Hacking: modern day threat or hobby? (final)

July 19, 4:13 PMComputer Security ExaminerDylan Wooten

Previous Next

1 comment Print Email RSS Subscribe

Subscribe

Get alerts when there is a new article from the Computer Security Examiner. Read Examiner.com's terms of use.

Email Address   Include other special offers from Examiner.com Terms of Use

When we last visited this subject, we discussed - or attempted thereof - the history of hacking. Today, we look more at what hacking has become in today's society. We examine the differences in hacking - and quite possibly, briefly describe where the idea's came from - and the cultural clique that it has become. Remembering movies like War Games, Sneakers, Hackers, is good and glamorous. Unfortunately, that's not exactly what it is. As we see from "CrashOverride" in Hackers, the screen doesn't turn and twist, there are no fancy colors, there is no virtual world that you can explore that looks like columns of information spread across a server. Hacking in today's society starts with something simple.

>_

That's about where it starts. A prompt. Whether you use a terminal from a GUI in Unix or Linux, or whether you're attempting to strike out at the cyber-community through a Windows box, that's the general principle of the idea of where it starts. Here's another - more in depth example - of what "hacking" looks like in today's society from a linux or unix system.

mysite:~>/usr/sbin/showmount -e victim.site.com
RPC: Program not registered.

So, as we can see, there's no shiney colors, there's no rabbits bouncing across the screen (unless you're just that good and can make that happen), and there's no little "Cookie Monsters" eating away at all of your "cookie" files. It's just simple text. Today there are so many types of what are considered "hackers" that it's nearly impossible to see the individual. We'll be discussing the differences.

So far as anyone can tell without actually being a hacker invited into the world of the true Underground Hacking Community, there are five different attitudes of what hackers are. Within those attitudes, there are hundreds, possibly thousands, of "Hacker Groups." They also hold yearly conferences to help solidify the importance of the computer underground, the most notable of which would be DefCON. Let's list the various types of hacker attitudes.

• White Hat Hacker
• Grey Hat Hacker
• Black Hat Hacker
• Script Kiddie
• Hacktivist

Bear in mind, if you were to know someone who is a Hacker, they might not agree with this, but this is what the social media has come to call these "off-spring of the Cyber Satan." Now that we have identified what the social media has labelled these specialized individuals we will begin to divulge what the social media has decided to describe these individuals with.

The white hat hacker is someone who breaks through the security of a system for "non-malicious" reasons. Instances of things like this can be considered thusly: A white hat hacker would break through a security system to find it's vulnerabilities and then turn that evidence over to the system administrator so that the system administrator can properly plug the holes that were found. Hackers like this enjoy learning and working with computer systems for this reason and have consequently gain a deeper understanding of the subject matter. Hackers like this are sometimes hired by the government to find the governments network vulnerabilities to protect them against the black hat hacker, which we will discuss very soon. Many of the white hat hackers that aren't hired by the government normally wind up as Network Security Consultants and live very fruitful lives. As we can remember, the word "hacker" was originally used to describe these types of individuals.

Now we come across the grey hat hacker. The grey hat hacker is an ambiguous hacker struggling with ethics and wander the lines of legality in their actions. Not much is known in the media concerning these types of hackers and many of them choose to stay underground and live quietly, exploiting systems for their own personal knowledge.

As far as those that can consider themselves black hat hackers, these hackers are those that perform actions against society because they don't like something or the other that's going on. These hackers program virus' and unleash them upon society for their own personal benefit and amusement. They subvert computer security without the authorization and use that technology for personal gain. Examples of this would be the Conficker virus. Other examples of this would be people that are good enough to hack through bank protections and steal numbers or other such numbers that would benefit them against everyone else. They vandalise websites and perpetuate identity theft. But if you were to ask a hacker if they were a black hat hacker, there's no true way to identify one until one is caught. Kevin Mitnik was considered the epitomy of black hat hacking when he started his virtual reign, but this isn't exactly true.

Now. The type of hacker that is probably the most hated type of hacker is called the "script kiddie." These people use other hackers code and programs to their own means. They know enough code to piece together bits and pieces of code and perform actions that they truly had no part in. Most of these people are more like tricksters and jesters. They do things for humor, regardless of the consequences. But I dare you to ask one about it. They'd call themselves true hackers and try and prove it by unleashing work they've taken credit for that they did not do.

The hacktivist is bound to be the most extreme, and quite possibly more dangerous, than the black hat hacker. A hacktivist is someone who utilizes technology to announce a social, idealogical or political message regardless of the consequences. Generally, the hacktivvist will deface websites - like make up websites, the FDA, and government websites against views that they do not agree with. They perform attacks against companies called the "denial of service" attacks. These attacks prevent a company from using their own network for the purposes of practical and legal business. In most cases, hacktivists are called Cyberterrorists and perform such actions.

We've identified the social media's explanation of hackers and now we go over the types of tools that hackers use to do what they do. It's a large list, so we'll only go over a few things for now and I will dissect them individually later. Vulnerability scanners are scanners that quickly check a certain computer against a known vulnerability list to find holes in that computers security. For instance, a "port scanner" is a type of tool used by a hacker to scan for internet ports that are left "open," like a gate. Internet ports are like doors. Closing them prevents traffic from going out or coming in. If left open (which is what these scanners are looking for) allow traffic to come in and go out of the computer they are assigned to.

Packet sniffers are similar in the concept of scanners, but they attempt to capture the data that is being sent out of the ports and being sent into the ports. Commonly, if a hacker were to steal someone's identity, this is probably the method that they used. Getting the sniffer into the network is easy, a simple worm with a sniffer payload could easily drop the sniffer in and then send data to and from the hacker without the computer user actually knowing about it. They steal things like passwords, usernames, bank account numbers, social security numbers, private data like calendar information, etc. A more severe and harder way to steal information is by using a "rootkit." These rootkit's will infiltrate the computer system and then conceal their entrance and activities by tricking the computer into thinking that they're supposed to be there. They subvert the standard operators control of the computer and then allow such control to be given to the hacker that controls the rootkit. Rootkits are also extremely difficult to get rid of because they bury themselves into the very depths of the computers programming.

Social engineering is another way, and quite possibly the oldest, way of hacking. In this, there's no fancy programming, there's no subversion of processes. Social engineering would probably go about like this.

Hacker (calling a school): Hi, yes, is this the principal?
Principal: Yes it is.
Hacker: My name is John Doe, I'm the Board of Educations network administrator. I have one of your teachers on the phone and she seems to have forgotten her password.
Principal: That's horrible!
Hacker: Yes, yes it is. I was wondering if you could identify a couple of things for me so that I know it's the real person.
Principal: Of course.
Hacker: She's the newest english teacher you have.
Principal: Oh! That's Ms. Smith
Hacker: Excellent. And what is the school number she teaches at?
Principal: PS123
Hacker: Excellent, thank you for the information. Oh, one more thing. What is your first and last name?
Principal: Jonathon Edwards
Hacker: Outstanding. Thank you very much Mr. Edwards. I appreciate your help. Have a good day.

Now we see that the hacker has gotten several pieces of information that he needs to call the real board of education. He has the principals name, he has the school number and he already knew the network IP number.

Hacker (calling Board of Ed): Hi, yes, this Jonathon Edwards at PS123. I seem to have been locked out of the system and I need your help to restore my admin access to the school network.
Board of Ed Techie: Of course Mr. Edwards. Alright then, your password is reset to justhacked.
Hacker: Very good, thank you. And could you verify my username just in case I'm typing it wrong?
Board of Ed Techie: Sure, it's j_edwards.
Hacker: Thanks very much.

Now we see that the hacker has everything he needs because someone at the Board of Education didn't pay attention to the security policies. We can see here by this example that this is a very hands on approach. What the hacker probably did was run some vulnerability scanners against the schools network and found an open port. The hacker has the IP (internet protocol) number for the school and an open port. The hacker also has access to the administrators side of the network because he's got the principals user name and has had the password reset. Though this is an old style of hacking, we can see how dangerous the hacking is if propery security policies as laid out by the Chief Information Officer for the Board of Education.

In today's society, these are the types of things that happen. These are the types of hackers that are plaguing our cyber community. For people who administrate networks, the best possible way to ensure that things like this are a rareity is to follow the simple steps administrators have learned about. Security planning for networks involves - first - taking care of the risk analysis. The next step is to define the roles and responsibilities of each person authorized to maintain the network. Next, we put together the systems configuration so that we know how the system is supposed to be put together. After that, we set the antivirus controls and then implement the physical security. Not forgetting network security, we implement firewalls and safeguards to control the network security. We outline who is given access to what data after setting the network security by planning the data access. After that, administrators know about the acceptable use policies and then finally the disaster planning and recovery practices are put in place.

With all of these things properly planned out and validated to ensure efficiency, hackers have a challenge ahead of them. Knowing these simple things means knowing the differences between what can happen, and what can be prevented. All things that a good systems administrator knows to do when configuring a network. Now there is little to discuss or review, so I'll share some information with you about some of the most notable hackers in the country.

Kevin Mitnik was the first hacker to make it to the FBI Most Wanted list. Kevin Mitnik was arrested in February of 1995 on four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. It was also rumored that Kevin Mitnik was the only person to have ever hacked NORAD, and was the premise for the movie "War Games." Another well known hacker in today's era is Eric Corley (aka Emmanuel Goldstein) and is the long standing publisher of 2600: The Hacker Quarterly and is the founder of the H.O.P.E. conferences. Fyodor (aka Gordon Lyon) authored the Nmap Security Scanner as well as many other network security books and web sites and is the founding member of the Honeynet Project. Solar Designer (true name currently unknown to this article writer) is the pseudonym used by the founder for the Openwall Project. Michal Zalewski (aka Icanmtuf) is a very prominent computer security researcher, and finally Gary McKinnon is a Scott facing extradition to the US to face charges of perpetrating what can only be described as the biggest military hack of all time, possibly even exceeding the Kevin Mitnik rumors and NORAD.

For now, that is all this writer has, any comments and feedback are appreciated. And please come back soon to check for updated articles!