Security Cracking
   HOME

TheInfoList



OR:

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a
computer system A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations ( computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These prog ...
or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the "computer underground". Longstanding controversy surrounds the meaning of the term " hacker." In this controversy,
computer programmers A computer programmer, sometimes referred to as a software developer, a software engineer, a programmer or a coder, is a person who creates computer programs — often for larger computer software. A programmer is someone who writes/creates ...
reclaim the term ''hacker'', arguing that it refers simply to someone with an advanced understanding of computers and computer networks and that ''cracker'' is the more appropriate term for those who break into computers, whether computer criminals (
black hats Max Allan Collins (born March 3, 1948) is an American mystery writer, noted for his graphic novels. His work has been published in several formats and his '' Road to Perdition'' series was the basis for a film of the same name. He wrote the ''Di ...
) or computer security experts ( white hats). A 2014 article noted that "the black-hat meaning still prevails among the general public".


History


Birth of subculture and entering mainstream: 1960's-1980's

The subculture around such hackers is termed network hacker subculture, hacker scene, or computer underground. It initially developed in the context of phreaking during the 1960s and the microcomputer BBS scene of the 1980s. It is implicated with ''
2600: The Hacker Quarterly ''2600: The Hacker Quarterly'' is an American seasonal publication of technical information and articles, many of which are written and submitted by the readership, on a variety of subjects including hacking, telephone switching systems, Intern ...
'' and the '' alt.2600'' newsgroup. In 1980, an article in the August issue of ''
Psychology Today ''Psychology Today'' is an American media organization with a focus on psychology and human behavior. It began as a bimonthly magazine, which first appeared in 1967. The ''Psychology Today'' website features therapy and health professionals direc ...
'' (with commentary by Philip Zimbardo) used the term "hacker" in its title: "The Hacker Papers." It was an excerpt from a Stanford Bulletin Board discussion on the addictive nature of computer use. In the 1982 film '' Tron'', Kevin Flynn ( Jeff Bridges) describes his intentions to break into ENCOM's computer system, saying "I've been doing a little hacking here." CLU is the
software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...
he uses for this. By 1983, hacking in the sense of breaking computer security had already been in use as computer jargon, but there was no public awareness about such activities. However, the release of the film '' WarGames'' that year, featuring a computer intrusion into
NORAD North American Aerospace Defense Command (NORAD ), known until March 1981 as the North American Air Defense Command, is a combined organization of the United States and Canada that provides aerospace warning, air sovereignty, and protection ...
, raised the public belief that computer security hackers (especially teenagers) could be a threat to national security. This concern became real when, in the same year, a gang of teenage hackers in
Milwaukee, Wisconsin Milwaukee ( ), officially the City of Milwaukee, is both the most populous and most densely populated city in the U.S. state of Wisconsin and the county seat of Milwaukee County. With a population of 577,222 at the 2020 census, Milwaukee i ...
, known as The 414s, broke into computer systems throughout the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., federal district, five ma ...
and
Canada Canada is a country in North America. Its ten provinces and three territories extend from the Atlantic Ocean to the Pacific Ocean and northward into the Arctic Ocean, covering over , making it the world's second-largest country by tota ...
, including those of
Los Alamos National Laboratory Los Alamos National Laboratory (often shortened as Los Alamos and LANL) is one of the sixteen research and development laboratories of the United States Department of Energy (DOE), located a short distance northwest of Santa Fe, New Mexico, i ...
,
Sloan-Kettering Cancer Center Memorial Sloan Kettering Cancer Center (MSK or MSKCC) is a cancer treatment and research institution in the borough of Manhattan in New York City, founded in 1884 as the New York Cancer Hospital. MSKCC is one of 52 National Cancer Institute ...
and Security Pacific Bank. The case quickly grew media attention, and 17-year-old Neal Patrick emerged as the spokesman for the gang, including a cover story in ''
Newsweek ''Newsweek'' is an American weekly online news magazine co-owned 50 percent each by Dev Pragad, its president and CEO, and Johnathan Davis, who has no operational role at ''Newsweek''. Founded as a weekly print magazine in 1933, it was widely ...
'' entitled "Beware: Hackers at play", with Patrick's photograph on the cover. The ''
Newsweek ''Newsweek'' is an American weekly online news magazine co-owned 50 percent each by Dev Pragad, its president and CEO, and Johnathan Davis, who has no operational role at ''Newsweek''. Founded as a weekly print magazine in 1933, it was widely ...
'' article appears to be the first use of the word ''hacker'' by the mainstream media in the pejorative sense. Pressured by media coverage, congressman
Dan Glickman Daniel Robert Glickman (born November 24, 1944) is an American politician, lawyer, lobbyist, and nonprofit leader. He served as the United States Secretary of Agriculture from 1995 until 2001, prior to which he represented as a Democrat in Co ...
called for an investigation and began work on new laws against computer hacking. Neal Patrick testified before the U.S. House of Representatives on September 26, 1983, about the dangers of computer hacking, and six bills concerning computer crime were introduced in the House that year. As a result of these laws against computer criminality, white hat, grey hat and black hat hackers try to distinguish themselves from each other, depending on the legality of their activities. These moral conflicts are expressed in The Mentor's " The Hacker Manifesto", published 1986 in '' Phrack''. Use of the term hacker meaning computer criminal was also advanced by the title "Stalking the Wily Hacker", an article by Clifford Stoll in the May 1988 issue of the '' Communications of the ACM''. Later that year, the release by Robert Tappan Morris, Jr. of the so-called Morris worm provoked the popular media to spread this usage. The popularity of Stoll's book '' The Cuckoo's Egg'', published one year later, further entrenched the term in the public's consciousness.


Classifications

In computer security, a hacker is someone who focuses on the security mechanisms of computer and network systems. Hackers can include someone who endeavors to strengthen security mechanisms by exploring their weaknesses and also those who seek to access secure, unauthorized information despite security measures. Nevertheless, parts of the subculture see their aim in correcting security problems and use the word in a positive sense. White hat is the name given to ethical computer hackers, who utilize hacking in a helpful way. White hats are becoming a necessary part of the information security field. They operate under a code, which acknowledges that breaking into other people's computers is bad, but that discovering and exploiting security mechanisms and breaking into computers is still an interesting activity that can be done ethically and legally. Accordingly, the term bears strong connotations that are favorable or pejorative, depending on the context. Subgroups of the computer underground with different attitudes and motives use different terms to demarcate themselves from each other. These classifications are also used to exclude specific groups with whom they do not agree.


Cracker

Eric S. Raymond, author of ''
The New Hacker's Dictionary The Jargon File is a glossary and usage dictionary of slang used by computer programmers. The original Jargon File was a collection of terms from technical cultures such as the MIT AI Lab, the Stanford AI Lab (SAIL) and others of the old ARPANET A ...
'', advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as a wider hacker culture, a view that Raymond has harshly rejected. Instead of a hacker/cracker dichotomy, they emphasize a spectrum of different categories, such as white hat, grey hat, black hat and
script kiddie A script kiddie, skiddie, kiddie, or skid is an unskilled individual who uses scripts or programs developed by others, primarily for malicious purposes. Characteristics In a Carnegie Mellon report prepared for the U.K. Department of Defense in 2 ...
. In contrast to Raymond, they usually reserve the term ''cracker'' for more malicious activity. According to Ralph D. Clifford, a ''cracker'' or ''cracking'' is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system." These subgroups may also be defined by the legal status of their activities.


White hat

A white hat hacker breaks security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client, or while working for a security company that makes security software. The term is generally synonymous with
ethical hacker A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabili ...
, and the EC-Council, among others, have developed certifications, courseware, classes, and online training covering the diverse arena of ethical hacking.


Black hat

A black hat hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005).Robert Moore The term was coined by
Richard Stallman Richard Matthew Stallman (; born March 16, 1953), also known by his initials, rms, is an American free software movement activist and programmer. He campaigns for software to be distributed in such a manner that its users have the freedom to u ...
, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration in hacker culture, or the ethos of the white hat hacker who performs hacking duties to identify places to repair or as a means of legitimate employment. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".


Grey hat

A grey hat hacker lies between a black hat and a white hat hacker, hacking for ideological reasons. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hat hackers sometimes find the defect in a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.


Elite hacker

A
social status Social status is the level of social value a person is considered to possess. More specifically, it refers to the relative level of respect, honour, assumed competence, and deference accorded to people, groups, and organizations in a society. S ...
among hackers, ''elite'' is used to describe the most skilled. Newly discovered exploits circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.


Script kiddie

A
script kiddie A script kiddie, skiddie, kiddie, or skid is an unskilled individual who uses scripts or programs developed by others, primarily for malicious purposes. Characteristics In a Carnegie Mellon report prepared for the U.K. Department of Defense in 2 ...
(also known as a ''skid'' or ''skiddie'') is an unskilled hacker who breaks into computer systems by using automated tools written by others (usually by other black hat hackers), hence the term script (i.e. a computer script that automates the hacking) kiddie (i.e. kid, child an individual lacking knowledge and experience, immature), usually with little understanding of the underlying concept.


Neophyte

A neophyte (" newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.


Blue hat

A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed.
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
also uses the term ''BlueHat'' to represent a series of security briefing events.


Hacktivist

A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message. Hacktivism can be divided into two main groups: * Cyberterrorism – Activities involving website defacement or denial-of-service attacks; and, *
Freedom of information Freedom of information is freedom of a person or people to publish and consume information. Access to information is the ability for an individual to seek, receive and impart information effectively. This sometimes includes "scientific, Indigeno ...
 – Making information that is not public, or is public in non-machine-readable formats, accessible to the public.


Nation state

Intelligence agencies and cyberwarfare operatives of nation states.


Organized criminal gangs

Groups of hackers that carry out organized criminal activities for profit. Modern-day computer hackers have been compared to the
privateer A privateer is a private person or ship that engages in maritime warfare under a commission of war. Since robbery under arms was a common aspect of seaborne trade, until the early 19th century all merchant ships carried arms. A sovereign or deleg ...
s of by-gone days. These criminals hold computer systems hostage, demanding large payments from victims to restore access to their own computer systems and data. Furthermore, recent ransomware attacks on industries, including energy, food, and transportation, have been blamed on
criminal organization Organized crime (or organised crime) is a category of transnational, national, or local groupings of highly centralized enterprises run by criminals to engage in illegal activity, most commonly for profit. While organized crime is generally tho ...
s based in or near a
state actor In United States constitutional law, a state actor is a person who is acting on behalf of a governmental body, and is therefore subject to limitations imposed on government by the United States Constitution, including the First, Fifth, and Fou ...
– possibly with the country’s knowledge and approval. Cyber theft and ransomware attacks are now the fastest-growing crimes in the United States.
Bitcoin Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public di ...
and other cryptocurrencies facilitate the
extortion Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, ...
of huge ransoms from large companies, hospitals and city governments with little or no chance of being caught.


Attacks

Hackers can usually be sorted into two types of attacks: mass attacks and targeted attacks. They are sorted into the groups in terms of how they choose their victims and how they act on the attacks. A typical approach in an attack on Internet-connected system is: # Network enumeration: Discovering information about the intended target. #
Vulnerability analysis Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
: Identifying potential ways of attack. # Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis. In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.


Security exploits

A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, cross-site scripting and cross-site request forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP),
PHP PHP is a General-purpose programming language, general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementati ...
, SSH, Telnet and some Web pages. These are very common in Web site and Web domain hacking.


Techniques

;Vulnerability scanner :A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. ( Firewalls defend computers from intruders by limiting access to ports and machines, but they can still be circumvented.) ;Finding vulnerabilities :Hackers may also attempt to find vulnerabilities manually. A common approach is to search for possible vulnerabilities in the code of the computer system then test them, sometimes
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
the software if the code is not provided. Experienced hackers can easily find patterns in code to find common vulnerabilities. ;Brute-force attack :Password guessing. Brute-force attacks are used to quickly check all short password variations. For longer passwords, other methods such as the dictionary attack are used, because of the amount of time a brute-force search takes. ;Password cracking : Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Common approaches include repeatedly trying guesses for the password, trying the most common passwords by hand, and repeatedly trying passwords from a "dictionary," or a text file with many passwords. ;Packet analyzer :A
packet analyzer A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or ...
("packet sniffer") is an application that captures data packets, which can be used to capture passwords and other data in transit over the network. ;Spoofing attack (phishing) :A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program – usually to fool programs, systems or users into revealing confidential information, such as user names and passwords. ;Rootkit :A rootkit is a program that uses low-level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent their removal through a subversion of standard system security. They may include replacements for system binaries, making it virtually impossible for them to be detected by checking process tables. ;Social engineering :In the second stage of the targeting process, hackers often use
social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...
tactics to get enough information to access the network. They may contact the system administrator and pose as a user who cannot get access to his or her system. This technique is portrayed in the 1995 film '' Hackers'', when protagonist Dade "Zero Cool" Murphy calls a somewhat clueless employee in charge of security at a television network. Posing as an accountant working for the same company, Dade tricks the employee into giving him the phone number of a modem so he can gain access to the company's computer system. :Hackers who use this technique must be familiar with their target's security practices in order to trick the system administrator into giving them information. In some cases, a help-desk employee with limited security experience will answer the phone and be relatively easy to trick. Another approach is for the hacker to pose as an angry supervisor, and when his/her authority is questioned, threaten to fire the help-desk worker. Social engineering is very effective, because users are the most vulnerable part of an organization. No security devices or programs can keep an organization safe if an employee reveals a password to an unauthorized person. :Social engineering can be broken down into four sub-groups: :* ''Intimidation'' As in the "angry supervisor" technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them. At this point, many people accept that the hacker is a supervisor and give them the information they seek. :* ''Helpfulness'' The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.) it usually has the authority to change or reset passwords, which is exactly what the hacker wants. :* ''Name-dropping'' The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate user him or herself. Some of these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded documents ( "dumpster diving"). :* ''Technical'' Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record-keeping purposes. ;Trojan horses :A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the intruder to gain access later. (The name refers to the
horse The horse (''Equus ferus caballus'') is a domesticated, one-toed, hoofed mammal. It belongs to the taxonomic family Equidae and is one of two extant subspecies of ''Equus ferus''. The horse has evolved over the past 45 to 55 million ...
from the
Trojan War In Greek mythology, the Trojan War was waged against the city of Troy by the Achaeans (Greeks) after Paris of Troy took Helen from her husband Menelaus, king of Sparta. The war is one of the most important events in Greek mythology and ha ...
, with the conceptually similar function of deceiving defenders into bringing an intruder into a protected area.) ;Computer virus :A
virus A virus is a wikt:submicroscopic, submicroscopic infectious agent that replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and ...
is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a
biological virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky ...
, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious. ;Computer worm :Like a virus, a
worm Worms are many different distantly related bilateral animals that typically have a long cylindrical tube-like body, no limbs, and no eyes (though not always). Worms vary in size from microscopic to over in length for marine polychaete worm ...
is also a self-replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms "virus" and "worm" interchangeably to describe any self-propagating program. ;Keystroke logging :A keylogger is a tool designed to record ("log") every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access to confidential information typed on the affected machine. Some keyloggers use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used for legitimate purposes, even to enhance computer security. For example, a business may maintain a keylogger on a computer used at a point of sale to detect evidence of employee fraud. ;Attack patterns : Attack patterns are defined as series of repeatable steps that can be applied to simulate an attack against the security of a system. They can be used for testing purposes or locating potential vulnerabilities. They also provide, either physically or in reference, a common solution pattern for preventing a given attack. Tools and Procedures :A thorough examination of hacker tools and procedures may be found in Cengage Learning's E, CSA certification workbook.


Notable intruders and criminal hackers


Notable security hackers

*
Andrew Auernheimer Andrew Alan Escher Auernheimer ( ; born ), best known by his pseudonym weev, is an American computer hacker and professional Internet troll. Affiliated with the alt-right, the Southern Poverty Law Center has described him as being a neo-Nazi ...
, sentenced to 3 years in prison, is a grey hat hacker whose security group Goatse Security exposed a flaw in AT&T's iPad security. * Dan Kaminsky was a
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
expert who exposed multiple flaws in the protocol and investigated Sony's rootkit security issues in 2005. He spoke in front of the United States Senate on technology issues. * Ed Cummings (also known as Bernie S) is a longstanding writer for ''2600: The Hacker Quarterly''. In 1995, he was arrested and charged with possession of technology that could be used for fraudulent purposes, and set legal precedents after being denied both a bail hearing and a speedy trial. * Eric Corley (also known as Emmanuel Goldstein) is the longstanding publisher of ''
2600: The Hacker Quarterly ''2600: The Hacker Quarterly'' is an American seasonal publication of technical information and articles, many of which are written and submitted by the readership, on a variety of subjects including hacking, telephone switching systems, Intern ...
''. He is also the founder of the Hackers on Planet Earth (HOPE) conferences. He has been part of the hacker community since the late 1970s. *
Susan Headley Susan Headley (born 1959, also known as Susy Thunder or Susan Thunder) was a phreaker and early computer hacker during the late 1970s and early 1980s. A member of the so-called Cyberpunks, Headley specialized in social engineering, a type of hacking ...
(also known as Susan Thunder), was an American hacker active during the late 1970s and early 1980s widely respected for her expertise in
social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...
,
pretexting Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that t ...
, and psychological subversion. She became heavily involved in phreaking with Kevin Mitnick and Lewis de Payne in
Los Angeles Los Angeles ( ; es, Los Ángeles, link=no , ), often referred to by its initials L.A., is the largest city in the state of California and the second most populous city in the United States after New York City, as well as one of the wor ...
, but later framed them for erasing the system files at US Leasing after a falling out, leading to Mitnick's first conviction. * Gary McKinnon is a Scottish hacker who was facing
extradition Extradition is an action wherein one jurisdiction delivers a person accused or convicted of committing a crime in another jurisdiction, over to the other's law enforcement. It is a cooperative law enforcement procedure between the two jurisd ...
to the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., federal district, five ma ...
to face criminal charges. Many people in the UK called on the authorities to be lenient with McKinnon, who has Asperger syndrome. The extradition has now been dropped. * Gordon Lyon, known by the handle Fyodor, authored the Nmap Security Scanner as well as many network security books and web sites. He is a founding member of the Honeynet Project and Vice President of Computer Professionals for Social Responsibility. * Guccifer 2.0, who claimed that he hacked into the
Democratic National Committee The Democratic National Committee (DNC) is the governing body of the United States Democratic Party. The committee coordinates strategy to support Democratic Party candidates throughout the country for local, state, and national office, as well ...
(DNC) computer network * Jacob Appelbaum is an advocate, security researcher, and developer for the Tor project. He speaks internationally for usage of Tor by human rights groups and others concerned about Internet anonymity and censorship. * Joanna Rutkowska is a Polish computer security researcher who developed the Blue Pill rootkit and Qubes OS. * Jude Milhon (known as St. Jude) was an American hacker and activist, founding member of the cypherpunk movement, and one of the creators of Community Memory, the first public computerized bulletin board system. * Kevin Mitnick is a computer security consultant and author, formerly the most wanted computer criminal in
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., federal district, five ma ...
history. * Len Sassaman was a Belgian computer programmer and technologist who was also a privacy advocate. * Meredith L. Patterson is a well-known technologist and biohacker who has presented research with Dan Kaminsky and Len Sassaman at many international security and hacker conferences. *
Kimberley Vanvaeck Kimberley Vanvaeck, also known by her online moniker Gigabyte, is a virus writer from Belgium known for a long-standing dispute which involved the internet security firm Sophos and one of its employees, Graham Cluley. Vanvaeck wrote several viruse ...
(known as Gigabyte) is a Belgian hacker recognized for writing the first virus in C#. * Michał Zalewski (lcamtuf) is a prominent security researcher. *
Solar Designer Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the ...
is the pseudonym of the founder of the Openwall Project. * Kane Gamble, sentenced to 2 years in youth detention, who is autistic, gained access to highly sensitive information and "cyber-terrorised" high-profile U.S. intelligence officials such as then CIA chief John Brennan or Director of National Intelligence James Clapper.


Customs

The computer underground has produced its own specialized slang, such as
1337 Year 1337 ( MCCCXXXVII) was a common year starting on Wednesday (link will display the full calendar) of the Julian calendar. Events January–December * March 16 – Edward, the Black Prince establishes the Duchy of Cornwall, beco ...
speak. Writing software and performing other activities to support these views is referred to as hacktivism. Some consider illegal cracking ethically justified for these goals; a common form is website defacement. The computer underground is frequently compared to the Wild West. It is common for hackers to use aliases to conceal their identities.


Hacker groups and conventions

The computer underground is supported by regular real-world gatherings called hacker conventions or "hacker cons". These events include SummerCon (Summer), DEF CON,
HoHoCon HoHoCon (or XmasCon) was a conference series which took place shortly before or after Christmas in Houston, Texas, sponsored by Drunkfux and the hacker ezine Cult of the Dead Cow. The fourth and fifth HoHoCons were also sponsored by ''Phrack'' mag ...
(Christmas), ShmooCon (February),
BlackHat A Black Hat (Black Hat Hacker or Blackhat) is a computer hacker who usually violates laws or typical ethical standards. The term originates from the 1950s westerns, when bad guys typically wore black hats and good guys white hats. Black hat hacke ...
, Chaos Communication Congress, AthCon, Hacker Halted, and HOPE. Local Hackfest groups organize and compete to develop their skills to send a team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker groups became popular in the early 1980s, providing access to hacking information and resources and a place to learn from other members. Computer bulletin board systems (BBSs), such as the Utopias, provided platforms for information-sharing via dial-up modem. Hackers could also gain credibility by being affiliated with elite groups.


Consequences for malicious hacking


India


Netherlands

* Article 138ab of
Wetboek van Strafrecht The Netherlands uses Civil law (legal system), civil law. The role of case law is small in theory, although in practice it is impossible to understand the law in many fields without also taking into account the relevant case law. The Dutch system ...
prohibits ''computervredebreuk'', which is defined as intruding an automated work or a part thereof with intention and against the law. Intrusion is defined as access by means of: **Defeating
security measures Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social g ...
**By technical means **By false signals or a false cryptographic key **By the use of stolen
usernames A user is a person who utilizes a computer or network service. A user often has a user account and is identified to the system by a username (or user name). Other terms for username include login name, screenname (or screen name), account ...
and passwords. Maximum imprisonment is one year or a fine of the fourth category.


United States

, more commonly known as the Computer Fraud and Abuse Act, prohibits unauthorized access or damage of "protected computers". "Protected computers" are defined in as: * A computer exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government. * A computer which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; The maximum imprisonment or fine for violations of the ''Computer Fraud and Abuse Act'' depends on the severity of the violation and the offender's history of violations under the ''Act''. The FBI has demonstrated its ability to recover ransoms paid in
cryptocurrency A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. It ...
by victims of cybertheft.


Hacking and the media


Hacker magazines

The most notable hacker-oriented print publications are '' Phrack'', ''Hakin9'' and ''
2600: The Hacker Quarterly ''2600: The Hacker Quarterly'' is an American seasonal publication of technical information and articles, many of which are written and submitted by the readership, on a variety of subjects including hacking, telephone switching systems, Intern ...
''. While the information contained in hacker magazines and ezines was often outdated by the time they were published, they enhanced their contributors' reputations by documenting their successes.


Hackers in fiction

Hackers often show an interest in fictional
cyberpunk Cyberpunk is a subgenre of science fiction in a dystopian Futurism, futuristic setting that tends to focus on a "combination of low-life, lowlife and high tech", featuring futuristic technological and scientific achievements, such as artificial in ...
and cyberculture literature and movies. The adoption of fictional
pseudonym A pseudonym (; ) or alias () is a fictitious name that a person or group assumes for a particular purpose, which differs from their original or true name (orthonym). This also differs from a new name that entirely or legally replaces an individua ...
s, symbols, values and
metaphor A metaphor is a figure of speech that, for rhetorical effect, directly refers to one thing by mentioning another. It may provide (or obscure) clarity or identify hidden similarities between two different ideas. Metaphors are often compared wit ...
s from these works is very common.


Books

* The
cyberpunk Cyberpunk is a subgenre of science fiction in a dystopian Futurism, futuristic setting that tends to focus on a "combination of low-life, lowlife and high tech", featuring futuristic technological and scientific achievements, such as artificial in ...
novels of
William Gibson William Ford Gibson (born March 17, 1948) is an American-Canadian speculative fiction writer and essayist widely credited with pioneering the science fiction subgenre known as ''cyberpunk''. Beginning his writing career in the late 1970s, hi ...
especially the Sprawl trilogyare very popular with hackers. * Helba from the ''
.hack ''.hack'' (pronounced "Dot Hack") is a Japanese multimedia franchise that encompasses two projects: Project .hack and .hack Conglomerate. They were primarily created and developed by CyberConnect2, and published by Bandai Namco Entertainment. ...
'' manga and anime series * Merlin of Amber, the protagonist of the second series in '' The Chronicles of Amber'' by
Roger Zelazny Roger Joseph Zelazny (May 13, 1937 – June 14, 1995) was an American poet and writer of fantasy and science fiction short stories and novels, best known for '' The Chronicles of Amber''. He won the Nebula Award three times (out of 14 nom ...
, is a young immortal hacker-mage prince who has the ability to traverse shadow dimensions. *
Lisbeth Salander Lisbeth Salander is a fictional character created by Swedish author and journalist Stieg Larsson in his award-winning ''Millennium'' series. She first appeared in the 2005 novel '' The Girl with the Dragon Tattoo'', as an asocial computer hacke ...
in '' The Girl with the Dragon Tattoo'' by
Stieg Larsson Karl Stig-Erland "Stieg" Larsson (, ; 15 August 1954 – 9 November 2004) was a Swedish writer, journalist, and activist. He is best known for writing the ''Millennium'' trilogy of crime novels, which were published posthumously, starting in 2 ...
* Alice from '' Heaven's Memo Pad'' * ''
Ender's Game ''Ender's Game'' is a 1985 military science fiction novel by American author Orson Scott Card. Set at an unspecified date in Earth's future, the novel presents an imperiled humankind after two conflicts with an insectoid alien species they d ...
'' by
Orson Scott Card Orson Scott Card (born August 24, 1951) is an American writer known best for his science fiction works. He is the first and (as of 2022) only person to win both a Hugo Award and a Nebula Award in consecutive years, winning both awards for bo ...
* '' Evil Genius'' by Catherine Jinks * ''Hackers'' (anthology) by Jack Dann and Gardner Dozois * '' Little Brother'' by
Cory Doctorow Cory Efram Doctorow (; born July 17, 1971) is a Canadian-British blogger, journalist, and science fiction author who served as co-editor of the blog '' Boing Boing''. He is an activist in favour of liberalising copyright laws and a proponent o ...
* '' Neuromancer'' by
William Gibson William Ford Gibson (born March 17, 1948) is an American-Canadian speculative fiction writer and essayist widely credited with pioneering the science fiction subgenre known as ''cyberpunk''. Beginning his writing career in the late 1970s, hi ...
* '' Snow Crash'' by Neal Stephenson


Films

* '' Antitrust'' * ''
Blackhat A Black Hat (Black Hat Hacker or Blackhat) is a computer hacker who usually violates laws or typical ethical standards. The term originates from the 1950s westerns, when bad guys typically wore black hats and good guys white hats. Black hat hacke ...
'' * '' Cypher'' * '' Eagle Eye'' * '' Enemy of the State'' * '' Firewall'' * ''
Girl With The Dragon Tattoo ''The Girl with the Dragon Tattoo'' (original title in sv, Män som hatar kvinnor , lit=''Men Who Hate Women'') is a psychological thriller novel by Swedish author and journalist Stieg Larsson (1954–2004). It was published posthumously in 2 ...
'' * '' Hackers'' * '' Live Free or Die Hard'' * ''The Matrix'' series * '' The Net'' * '' The Net 2.0'' * '' Pirates of Silicon Valley'' * '' Skyfall'' * ''
Sneakers Sneakers (also called trainers, athletic shoes, tennis shoes, gym shoes, kicks, sport shoes, flats, running shoes, or runners) are shoes primarily designed for sports or other forms of physical exercise, but which are now also widely used fo ...
'' * '' Swordfish'' * '' Terminator 2: Judgment Day'' * '' Terminator Salvation'' * '' Take Down'' * '' Tron'' * '' Tron: Legacy'' * '' Untraceable'' * '' WarGames'' * ''
Weird Science Weird Science is the name of: * ''Weird Science'' (film), a 1985 film directed by John Hughes ** ''Weird Science'' (TV series), a television series based on the film ** "Weird Science" (song), the theme song to the film and the TV series by Oing ...
'' * '' The Fifth Estate'' * '' Who Am I – No System Is Safe (film)''


Non-fiction books

* ''
The Art of Deception ''The Art of Deception'' is a book by Kevin Mitnick that covers the art of social engineering. Part of the book is composed of real stories and examples of how social engineering can be combined with hacking. All, or nearly all, of the example ...
'' by Kevin Mitnick * '' The Art of Intrusion'' by Kevin Mitnick * '' The Cuckoo's Egg'' by Clifford Stoll * '' Ghost in the Wires: My Adventures as the World's Most Wanted Hacker'' by Kevin Mitnick * '' The Hacker Crackdown'' by Bruce Sterling * '' The Hacker's Handbook'' by Hugo Cornwall (Peter Sommer) * '' Hacking: The Art of Exploitation Second Edition'' by Jon Erickson * '' Out of the Inner Circle'' by Bill Landreth and Howard Rheingold * '' Underground'' by
Suelette Dreyfus Suelette Dreyfus is a technology researcher, journalist, and writer. Her fields of research include information systems, digital security and privacy, the impact of technology on whistleblowing, health informatics and e-education. Her work exami ...


See also

* Cracking of wireless networks * Cyber spying * Cyber Storm Exercise *
Cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing t ...
* Hacker culture * Hacker (expert) * Hacker Manifesto * IT risk * Mathematical beauty * Metasploit Project * Penetration test * Technology assessment *
Vulnerability (computing) Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...


References


Further reading

* * * * * * * * * * * *


External links


CNN Tech PCWorld Staff (November 2001). Timeline: A 40-year history of hacking from 1960 to 2001

Can Hackers Be Heroes?
Video produced by Off Book (web series) {{DEFAULTSORT:Hacker (Computer Security) Computer occupations Identity theft Illegal occupations Computer security Security breaches