Hacker (computer security) |
: For hackers in computing, not just in security, see Hacker. See also hacker (disambiguation)
In computer security, hacker refers to a type of computer Hacker who exploits systems or gain unauthorized access through skills, tactics and detailed knowledge.
Most commonly, hacker refers to a black-hat hacker (a malicious or criminal hacker). There are also ethical hackers (white hats), and grey hats.
=Terminology=
Similar, synonymous and related terms:
*Hacker, may mean simply a person with mastery of computers. See Hacker, and Hacker definition controversy
.
*Cracker_(computing):
*# A black hat hacker. Often used to differentiate black hat hackers and the general (positive) sense of Hacker. The use of the term began to spread around 1983, probably introduced both due to similar phonetic sound and as construction from the historical slang of Safe-cracking. Also theorized by some to be a portmanteau of the words criminal and hacker .
*# A security hacker who uses password cracking or brute force attacks. Related to the term Safe-cracking.
*# a software cracker. A person specialized in working around copy protection mechanisms in software. Note that software crackers are not involved in exploiting networks, but copy protected software.
*A hacktivist is a hacker who utilizes technology to announce a political message. It should be noted that web vandalism is not necessarily hacktivism.
*Grey hat: A hacker of ambiguous ethics and/or borderline legality, often frankly admitted.
*Script kiddie: A computer intruder with little or no skill; a person who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing. Pejorative.
*Sneaker (computer security): A computer intruder, usually someone investigating a system with lawful authority (such as an owner or law-enforcement agency). Sometimes an intruder who seeks to have minimal impact on a system. Usage somewhat uncommon
*Whitehat or White Hat: A hacker who breaks security but who does so for altruistic or at least non-malicious reasons. White hats generally have a clearly defined code of ethics, and will often attempt to work with a manufacturer or owner to ameliorate discovered security weaknesses, although many reserve the implicit or explicit threat of public disclosure after a reasonable time as a prod to ensure timely response from a corporate entity. The term is also used to describe hackers who work to deliberately design and code more secure systems. To White Hats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, blackhats may claim the lighter the hat, the more the ethics of the activity are lost.
=Hacking tools=
There are several recurring tools of the trade used by computer criminals:
.
, which spreads by inserting itself into living cells.
Computer worm — Like a virus, a worm is also a self-replicating program. The difference between a virus and a worm is that a worm does not create multiple copies of itself on one system and that it propogates itself through computer networks. After the comparison between computer viruses and biological viruses, the obvious comparison here is to a bacterium. Many people conflate the terms virus and worm , using them both to describe any self-propagating program. It is possible for a program to have the blunt characteristics of both a worm and a virus.
Vulnerability scanner — A tool used to quickly check computers on a network for known weaknesses. Hackers also use port scanners. These check to see which ports on a specified computer are open or available to access the computer. (Note that Firewall (networking) defend computers from intruders by limiting access to ports/machines both inbound and outbound.)
Sniffer — An application that captures password and other data while it is in transit either within the computer or over the network.
Exploit (computer security) — A prepared application that takes advantage of a known weakness.
Social engineering (computer security) — Using manipulation skills in order to obtain some form of information. An example would be asking someone for their password or account possibly over a beer or by posing as someone else.
Root kit — A toolkit for hiding the fact that a computer s security has been compromised. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.
=Notable intruder and criminal hackers=
Note that many of these have since turned to fully legal hacking.
*Jonathan James (a.k.a. comrade) was most notably recognized for the theft of software which controlled the International Space Station s life sustaining elements, as well as intercepting dozens of electronic messages relating to U.S. nuclear activies from the Department of Defense
conferences. He has been part of the hacker community since the late 70s.
*Mark Abene (a.k.a. Phiber Optik) — Inspired thousands of teenagers around the country to study the internal workings of the United States phone system. One of the founders of the Masters of Deception group.
*Dark Avenger — Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
*John Draper (a.k.a. Captain Crunch ) — Draper is widely credited with evangelizing the use of the 2600 hertz tone generated by whistles distributed in Captain Crunch cereal boxes in the 1970 s, and sometimes inaccurately credited with discovering their use. Draper served time in prison for his work, and is believed to have introduced Steve Wozniak to phone phreaking through the 2600hz tone. Draper now develops anti-spam and security software.
*Zeljko Vidas a.k.a. Stoney is one of the two people who wrote the viral decomposer Titanic, wich has brought down over 70 companies and is one of the most destructable viruses in cyberspace. Known for his fast, smooth operating and his disaperance in cyberspace. Tom Letinov tried to capture him but with no results. Cracked into Croatias police dept. and deleted some records. It is still not known how he did it.
*Markus Hess — A West Germany, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
*Adrian Lamo — Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC Communications,
Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.
*Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank s computers into spitting out $10 million. To this day, the method used is unknown.
*Kevin Mitnick — Held in jail without bail for a long period of time. Inspired the Free Kevin movement. Once the most wanted man in cyberspace, Mitnick went on to be a prolific public speaker, author, and media personality. Mitnick Security Consulting, LLC is a full-service information security consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting offers a comprehensive range of services to help businesses protect their valuable assets.
Robert Tappan Morris — In 1988 while a Cornell University graduate student was the writer of the first computer_worm, Morris Worm, which used buffer overflows to propagate.
*Phoenix — Leading member of Australian hacking group The Realm. Targeted US defence and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. His was the world s first computer intruder prosecution based on evidence gathered from remote computer intercept.
*Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.
*Brian Salcedo — Salcedo and accomplices gained access to Lowe s wireless LAN connection and installed a program designed to steal credit card account information.
*David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.
*Craig Neidorf — In 1990, Neidorf (a co-founder of Phrack) was prosecuted for stealing the E911 document from BellSouth and publicly distributing it online. BellSouth claimed that the document was worth $80,000; they dropped the charges after it was revealed that copies of the document could be freely ordered for 13$.
*Zero G — Widely rumored to be female and and child prodigy of MIT, Zero G emerged in the late 1990 s. Known to transverse government servers freely, Zero G has been sought after by multiple United States Federal Agencies and foriegn governments. Zero G may be among the top group of the new generation of computer hackers. Zero G s breakin of the CIA s central computer system in 2002 seems to be the most prominent public display. Known on IRC networks as ^G-spot, since 2002, Zero G publically has turned to Hacker For Hire , striking a deal with the U.S. Federal Government to stop their pursuit in exchange for services rendered. Since early 2005 little has been heard of Zero G, rumored to have been pushed further underground from threats from the IDF.
=Hacker conferences=
Hacker cons have drawn more and more people every year including SummerCon (Summer), DEF CON, HoHoCon (Christmas), PumpCon (Halloween), H.O.P.E. (Hackers on Planet Earth) and HEU (Hacking at the End of the Universe).
=See also=
*Hacker definition controversy
*Hacker
*White hat
*Grey hat
*Security cracking
*Biohacker
=Fictional Movies about Hackers=
Hackers (movie)
Wargames
Sneakers (movie)
Swordfish (film)
=Related books=
*
*
*
*
*
Network Security:
*
Magazines:
2600: The Hacker Quarterly
Hakin9
Binary Revolution Magazine