mistake, it’s because I screwed it up. Not because it doesn’t like me, or feels threatened by me, or thinks I’m a smart-ass, or doesn’t like teaching and shouldn’t be here.
“Damn kid; all he does is play games. They’re all alike.”
And then it happened: a door opened to a world. rushing through the phone line like heroin through an addict’s veins; an electronic pulse is sent out; a refuge from the day-to-day incompetencies is sought; a board is found. “This is it… this is where I belong. I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all… .”
“Damn kid. Tying up the phone line again. They’re all alike.”
You bet your ass we’re all alike; we’ve been spoon-fed baby food at school when we’ve hungered for steak. The bits of meat that you did let slip through were prechewed and tasteless. We’ve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few were like drops of water in the desert. This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it weren’t run by profiteering gluttons. And you call us criminals. We explore. And you call us criminals. We seek after knowledge. And you call us criminals. We exist without skin color, without nationality, without religious bias. And you call us criminals. You build atomic bombs; you wage wars; you murder, cheat, and lie to us, and try to make us believe it’s for our own good, yet we’re the criminals…
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not by what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.
Regardless of the view of hacker as criminal, there seems to be a role for the aspiring hacker in every organization. Think about it: who better to secure a network, the trained administrator or the stealthy hacker? Hackers, crackers, phreaks, and cyberpunks seek to be recognized for their desire to learn, as well as for their knowledge in technologies that are guiding the world into the future. According to members of the Underground, society cannot continue to demonstrate its predisposition against hackers. Hackers want the populace to recognize that they hack because they have reached a plateau;
to them, no higher level of learning exists. To them, it is unfair for the public to regard the hacker, cracker, phreak, and cyberpunk as one malicious group. Still, remember what the Mentor said: “I am a hacker, and this is my manifesto.You may stop this individual, but you can’t stop us all… after all, we’re all alike.”
Profiling the Hacker
Profiling the hacker has been a difficult, if not fruitless undertaking fo r many years now. According to the FBI postings on Cyber-Criminals in 1999, the profile was of a nerd, then of a teen whiz-kid; at one point the hacker was seen as the antisocial underachiever; at another, the social guru. Most hackers have been described as punky and wild, because they think differently, and it is reflected in their style. None of this rings true anymore. A hacker may be the boy or girl next door. A survey of 200 well-known hackers reported that the average age of a hacker is 16-19, 90 percent of whom are male; 70 percent live in the United States. They spend an average of 57 hours a week on the computer; and 98 percent of them believe that they’ll never be caught hacking. The typical hacker probably has at least three of the following qualities:
• Is proficient in C, C++, CGI, or Perl programming languages.
• Has knowledge of TCP/IP, the networking protocol of the Internet.
• Is a heavy user of the Internet, typically for more than 50 hours per week.
• Is intimately familiar with at least two operating systems, one of which is almost certainly UNIX.
• Was or is a computer professional.
• Is a collector of outdated computer hardware and software.
Do any of these characteristics describe you? Do you fit the FBI profile? Could they be watching you? Further observations from the hacker profiles reveal common security class hack attacks among many different hacker groups. Specific penetrations are targeted at Security Classes C1, C2, B1, and B2.