Hackers, crackers, phreaks, script kiddies, and cyberpunks..... (Security).
`Typically, the result includes new ways to use or improve the device, protocol, or operating system. Hackers will let you know that they're simply on a quest, a quest for knowledge, and they'll gladly share the results with you. More recently, however, "hacker' has come to be used erroneously by the media to describe virtually any form of illicit act.
A cracker can be thought of as an unlawful hacker, a person who circumvents or defeats the security measures of a network or particular computer system to gain unauthorized access. The classic goal of a cracker is to obtain information illegally from a computer system to use computer resources illegally. Nevertheless, the main goal of the majority is to merely break into the system. Nowadays, this individual would use his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data on those systems. At that point, this individual would steal information, carry out corporate espionage, and install backdoors, viruses, and Trojan horses.
A phreak is a person who breaks into telephone networks or other secured telecommunication systems to see how they work. For example, in the 1970s, the telephone system used audible tones as switching signals; phone phreaks used their own custom-built hardware to match the tones to steal long-distance services. Despite the sophisticated security barriers used by most providers today, service theft such as this is quite common globally.
Script kiddies are amateur hackers, sometimes referred to as lamers.
They don't possess the level of knowledge of true hackers; rather, they customarily download hacking tools and program snippets (or scripts), and then use them to cause mischief.
In regard to security, the eyberpunk can be defined as a contemporary combination of the hacker, cracker, and phreak.
It has become an undeniable reality that to successfully prevent being hacked, one must think like a hacker, function like a hacker, and, therefore, become a hacker.
What is Hacking?
Hacking might be exemplified by the media as inappropriate applications of ingenuity; and whether the result is a practical joke, a quick vulnerability exploit, or a carefully crafted security breach, one has to admire the technological expertise that was applied.
For the purpose of conciseness, this section treats as a single entity the characteristics of backers, crackers, and phreaks.
Perhaps the best description of hacking, however, is attributed to John Vranesevich, founder of AntiOnline (an online security Web site with a close eye on hacker activity). He called hacking the "result of typical inspirations." Among these inspirations are communal, technological, political, economical, and governmental motivations:
* The communal hacker is the most common type and can be compared to a talented graffiti `artist' spraying disfiguring paint on lavish edifices. This personality normally derives from the need to control or to gain acceptance and/or group supremacy.
* The technological hacker is encouraged by the lack of technology progression. By exploiting defects, this individual forces advancements in software and hardware development.
* Similar to an activist's rationale, the political hacker has a message he or she wants to be heard. This requirement compels the hacker to routinely target the press or governmental entitles.
* The economical hacker is analogous to a common thief or bank robber. This person commits crimes such as corporate espionage and credit card fraud for personal gain or profit.
* Though all forms of hacking are illegal, none compares to the implications raised by the governmental hacker. The government analogizes this profile to the common terrorist.
Exposing the Criminal
The computer security problem includes not only hardware on local area networks, but more importantly, the information contained by those systems and potential vulnerabilities to remote-access breaches.
Market research reveals that computer security increasingly is the area of greatest concern among technology corporations. Among industrial security managers in one study, computer security ranked as the top threat to people, buildings, and assets (Check Point Software Technologies, 2000). Reported incidents of computer hacking, industrial espionage, or employee sabotage are growing exponentially. Some statistics proclaim that as much as 85 percent of corporate networks contain vulnerabilities.
In order to successfully `lock down' the computer world, we have to start by securing local stations and their networks. Research from management finns including Forrester indicates that more than 70 percent of security executives reveal that their server and Internet platforms are beginning to emerge in response to demand for improved security. Online business-to-business (B2B) transactions will grow to $327 billion in 2002, up from $8 billion last year, according to Deborah Triant, CEO of firewall vendor Check Point Software, in Redwood City, California. But to protect local networks and online transactions, the industry must go beyond simply selling firewall software and long-term service, and provide vulnerable security clarifications. The best way to gain this knowledge is to learn from the real professionals, that is, the hackers, crackers, phreaks, and cyberpunks
Who are these professionals? Common understanding is mostly based on unsubstantiated stories and images from motion pictures. We do know that computer hacking has been around since the inauguration of computer technology. The first hacking case was reported in 1958. According to the offenders, all hackers may not be alike, but they share the same quest for knowledge.
Regardless of the view of hacker as criminal, there seems to be a role for the aspiring hacker in every organization. Think about it: who better to secure a network, the trained administrator or the stealthy hacker? Hackers, crackers, phreaks, and cyberpunks seek to be recognized for their desire to learn, as well as for their knowledge in technologies that are guiding the world into the future. According to members of the Underground, society cannot continue to demonstrate its predisposition against hackers. Hackers want the populace to recognize that they hack because they have reached a plateau; to them, no higher level of learning exists. To them, it is unfair for the public to regard the hacker, cracker, phreak, and cyberpunk as one malicious group.
Profiling the Hacker
Profiling the hacker has been a difficult, if not fruitless undertaking for many years now. According to the FBI postings on Cyber-Criminals in 1999, the profile was of a nerd, then of a teen whiz-kidd; at one point the hacker was seen as the antisocial underachiever; at another, the social guru. Most hackers have been described as punky and wild, because they think differently, and it is reflected in their style. None of this rings true anymore. A hacker may be the boy or girl next door. A survey of 200 well-known hackers reported that the average age of a hacker is 16-19, 90 percent of whom are male; 70 percent live in the United States. They spend an average of 57 hours a week on the computer; and 98 percent of them believe that they'll never be caught hacking. The typical hacker probably has at least three of the following qualities:
* Is proficient in C,C++,CGI,or Perl programming languages.
* Has knowledge of TCP/IP, the networking protocol of the Internet.
* Is a heavy user of the Internet, typically for more than 50 hours per week.
* Is intimately familiar with at least two operating systems, one of which is almost certainly UNIX.
* Was or is a computer professional.
* Is a collector of outdated computer hardware and software.
* Do any of these characteristics describe you? Do you fit the FBI profile?
* Could they be watching you?
The author is the Editor of a newly released book `Hack Attacks Revealed'. Wiley Publishing ISBN 0-471-23282-3 414 Pages 2nd Edition
|Printer friendly Cite/link Email Feedback|
|Publication:||Database and Network Journal|
|Date:||Dec 1, 2002|
|Previous Article:||WS_FTP PRO 7.6. (Internet Focus).|
|Next Article:||Automating security. (Security).|