Why should you concern yourself with the motivations and life style of computer hackers? This understanding will help you to know the enemy and prepare a better defense. Understanding the different types of hackers and there motivations will help you know what kind of information to protect and whom you have to watch. Ideally, you should protect all of yours organizations information but this is often not possible for practical or financial reasons. This story describes who hackers are , how they attack, and where they target. Remember a hacker can be a teenager or a child living next door. or a person next cubical.
So the better able to to tackle this growing menace, we need to know the symptoms, the causes and the motivation behind a hacker. We need to be familiar with common hacking terminology, become aware the different motivations of cybercrime, understanding the different kind of attacks, be conscious of typical hacking targets and thus be in a better and more informed position to know who to watch internally and externally.
Types of hackers
A hacker is an individual who has a great deal of technical knowledge about computer systems and there security. Originally, the term has no negative connections; in fact it indicated an individual with a great deal of technical prowess. Today the term frequently refers to cyber criminals.
Hacking has its roots in the computer culture of the 1950s and 1960s when access to computer was extremely limited and expensive. The times sharing of large mainframe computers was tightly controlled and many individuals who wanted to increase their knowledge and technical abilities found alternate ways to gain entry. Out of these roots has grown a full spectrum of hackers from a true law-abiding security expert to the computer criminal.
The general term hackers can be broken down into five distinct groups. These categories help define the types of individual and the threat that they present. These terms attempt to categorize the human motives and behaviors; they are not absolutes. They provide a way way to discuss different types of hackers and and understanding what type of actions attackers are likely to take against your PC and network. This allows you to strategically implement security in the areas that are the most vulnerable to attack.
The White Collar Hackers
The good guys often security professionals ,are called white hat hackers. They stay entirely within the law, only access systems with permissions, and work to identify and fixed flaws. If thy find security problem of a particular product, thy inform the vendor so it can be fixed. They do not publicize the problem.
White collar hackers are often work as security professionals, using the hackers tools to test the security of their own systems. They also closely monitor internet resources that discuss hacking, vulnerabilities and attacks. They may also attend hacker conventions and subscribe to hacker publications. Like an under cover agent, they some times walk a fine line.
The ethical or gray hat hackers
hackers who find security holes and report them are known as the ethical or gray hat hackers. Some times they give the company a chance to fix the problem before publicity posting it. Others do not;they immediately publish the problem, allowing malicious hackers the opportunity to exploit it. Many also break into systems with out permission. They believe they are providing a service to consumers by forcing companies to provide better security and products.
An attack by an ethical hacker is obviously better by some one with malicious intent. How ever when you are under attack it is impossible to tell the intent until its too late. Therefore the IT resources must scramble to protect information and record the attack as if it was malicious. If the press reports the attacks public confidence is undermine, especially if the company deals with financial and confidential data. The public may be reviles the attack was being but this was not stooping them to moving there business to a company with better security record.
The script kiddy
Unskilled hackers who use tools written by more experienced hackers are calls script kiddies. They are typically teenagers seeking the thrill of publicity. They may gain excess to systems ,disrupts systems, or deface web pages. They are easier to detect and catch but their attacks can still be very damaging. It can be very embracing for a company to have there security thwarted by a 16 years old boy on his dad's old Pentium 2 PC. Script kiddies have a great deal of time, often working in groups, and make great headlines.
The hacktivist
A Hacktivist uses computer knowledge to promote a political or social cause. They may be novices or sophisticated hackers. A company can be the target of this type of hacker if it has controversial business practices, technology or customers. For instance, the British banking giant, HSBC, experienced the defacement of its four websites. The hacker, alias herb less did this to protest the fuel prices in the United kingdom. His defacement included an activist statement and guidelines for other hacktivisits. He even posted the following note for the administrator:
Note to the administrator: You should really enforce stronger passwords. I cracked 75% of your NT account in 16 seconds on my simple Linux box. Please note the only thing changed on this server is your index page , which has been backed up. Nothing else has been alerted.
The Cracker or Black hat hacker
Hackers who use their knowledge to commit crimes has been dubbed Crackers or Black hat hackers. These crimes can include vandalism, destruction of property, fraud, theft and terrorism. They are aware that what they are doing is illegal, and consequently, they attempt to enter systems undetected and leave a little evidence behind as possible. This makes them the most challenging hackers to detect or catch.
The hacker culture
There are as many reasons for hacking as there are many types of hackers. Hacking had its own culture with a unique language, code of ethics, heroes and villains. Hackers have group organizations, conventions, printed and electric publications, and even a anti hacker defamation league.
Within the hacker culture, knowledge is power and an Elite hacker is an individual with great technical proficiency. This often comes from hours of practice, often using unauthorized access on some one else computer network. Hackers ethics vary but most believe that information and computer access should be freely and shared. Many also believe that cracking into system is ethical as long no harm is done.
The average hacker is a 14 to 28 years old male. A hacker is often an intelligent, academic underachiever who is a student or employed in a technical field. Like any profile this is a broad generalization and the diversity is increasing. Hackers are not known for their conformity and cultural distinctions vary from groups to groups. In fact , these distinctions can be helpful when trying to catch or prosecute a hacker because these difference often leave clues to the hackers identity.
Many hackers go by distinctive aliases and use internet relay channel (IRC) to plan or boast about their exploits. They use hacker slang and technology speak to create their own language. This language has its own conventions for spelling, syntax, punctuation and capitalization.
Hacker Lingo
Hacker slang, aliases and groups associations can help the authorities identify a hacker. Script kiddies are often leave messages in hacker slang and sign their work with their aliases. They also develop patterns of attack such as repeatedly using the same tool or process. Not all hackers participate in the hacker culture; some are loners or consider the activities beneath them. However, all hackers have a modus operandi and it is wise to collect as many clues as possible.
The motivations of a hacker
A major motivation among hackers is status. The bigger the target, the more sophisticated the attack, the more status the hacker gains. As previously mentioned hackers label their heroes Elite hackers. This requires them to reach a certain level of knowledge and then demonstrate it to their peers. The media attention also provides acknowledgments and attention increasing their status.
The websites of government agencies and large corporations are common targets. These targets gains a great deal of attention and status in some hacking circles. In 996 hackers defaced the central intelligence agency web page changing the title to central stupid agency. The list of government pages defaced or disabled is long and distinguished.
In august 1994 , Vladimir Levin, a Russian computer programmer transfers millions of dollars out of Citibank accounts. He was part of a complicated scheme of wire transfers and pick-ups that moved money out of Citibank to accounts all over the globe. He claimed that his salary from St Petersburg's Technology Institute was so low that had to steal the money.
Corporates or Government espionage also motivates some crackers. They steal intellectual property trade and military secrets and other desirable information. They use the information for their own purposes, or sell it to interested parties. Several numbers of the infamous West German Hacking Group, Chaos Club, collected information about military installations and technologies and then sold it to KGB. Clifford Stoll, a president systems administrator at the Livermore National Lab in Berkeley, led the effort to track them down.
Political and activities goals are relatively new to the hacking community, but they are becoming more common. A company may become a target because of its use of controversial medical technology, genetic engineering, or disregard for the environment. A law firm representing a controversial client can be a prime target. Hacktivists target and disable or deface sites that represent the views that they oppose.
Personal revenge can motive a current or former employ to hack. This is a growing problem for the organizations; some polls claims that approximately two third of network breaches come from inside the company. These attacks can range from embarrassing to devastating. The employee turned hacker may inadvertently crash a system or intentionally destroy information. Building a hack proof wall to the outside world is not enough, security plans must also include inside policies and protections.
Eastman Kodak charged Chung Yuh Soong, a former employee with transmitting highly confidential software files to a competitor in California. The only reason they detected the alleged was theft that the document was so large and it crashed the server. At Pixar Animation studios the entire company received an e-mail listing the salary of every employ. The e-mail seemed to originate from the company,s CEO's address. Although he did not send it, evidence does point to a current or former employee. These are just two examples of inside jobs that put organizations at risk.
Hackers Toolkit
There are many tools in the hackers tool kit. These tools include technical and non-technical techniques that allow them to gain access to systems and successfully attempt the goal of the hack. This section provides an overview of these tools and there uses. The following paragraph describes these tools included recommendations for tools and policies that will help prevent there successful use.
Hackers have their favorite tools and every system has its unique strength ans weaknesses. Nevertheless most attacks following the general pattern that include the following steps:
Gather information. Hackers gather both general and technical information. This include Name and Telephone numbers of technical staff, network operating systems, securities practices, remote access dial up numbers, and passwords.
Gain initial system access. During this step the hacker enters the target network, often with limited access and rights.
Once he had opened the door, the hacker began exploiting the system weakness to increase the level of privilege and expand access. He works to gain super user or administrator status that will gain him full access. He may achieve this in the first attack or may use a series of attacks to gradually increase his privileges.
Carry out the purposes of attack. This step varies depending on the hackers goal. A white hat working on behalf of the company would identifying the weaknesses and fix them if possible, and then leave. A cracker could begin copy files to steal information, installing and destructive Trojan program, or other delicious activities.
Install back doors. A hacker may temper with the system and build and easy entrance for a return trip.
Cover tracks and exit. Hackers usually attempt to clean up after themselves and remove all traces of their attack. This involves modifying log files that record access and system changes.
Telephone hacking
Hackers use numerous techniques during these steps. One technique, Freaking, is any international misuse of telephone system. It originated as a way to gain free phone access or crack into phone systems and disrupt them. Some hackers started as phreakers and use these techniques to gather information, cover their tracks, or cause additional damage to an organizations communication systems.
Once hackers has cracked into the phone system they may monitor voice mails or temporary forward phone calls to a number that they control. Hackers have used this ability to temporarily as a computer help desk. They have also monitored the voice mail of the technical staff, learning more about there systems vulnerabilities, network configurations, access rights, user names and passwords.
Hackers also use phreaking to cover their attacks. They frequently access systems through a dial up modems and they do not want a traceable telephone number that do not belong to them, avoiding phone charges, and hidings their identities.
Another telephone activity is war dialing also known as brute force dialing. These tools dialing a sequence of numbers in order to detect modem tones. Telephone companies can easily detect the more premitive of these program, but the more sophisticated dialers randomize the sequence and timing of calls. This makes them more difficult to detect and prevent. Once the dialer finds a modem it will attempt to login using series of passwords. If successful the hacker gains the initial access to the system.
Social engineering takes advantage of human weakness to gain access to passwords and other information. Typically a hacker will call up and individual and pose as technical staff. He will have usually gains enough information to sound credible and the victim will often provide user name password or other vital information.
While social engineering takes a smooth tongue and sharp mind, another technique, trashing requires less amorous skills. Trashing is the practice of going through rubbish to find information. This information can include account names, passwords, credit cars numbers, and other security information. It is more effective near a help desk , internet service provider, or network operating center. Although it is a risky, clandestine process, it can provide valuable information.
Another method of obtaining passwords is password cracking. There are passwords cracking programs are available for free on the internet. These programs contains large dictionaries and trying to guess password by trying each word. The more sophisticated programs include all possible alphanumeric combination. These programs may be run against any individual account, system account, or against the actual password file that contain all the users passwords. There is no guaranteed safe password because of these tools.
However the combination of a good network and passwords policies can prevent a hacker from successfully using these tools.
Packet sniffing is another useful tools captures users names and passwords by listening to data transmitting. It is essentially a wiretap applied to a network, analyzing each packet of information and extracting the relevant data. Many organizations install system tools designed to help manage the network. While these tools are very useful, they can allow hackers to install remote sniffing programs. In addition to capturing the passwords hackers can using packet sniffer to read the e-mails, data files and financial information.
Pinging and port scanning are other technical tools that help to gather information about the computer systems. Network administrator uses these tools and so that the hackers. The pinging utility sends a packet from hackers computer to the target computer. If the computer is on and connected to the internet it will respond. Port scanning is means of finding exploitable communication channels. The hacker than uses this port to gain entry to the system. Hackers can use both of these utilities to gather information, or to actually attack and crash systems.
IP-spoofing is the creation of packets using some body els address . Hackers do this to hide their location and avoid identification. Crackers use spoofing in combination with various hijacking and flooding techniques to malicious attack system. Once the hacker spoof their way in, they establish trust and then hijack a legitimate user connection. Then they proceed with an attack. Cracker also combine spoofing with floods of fake requests that eventually disable the system.
Another hijacking activity is writing malicious codes included viruses worms and Trojans. Virus writers may not consider themselves hackers but they are certainly fit to the definition. They are individuals with a great deal of technical knowledge about computer systems and there security. They need this knowledge in order to create successful malicious code. Hackers use viruses and other malicious attack and code to damage individual targets and and release them into the wild where they have the potential to attack the random targets. Depending on their background and motivation hacker may use one or combination of these tools. They may specialize and be very good at one technique or jacks of all trades.
Contents taken from
