A security hacker is someone who explores methods for breaching defenses and
exploiting weaknesses in a
computer system
A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These progr ...
or
network
Network, networking and networked may refer to:
Science and technology
* Network theory, the study of graphs as a representation of relations between discrete objects
* Network science, an academic field that studies complex networks
Mathematics
...
. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation,
or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.
The subculture that has evolved around hackers is often referred to as the "computer underground".
Longstanding controversy surrounds the meaning of the term "
hacker
A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
." In this controversy,
computer programmers
A computer programmer, sometimes referred to as a software developer, a software engineer, a programmer or a coder, is a person who creates computer programs — often for larger computer software.
A programmer is someone who writes/creates ...
reclaim the term ''hacker'', arguing that it refers simply to someone with an advanced understanding of computers and computer networks and that ''cracker'' is the more appropriate term for those who break into computers, whether computer criminals (
black hats) or computer security experts (
white hats). A 2014 article noted that "the black-hat meaning still prevails among the general public".
History
Birth of subculture and entering mainstream: 1960's-1980's
The subculture around such hackers is termed network hacker subculture, hacker scene, or computer underground. It initially developed in the context of
phreaking
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. The term ''phreak'' is a ...
during the 1960s and the microcomputer
BBS scene of the 1980s. It is implicated with ''
2600: The Hacker Quarterly'' and the ''
alt.2600
The ''alt.*'' hierarchy is a major class of newsgroups in Usenet, containing all newsgroups whose name begins with "''alt.''", organized hierarchically. The ''alt.*'' hierarchy is not confined to newsgroups of any specific subject or type, alth ...
'' newsgroup.
In 1980, an article in the August issue of ''
Psychology Today
''Psychology Today'' is an American media organization with a focus on psychology and human behavior. It began as a bimonthly magazine, which first appeared in 1967. The ''Psychology Today'' website features therapy and health professionals direct ...
'' (with commentary by
Philip Zimbardo
Philip George Zimbardo (; born March 23, 1933) is an American psychologist and a professor emeritus at Stanford University. He became known for his 1971 Stanford prison experiment, which was later severely criticized for both ethical and scient ...
) used the term "hacker" in its title: "The Hacker Papers." It was an excerpt from a Stanford Bulletin Board discussion on the addictive nature of computer use. In the 1982 film ''
Tron
''Tron'' (stylized as ''TRON'') is a 1982 American science fiction action-adventure film written and directed by Steven Lisberger from a story by Lisberger and Bonnie MacBird. The film stars Jeff Bridges as Kevin Flynn, a computer programmer a ...
'', Kevin Flynn (
Jeff Bridges
Jeffrey Leon Bridges (born December 4, 1949) is an American actor. He has received various accolades throughout his career spanning over seven decades, including an Academy Award and two Golden Globe Awards.
Bridges comes from a prominent a ...
) describes his intentions to break into ENCOM's computer system, saying "I've been doing a little hacking here." CLU is the
software
Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work.
At the lowest programming level, executable code consists ...
he uses for this. By 1983, hacking in the sense of breaking computer security had already been in use as computer jargon, but there was no public awareness about such activities. However, the release of the film ''
WarGames
''WarGames'' is a 1983 American science fiction techno-thriller film written by Lawrence Lasker and Walter F. Parkes and directed by John Badham. The film, which stars Matthew Broderick, Dabney Coleman, John Wood, and Ally Sheedy, follows Dav ...
'' that year, featuring a computer intrusion into
NORAD
North American Aerospace Defense Command (NORAD ), known until March 1981 as the North American Air Defense Command, is a combined organization of the United States and Canada that provides aerospace warning, air sovereignty, and protection ...
, raised the public belief that computer security hackers (especially teenagers) could be a threat to national security. This concern became real when, in the same year, a gang of teenage hackers in
Milwaukee, Wisconsin
Milwaukee ( ), officially the City of Milwaukee, is both the most populous and most densely populated city in the U.S. state of Wisconsin and the county seat of Milwaukee County, Wisconsin, Milwaukee County. With a population of 577,222 at th ...
, known as
The 414s
The 414s were a group of Hacker (computer security), computer hackers from Milwaukee who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Memorial Sloan-Kettering Cancer Center, Sloan-Kettering ...
, broke into computer systems throughout the
United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
and
Canada
Canada is a country in North America. Its ten provinces and three territories extend from the Atlantic Ocean to the Pacific Ocean and northward into the Arctic Ocean, covering over , making it the world's second-largest country by tot ...
, including those of
Los Alamos National Laboratory
Los Alamos National Laboratory (often shortened as Los Alamos and LANL) is one of the sixteen research and development laboratories of the United States Department of Energy (DOE), located a short distance northwest of Santa Fe, New Mexico, ...
,
Sloan-Kettering Cancer Center and
Security Pacific Bank
Security Pacific National Bank (SPNB) was a large U.S. bank headquartered in Los Angeles, California. It was acquired by Bank of America in 1992.
History
On September 1, 1868, Hellman, Temple and Co. opened their first bank branch in Los ...
.
The case quickly grew media attention,
and 17-year-old Neal Patrick emerged as the spokesman for the gang, including a cover story in ''
Newsweek
''Newsweek'' is an American weekly online news magazine co-owned 50 percent each by Dev Pragad, its president and CEO, and Johnathan Davis (businessman), Johnathan Davis, who has no operational role at ''Newsweek''. Founded as a weekly print m ...
'' entitled "Beware: Hackers at play", with Patrick's photograph on the cover.
The ''
Newsweek
''Newsweek'' is an American weekly online news magazine co-owned 50 percent each by Dev Pragad, its president and CEO, and Johnathan Davis (businessman), Johnathan Davis, who has no operational role at ''Newsweek''. Founded as a weekly print m ...
'' article appears to be the first use of the word ''hacker'' by the mainstream media in the pejorative sense.
Pressured by media coverage, congressman
Dan Glickman
Daniel Robert Glickman (born November 24, 1944) is an American politician, lawyer, lobbyist, and nonprofit leader. He served as the United States Secretary of Agriculture from 1995 until 2001, prior to which he represented as a Democrat in Congr ...
called for an investigation and began work on new laws against computer hacking.
Neal Patrick testified before the
U.S. House of Representatives
The United States House of Representatives, often referred to as the House of Representatives, the U.S. House, or simply the House, is the lower chamber of the United States Congress, with the Senate being the upper chamber. Together they ...
on September 26, 1983, about the dangers of computer hacking, and six bills concerning computer crime were introduced in the House that year.
As a result of these laws against computer criminality, white hat,
grey hat
A grey hat (greyhat or gray hat) is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.
The term came into us ...
and black hat hackers try to distinguish themselves from each other, depending on the legality of their activities. These moral conflicts are expressed in
The Mentor's "
The Hacker Manifesto
__NOTOC__
''The Conscience of a Hacker'' (also known as ''The Hacker Manifesto'') is a small essay written January 8, 1986 by a computer security hacker who went by the handle (or pseudonym) of The Mentor (born Loyd Blankenship), who belonged t ...
", published 1986 in ''
Phrack
''Phrack'' is an e-zine written by and for hackers, first published November 17, 1985. Described by Fyodor as "the best, and by far the longest running hacker zine," the magazine is open for contributions by anyone who desires to publish remarkabl ...
''.
Use of the term hacker meaning computer criminal was also advanced by the title "Stalking the Wily Hacker", an article by
Clifford Stoll
Clifford Paul "Cliff" Stoll (born June 4, 1950) is an American astronomer, author and teacher.
He is best known for his investigation in 1986, while working as a systems administrator at the Lawrence Berkeley National Laboratory, that led to t ...
in the May 1988 issue of the ''
Communications of the ACM
''Communications of the ACM'' is the monthly journal of the Association for Computing Machinery (ACM). It was established in 1958, with Saul Rosen as its first managing editor. It is sent to all ACM members.
Articles are intended for readers with ...
''. Later that year, the release by
Robert Tappan Morris, Jr.
Robert Tappan Morris (born November 8, 1965) is an American computer scientist and entrepreneur. He is best known for creating the Morris worm in 1988, considered the first computer worm on the Internet.
Morris was prosecuted for releasing t ...
of the so-called
Morris worm provoked the popular media to spread this usage. The popularity of Stoll's book ''
The Cuckoo's Egg
''The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage'' is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National ...
'', published one year later, further entrenched the term in the public's consciousness.
Classifications
In computer security, a hacker is someone who focuses on the security mechanisms of computer and network systems. Hackers can include someone who endeavors to strengthen security mechanisms by exploring their weaknesses and also those who seek to access secure, unauthorized information despite security measures. Nevertheless, parts of the subculture see their aim in correcting security problems and use the word in a positive sense. White hat is the name given to ethical computer hackers, who utilize hacking in a helpful way. White hats are becoming a necessary part of the information security field. They operate under a code, which acknowledges that breaking into other people's computers is bad, but that discovering and exploiting security mechanisms and breaking into computers is still an interesting activity that can be done ethically and legally. Accordingly, the term bears strong connotations that are favorable or pejorative, depending on the context.
Subgroups of the computer underground with different attitudes and motives use different terms to demarcate themselves from each other. These classifications are also used to exclude specific groups with whom they do not agree.
Cracker
Eric S. Raymond
Eric Steven Raymond (born December 4, 1957), often referred to as ESR, is an American software developer, open-source software advocate, and author of the 1997 essay and 1999 book ''The Cathedral and the Bazaar''. He wrote a guidebook for the ...
, author of ''
The New Hacker's Dictionary'', advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as a wider hacker culture, a view that Raymond has harshly rejected. Instead of a hacker/cracker dichotomy, they emphasize a spectrum of different categories, such as
white hat
White hat, white hats, or white-hat may refer to:
Art, entertainment, and media
* White hat, a way of thinking in Edward de Bono's book ''Six Thinking Hats''
* White hat, part of black and white hat symbolism in film
Other uses
* White hat (compu ...
,
grey hat
A grey hat (greyhat or gray hat) is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.
The term came into us ...
,
black hat
Black hat, blackhats, or black-hat refers to:
Arts, entertainment, and media
* Black hat (computer security), a hacker who violates computer security for little reason beyond maliciousness or for personal gain
* Black hat, part of black and whit ...
and
script kiddie
A script kiddie, skiddie, kiddie, or skid is an unskilled individual who uses scripts or programs developed by others, primarily for malicious purposes.
Characteristics
In a Carnegie Mellon report prepared for the U.K. Department of Defense in 2 ...
. In contrast to Raymond, they usually reserve the term ''cracker'' for more malicious activity.
According to Ralph D. Clifford, a ''cracker'' or ''cracking'' is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system." These subgroups may also be defined by the legal status of their activities.
White hat
A
white hat hacker
A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabil ...
breaks security for non-malicious reasons, either to test their own security system, perform
penetration test
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...
s or
vulnerability assessment
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, informatio ...
s for a client, or while working for a security company that makes security software. The term is generally synonymous with
ethical hacker, and the EC-Council, among others, have developed certifications, courseware, classes, and online training covering the diverse arena of ethical hacking.
Black hat
A
black hat hacker
A Black Hat (Black Hat Hacker or Blackhat) is a computer hacker who usually violates laws or typical ethical standards. The term originates from the 1950s westerns, when bad guys typically wore black hats and good guys white hats. Black hat hacker ...
is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005).
[Robert Moore] The term was coined by
Richard Stallman
Richard Matthew Stallman (; born March 16, 1953), also known by his initials, rms, is an American free software movement activist and programmer. He campaigns for software to be distributed in such a manner that its users have the freedom to ...
, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration in
hacker culture
The hacker culture is a subculture of individuals who enjoy—often in collective effort—the intellectual challenge of creatively overcoming the limitations of software systems or electronic hardware (mostly digital electronics), to a ...
, or the ethos of the
white hat hacker
A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabil ...
who performs hacking duties to identify places to repair or as a means of legitimate employment. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".
Grey hat
A grey hat hacker lies between a black hat and a white hat hacker, hacking for ideological reasons. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee.
Grey hat hackers sometimes find the defect in a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.
Elite hacker
A
social status
Social status is the level of social value a person is considered to possess. More specifically, it refers to the relative level of respect, honour, assumed competence, and deference accorded to people, groups, and organizations in a society. Stat ...
among hackers, ''elite'' is used to describe the most skilled. Newly discovered
exploits circulate among these hackers. Elite
groups
A group is a number of persons or things that are located, gathered, or classed together.
Groups of people
* Cultural group, a group whose members share the same cultural identity
* Ethnic group, a group whose members share the same ethnic ide ...
such as
Masters of Deception
Masters of Deception (MOD) was a New York–based group of hackers, most widely known in media for their exploits of telephone company infrastructure and later prosecution.
Origin of Masters of Deception
MOD's initial membership grew from m ...
conferred a kind of credibility on their members.
Script kiddie
A
script kiddie
A script kiddie, skiddie, kiddie, or skid is an unskilled individual who uses scripts or programs developed by others, primarily for malicious purposes.
Characteristics
In a Carnegie Mellon report prepared for the U.K. Department of Defense in 2 ...
(also known as a ''skid'' or ''skiddie'') is an unskilled hacker who breaks into computer systems by using automated tools written by others (usually by other black hat hackers), hence the term script (i.e. a computer script that automates the hacking) kiddie (i.e. kid, child an individual lacking knowledge and experience, immature),
usually with little understanding of the underlying concept.
Neophyte
A neophyte ("
newbie
Newbie, newb, noob, noobie, n00b or nub is a slang term for a novice or newcomer, or somebody inexperienced in a profession or activity. Contemporary use can particularly refer to a beginner or new user of computers, often concerning Internet ac ...
", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.
Blue hat
A
blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed.
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
also uses the term ''BlueHat'' to represent a series of security briefing events.
Hacktivist
A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.
Hacktivism
In Internet activism, hacktivism, or hactivism (a portmanteau of ''hack'' and ''activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hack ...
can be divided into two main groups:
*
Cyberterrorism
Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, la ...
– Activities involving
website defacement
Website defacement is an attack on a website that changes the visual appearance of a website or a web page. These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own. Defacement ...
or
denial-of-service attack
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
s; and,
*
Freedom of information
Freedom of information is freedom of a person or people to publish and consume information. Access to information is the ability for an individual to seek, receive and impart information effectively. This sometimes includes "scientific, indigeno ...
– Making information that is not public, or is public in non-machine-readable formats, accessible to the public.
Nation state
Intelligence agencies and
cyberwarfare
Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic war ...
operatives of nation states.
Organized criminal gangs
Groups of hackers that carry out organized criminal activities for profit.
Modern-day
computer hackers
A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge ...
have been compared to the
privateer
A privateer is a private person or ship that engages in maritime warfare under a commission of war. Since robbery under arms was a common aspect of seaborne trade, until the early 19th century all merchant ships carried arms. A sovereign or deleg ...
s of by-gone days. These criminals hold computer systems hostage, demanding large payments from victims to restore access to their own computer systems and data. Furthermore, recent
ransomware
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
attacks on industries, including energy, food, and transportation, have been blamed on
criminal organization
Organized crime (or organised crime) is a category of transnational, national, or local groupings of highly centralized enterprises run by criminals to engage in illegal activity, most commonly for profit. While organized crime is generally th ...
s based in or near a
state actor
In United States constitutional law, a state actor is a person who is acting on behalf of a governmental body, and is therefore subject to limitations imposed on government by the United States Constitution, including the First, Fifth, and Fourt ...
– possibly with the country’s knowledge and approval.
Cyber theft and ransomware attacks are now the fastest-growing crimes in the United States.
Bitcoin
Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distr ...
and other
cryptocurrencies
A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank
A bank is a financial i ...
facilitate the
extortion
Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, ...
of huge ransoms from large companies, hospitals and city governments with little or no chance of being caught.
Attacks
Hackers can usually be sorted into two types of attacks: mass attacks and targeted attacks.
They are sorted into the groups in terms of how they choose their victims and how they act on the attacks.
A typical approach in an attack on Internet-connected system is:
#
Network enumeration: Discovering information about the intended target.
#
Vulnerability analysis
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally."
A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
: Identifying potential ways of attack.
#
Exploitation
Exploitation may refer to:
*Exploitation of natural resources
*Exploitation of labour
** Forced labour
*Exploitation colonialism
*Slavery
** Sexual slavery and other forms
*Oppression
*Psychological manipulation
In arts and entertainment
*Exploi ...
: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.
In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.
Security exploits
A security exploit is a prepared application that takes advantage of a known weakness.
Common examples of security exploits are
SQL injection
In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL inj ...
,
cross-site scripting
Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may ...
and
cross-site request forgery
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced ''sea-surf'') or XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are submitt ...
which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through
File Transfer Protocol
The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...
(FTP),
Hypertext Transfer Protocol
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
(HTTP),
PHP
PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group. ...
,
SSH
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH applications are based on ...
,
Telnet
Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...
and some Web pages. These are very common in Web site and Web domain hacking.
Techniques
;Vulnerability scanner
:A
vulnerability scanner
A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detecti ...
is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use
port scanner
A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host ...
s. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (
Firewalls defend computers from intruders by limiting access to ports and machines, but they can still be circumvented.)
;Finding vulnerabilities
:Hackers may also attempt to find vulnerabilities manually. A common approach is to search for possible vulnerabilities in the code of the computer system then test them, sometimes
reverse engineering
Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
the software if the code is not provided. Experienced hackers can easily find patterns in code to find common vulnerabilities.
;Brute-force attack
:Password guessing.
Brute-force attacks
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct ...
are used to quickly check all short password variations. For longer passwords, other methods such as the dictionary attack are used, because of the amount of time a brute-force search takes.
;Password cracking
:
Password cracking
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try ...
is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Common approaches include repeatedly trying guesses for the password, trying the most common passwords by hand, and repeatedly trying passwords from a "dictionary," or a text file with many passwords.
;Packet analyzer
:A
packet analyzer
A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or p ...
("packet sniffer") is an application that captures data packets, which can be used to capture passwords and other
data in transit
Data in transit, also referred to as data in motion and data in flight, is data en route between source and destination, typically on a computer network.
Data in transit can be separated into two categories: information that flows over the publi ...
over the network.
;Spoofing attack (phishing)
:A
spoofing attack
In the context of information security, and especially network security, a spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage.
Internet Spoofing an ...
involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program – usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.
;Rootkit
:A
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
is a program that uses low-level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent their removal through a subversion of standard system security. They may include replacements for system binaries, making it virtually impossible for them to be detected by checking
process tables.
;Social engineering
:In the second stage of the targeting process, hackers often use
social engineering tactics to get enough information to access the network. They may contact the system administrator and pose as a user who cannot get access to his or her system. This technique is portrayed in the 1995 film ''
Hackers
A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
'', when protagonist Dade "Zero Cool" Murphy calls a somewhat clueless employee in charge of security at a television network. Posing as an accountant working for the same company, Dade tricks the employee into giving him the phone number of a modem so he can gain access to the company's computer system.
:Hackers who use this technique must be familiar with their target's security practices in order to trick the system administrator into giving them information. In some cases, a help-desk employee with limited security experience will answer the phone and be relatively easy to trick. Another approach is for the hacker to pose as an angry supervisor, and when his/her authority is questioned, threaten to fire the help-desk worker. Social engineering is very effective, because users are the most vulnerable part of an organization. No security devices or programs can keep an organization safe if an employee reveals a password to an unauthorized person.
:Social engineering can be broken down into four sub-groups:
:* ''Intimidation'' As in the "angry supervisor" technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them. At this point, many people accept that the hacker is a supervisor and give them the information they seek.
:* ''Helpfulness'' The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.) it usually has the authority to change or reset passwords, which is exactly what the hacker wants.
:* ''Name-dropping'' The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate user him or herself. Some of these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded documents (
"dumpster diving").
:* ''Technical'' Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record-keeping purposes.
;Trojan horses
:A
Trojan horse
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
is a program that seems to be doing one thing but is actually doing another. It can be used to set up a
back door in a computer system, enabling the intruder to gain access later. (The name refers to the
horse
The horse (''Equus ferus caballus'') is a domesticated, one-toed, hoofed mammal. It belongs to the taxonomic family Equidae and is one of two extant subspecies of ''Equus ferus''. The horse has evolved over the past 45 to 55 million y ...
from the
Trojan War
In Greek mythology, the Trojan War was waged against the city of Troy by the Achaeans (Greeks) after Paris of Troy took Helen from her husband Menelaus, king of Sparta. The war is one of the most important events in Greek mythology and has ...
, with the conceptually similar function of deceiving defenders into bringing an intruder into a protected area.)
;Computer virus
:A
virus
A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea.
Since Dmitri Ivanovsky's 1 ...
is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a
biological virus
A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea.
Since Dmitri Ivanovsky's ...
, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious.
;Computer worm
:Like a virus, a
worm
Worms are many different distantly related bilateral animals that typically have a long cylindrical tube-like body, no limbs, and no eyes (though not always).
Worms vary in size from microscopic to over in length for marine polychaete wor ...
is also a self-replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms "virus" and "worm" interchangeably to describe any self-propagating program.
;Keystroke logging
:A
keylogger
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
is a tool designed to record ("log") every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access to confidential information typed on the affected machine. Some keyloggers use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used for legitimate purposes, even to enhance computer security. For example, a business may maintain a keylogger on a computer used at a
point of sale
The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
to detect evidence of employee fraud.
;Attack patterns
:
Attack patterns
In computer science, attack patterns are a group of rigorous methods for finding software bug, bugs or errors in code related to computer security.
Attack patterns are often used for testing purposes and are very important for ensuring that potent ...
are defined as series of repeatable steps that can be applied to simulate an attack against the security of a system. They can be used for testing purposes or locating potential vulnerabilities. They also provide, either physically or in reference, a common solution pattern for preventing a given attack.
Tools and Procedures
:A thorough examination of hacker tools and procedures may be found in Cengage Learning's E, CSA certification workbook.
Notable intruders and criminal hackers
Notable security hackers
*
Andrew Auernheimer, sentenced to 3 years in prison, is a grey hat hacker whose security group
Goatse Security
Goatse Security (GoatSec) was a loose-knit, nine-person grey hat hacker group that specialized in uncovering security flaws. It was a division of the anti-blogging Internet trolling organization known as the Gay Nigger Association of America ( ...
exposed a flaw in AT&T's iPad security.
*
Dan Kaminsky
Daniel Kaminsky (February 7, 1979 – April 23, 2021) was an American computer security researcher. He was a co-founder and chief scientist of WhiteOps, a computer security company. He previously worked for Cisco, Avaya, and IOActive, where h ...
was a
DNS
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
expert who exposed multiple flaws in the protocol and investigated Sony's rootkit security issues in 2005. He spoke in front of the United States Senate on technology issues.
*
Ed Cummings (also known as
Bernie S Bernie S. (born Edward Cummings) is a computer hacker living in Philadelphia, Pennsylvania. He was a regular panelist on the WBAI radio show '' Off the Hook''. In 2001 he appeared in '' Freedom Downtime'', a documentary produced by 2600 Films.
Conf ...
) is a longstanding writer for ''2600: The Hacker Quarterly''. In 1995, he was arrested and charged with possession of technology that could be used for fraudulent purposes, and set legal precedents after being denied both a bail hearing and a speedy trial.
*
Eric Corley
Eric Gordon Corley (born December 16, 1959), also frequently referred to by his pen name of Emmanuel Goldstein, is a figure in the hacker community. He directs the non-profit organization 2600 Enterprises, Inc., publishes a magazine called '' 2600 ...
(also known as
Emmanuel Goldstein
Emmanuel Goldstein is a fictional character in George Orwell's 1949 dystopian novel ''Nineteen Eighty-Four''. He is the principal enemy of the state according to the Party of the totalitarian Oceania. He is depicted as the head of a mysterious ...
) is the longstanding publisher of ''
2600: The Hacker Quarterly''. He is also the founder of the
Hackers on Planet Earth
The Hackers on Planet Earth (HOPE) conference series is a hacker convention sponsored by the security hacker magazine '' 2600: The Hacker Quarterly'' that until 2020 was typically held at Hotel Pennsylvania, in Manhattan, New York City. Occ ...
(HOPE) conferences. He has been part of the hacker community since the late 1970s.
*
Susan Headley (also known as Susan Thunder), was an American hacker active during the late 1970s and early 1980s widely respected for her expertise in
social engineering,
pretexting
Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that t ...
, and
psychological subversion
Psychological subversion (PsychSub) is the name given by Susan Headley to a method of verbally manipulating people for information. It is similar in practice to so-called social engineering and pretexting, but has a more military focus to it. ...
. She became heavily involved in
phreaking
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. The term ''phreak'' is a ...
with
Kevin Mitnick
Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crim ...
and Lewis de Payne in
Los Angeles
Los Angeles ( ; es, Los Ángeles, link=no , ), often referred to by its initials L.A., is the largest city in the state of California and the second most populous city in the United States after New York City, as well as one of the world' ...
, but later framed them for erasing the system files at US Leasing after a falling out, leading to Mitnick's first conviction.
*
Gary McKinnon
Gary McKinnon (born 10 February 1966) is a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the "biggest military computer hack of all time", although McKinnon himself states that he was merely looking for evi ...
is a Scottish hacker who was facing
extradition
Extradition is an action wherein one jurisdiction delivers a person accused or convicted of committing a crime in another jurisdiction, over to the other's law enforcement. It is a cooperative law enforcement procedure between the two jurisdict ...
to the
United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
to face criminal charges. Many people in the UK called on the authorities to be lenient with McKinnon, who has
Asperger syndrome
Asperger syndrome (AS), also known as Asperger's, is a former neurodevelopmental disorder characterized by significant difficulties in Interpersonal relationship, social interaction and nonverbal communication, along with restricted and re ...
. The extradition has now been dropped.
*
Gordon Lyon
Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) is an American network security expert, creator of Nmap and writer of books, websites, and technical papers about network security. He is a founding member of the Honeynet Project and wa ...
, known by the handle Fyodor, authored the
Nmap Security Scanner as well as many network security books and web sites. He is a founding member of the
Honeynet Project and Vice President of
Computer Professionals for Social Responsibility
Computer Professionals for Social Responsibility (CPSR) was a global organization promoting the responsible use of computer technology. CPSR was incorporated in 1983 following discussions and organizing that began in 1981. It educated policymakers ...
.
*
Guccifer 2.0
"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. S ...
, who claimed that he hacked into the
Democratic National Committee
The Democratic National Committee (DNC) is the governing body of the United States Democratic Party. The committee coordinates strategy to support Democratic Party candidates throughout the country for local, state, and national office, as well a ...
(DNC) computer network
*
Jacob Appelbaum
Jacob Appelbaum (born 1 April 1983) is an American independent journalist, computer security researcher, artist, and hacker. He studied at the Eindhoven University of Technology and was a core member of the Tor project, a free software network ...
is an advocate, security researcher, and developer for the
Tor
Tor, TOR or ToR may refer to:
Places
* Tor, Pallars, a village in Spain
* Tor, former name of Sloviansk, Ukraine, a city
* Mount Tor, Tasmania, Australia, an extinct volcano
* Tor Bay, Devon, England
* Tor River, Western New Guinea, Indonesia
Sc ...
project. He speaks internationally for usage of Tor by human rights groups and others concerned about Internet anonymity and censorship.
*
Joanna Rutkowska
Joanna Rutkowska (born 1981 in Warsaw) is a Polish computer security researcher, primarily known for her research on low-level security and stealth malware, and as founder of the Qubes OS security-focused desktop operating system.
She became kn ...
is a Polish computer security researcher who developed the
Blue Pill rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
and
Qubes OS.
*
Jude Milhon
Judith udeMilhon (March 12, 1939 – July 19, 2003), in Washington D.C., best known by her pseudonym St. Jude, was a self-taught programmer, civil rights advocate, writer, editor, advocate for women in computing, hacker and author in the ...
(known as St. Jude) was an American hacker and activist, founding member of the
cypherpunk
A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal g ...
movement, and one of the creators of
Community Memory
Community Memory (CM) was the first public computerized bulletin board system. Established in 1973 in Berkeley, California, it used an SDS 940 timesharing system in San Francisco connected via a 110 baud link to a teleprinter at a record store in ...
, the first
public computerized bulletin board system.
*
Kevin Mitnick
Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crim ...
is a computer security consultant and author, formerly the most wanted computer criminal in
United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
history.
*
Len Sassaman
Leonard Harris Sassaman (April 9, 1980 – July 3, 2011) was an American technologist, information privacy advocate, and the maintainer of the Mixmaster anonymous remailer code and operator of the ''randseed'' remailer. Much of his career gravita ...
was a Belgian computer programmer and technologist who was also a privacy advocate.
*
Meredith L. Patterson
Meredith L. Patterson (born April 30, 1977) is an American technologist, science fiction writer, and journalist. She has spoken at numerous industry conferences on a wide range of topics. She is also a blogger and software developer, and a lead ...
is a well-known technologist and
biohacker who has presented research with
Dan Kaminsky
Daniel Kaminsky (February 7, 1979 – April 23, 2021) was an American computer security researcher. He was a co-founder and chief scientist of WhiteOps, a computer security company. He previously worked for Cisco, Avaya, and IOActive, where h ...
and
Len Sassaman
Leonard Harris Sassaman (April 9, 1980 – July 3, 2011) was an American technologist, information privacy advocate, and the maintainer of the Mixmaster anonymous remailer code and operator of the ''randseed'' remailer. Much of his career gravita ...
at many international security and hacker conferences.
*
Kimberley Vanvaeck (known as Gigabyte) is a Belgian hacker recognized for writing the first virus in
C#.
*
Michał Zalewski
Michał Zalewski (born 19 January 1981), also known by the user name lcamtuf, is a computer security expert and "white hat" hacker from Poland. He is a former Google Inc. employee (until 2018), and currently the VP of Security Engineering at Sn ...
(lcamtuf) is a prominent security researcher.
*
Solar Designer
Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the f ...
is the pseudonym of the founder of the
Openwall Project
The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall patches and security extensions have been included into many major Linux distribut ...
.
*
Kane Gamble
Kane or KANE may refer to:
Art, entertainment and media Fictional entities
*Kane (comics), the main character of the eponymous comic book series by Paul Grist
*Kane (Command & Conquer), Kane (''Command & Conquer''), character in the ''Command & Co ...
, sentenced to 2 years in youth detention, who is autistic, gained access to highly sensitive information and "cyber-terrorised" high-profile
U.S. intelligence
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territori ...
officials such as then
CIA
The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian intelligence agency, foreign intelligence service of the federal government of the United States, officially tasked with gat ...
chief
John Brennan John Brennan may refer to:
Public officials
* Jack Brennan (born 1937), U.S. Marine officer and aide of Richard Nixon
* John Brennan (CIA officer) (born 1955), former CIA Director
* John P. Brennan (1864–1943), Democratic politician in the U. ...
or Director of National Intelligence
James Clapper
James Robert Clapper Jr. (born March 14, 1941) is a retired lieutenant general in the United States Air Force and former Director of National Intelligence. Clapper has held several key positions within the United States Intelligence Community. H ...
.
Customs
The computer underground
has produced its own specialized slang, such as
1337speak. Writing software and performing other activities to support these views is referred to as
hacktivism
In Internet activism, hacktivism, or hactivism (a portmanteau of ''hack'' and ''activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hack ...
. Some consider illegal cracking ethically justified for these goals; a common form is
website defacement
Website defacement is an attack on a website that changes the visual appearance of a website or a web page. These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own. Defacement ...
. The computer underground is frequently compared to the Wild West. It is common for hackers to use aliases to conceal their identities.
Hacker groups and conventions
The computer underground is supported by regular real-world gatherings called
hacker convention
A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts.
Events
Common activities at hacke ...
s or "hacker cons". These events include
SummerCon (Summer),
DEF CON
DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyer ...
,
HoHoCon (Christmas),
ShmooCon
ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention re ...
(February),
BlackHat,
Chaos Communication Congress
The Chaos Communication Congress is an annual conference organized by the Chaos Computer Club. The congress features a variety of lectures and workshops on technical and political issues related to security, cryptography, privacy and online ...
, AthCon, Hacker Halted, and HOPE. Local Hackfest groups organize and compete to develop their skills to send a team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker groups became popular in the early 1980s, providing access to hacking information and resources and a place to learn from other members. Computer
bulletin board systems
A bulletin board system (BBS), also called computer bulletin board service (CBBS), is a computer server running software that allows users to connect to the system using a terminal program. Once logged in, the user can perform functions such a ...
(BBSs), such as the Utopias, provided platforms for information-sharing via dial-up modem. Hackers could also gain credibility by being affiliated with elite groups.
Consequences for malicious hacking
India
Netherlands
* Article 138ab of
Wetboek van Strafrecht prohibits ''computervredebreuk'', which is defined as intruding an automated work or a part thereof with intention and against the law. Intrusion is defined as access by means of:
**Defeating
security measures
**By technical means
**By false signals or a false
cryptographic key
A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...
**By the use of stolen
usernames and
password
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
s.
Maximum imprisonment is one year or a fine of the fourth category.
United States
, more commonly known as the
Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act of 1986 (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (), which had been included in the Comprehensive Crime Control Act of 1984. The law pr ...
, prohibits unauthorized access or damage of "protected computers". "Protected computers" are defined in as:
* A computer exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government.
* A computer which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
The maximum imprisonment or fine for violations of the ''Computer Fraud and Abuse Act'' depends on the severity of the violation and the offender's history of violations under the ''Act''.
The
FBI
The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...
has demonstrated its ability to recover ransoms paid in
cryptocurrency
A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. It i ...
by victims of cybertheft.
Hacking and the media
Hacker magazines
The most notable hacker-oriented print publications are ''
Phrack
''Phrack'' is an e-zine written by and for hackers, first published November 17, 1985. Described by Fyodor as "the best, and by far the longest running hacker zine," the magazine is open for contributions by anyone who desires to publish remarkabl ...
'', ''Hakin9'' and ''
2600: The Hacker Quarterly''. While the information contained in hacker magazines and
ezine
An online magazine is a magazine published on the Internet, through bulletin board systems and other forms of public computer networks. One of the first magazines to convert from a print magazine format to being online only was the computer magaz ...
s was often outdated by the time they were published, they enhanced their contributors' reputations by documenting their successes.
Hackers in fiction
Hackers often show an interest in fictional
cyberpunk
Cyberpunk is a subgenre of science fiction in a dystopian futuristic setting that tends to focus on a "combination of lowlife and high tech", featuring futuristic technological and scientific achievements, such as artificial intelligence and cyber ...
and
cyberculture
Internet culture is a culture based on the many way people have used computer networks and their use for communication, entertainment, business, and recreation. Some features of Internet culture include online communities, gaming, and social media ...
literature and movies. The adoption of
fictional
Fiction is any creative work, chiefly any narrative work, portraying individuals, events, or places
Place may refer to:
Geography
* Place (United States Census Bureau), defined as any concentration of population
** Census-designated place, ...
pseudonym
A pseudonym (; ) or alias () is a fictitious name that a person or group assumes for a particular purpose, which differs from their original or true name (orthonym). This also differs from a new name that entirely or legally replaces an individua ...
s, symbols, values and
metaphor
A metaphor is a figure of speech that, for rhetorical effect, directly refers to one thing by mentioning another. It may provide (or obscure) clarity or identify hidden similarities between two different ideas. Metaphors are often compared wit ...
s from these works is very common.
Books
* The
cyberpunk
Cyberpunk is a subgenre of science fiction in a dystopian futuristic setting that tends to focus on a "combination of lowlife and high tech", featuring futuristic technological and scientific achievements, such as artificial intelligence and cyber ...
novels of
William Gibson
William Ford Gibson (born March 17, 1948) is an American-Canadian speculative fiction writer and essayist widely credited with pioneering the science fiction subgenre known as ''cyberpunk''. Beginning his writing career in the late 1970s, his ...
especially the
Sprawl trilogy
The Sprawl trilogy (also known as the Neuromancer, Cyberspace, or Matrix trilogy) is William Gibson's first set of novels, composed of ''Neuromancer'' (1984), ''Count Zero'' (1986), and ''Mona Lisa Overdrive'' (1988).
The novels are all set in t ...
are very popular with hackers.
*
Helba
''Project .hack'' and ''.hack Conglomerate,'' both form ''.hack.'' It is a Japanese multimedia franchise primarily developed by CyberConnect2 and published by Bandai. The franchise is set on an Earth with an alternate history. In this timeline, ...
from the ''
.hack
''.hack'' (pronounced "Dot Hack") is a Japanese multimedia franchise that encompasses two projects: Project .hack and .hack Conglomerate. They were primarily created and developed by CyberConnect2, and published by Bandai Namco Entertainment. ...
'' manga and anime series
*
Merlin of Amber ''The Chronicles of Amber'' is a fantasy series written by Roger Zelazny chiefly in ten books published from 1970 to 1991. It features a great variety of characters from a myriad parallel universes (including "our" Earth universe). All universes spi ...
, the protagonist of the second series in ''
The Chronicles of Amber
''The Chronicles of Amber'' is a series of fantasy novels by American writer Roger Zelazny. The main series consists of two story arcs, each five novels in length. Additionally, there are a number of Amber short stories and other works. Four a ...
'' by
Roger Zelazny
Roger Joseph Zelazny (May 13, 1937 – June 14, 1995) was an American poet and writer of fantasy and science fiction short stories and novels, best known for ''The Chronicles of Amber''. He won the Nebula Award three times (out of 14 nomin ...
, is a young immortal hacker-mage prince who has the ability to traverse shadow dimensions.
*
Lisbeth Salander
Lisbeth Salander is a fictional character created by Swedish author and journalist Stieg Larsson in his award-winning ''Millennium'' series. She first appeared in the 2005 novel '' The Girl with the Dragon Tattoo'', as an asocial computer hacke ...
in ''
The Girl with the Dragon Tattoo
''The Girl with the Dragon Tattoo'' (original title in sv, Män som hatar kvinnor , lit=''Men Who Hate Women'') is a psychological thriller novel by Swedish author and journalist Stieg Larsson (1954–2004). It was published posthumously in 2 ...
'' by
Stieg Larsson
Karl Stig-Erland "Stieg" Larsson (, ; 15 August 1954 – 9 November 2004) was a Swedish writer, journalist, and activist. He is best known for writing the ''Millennium'' trilogy of crime novels, which were published posthumously, starting in 2 ...
* Alice from ''
Heaven's Memo Pad
is a Japanese light novel series written by Hikaru Sugii, with illustrations by Mel Kishida. ASCII Media Works published nine volumes between January 2007 and September 2014 under their Dengeki Bunko Imprint (trade name), imprint. A manga ada ...
''
* ''
Ender's Game
''Ender's Game'' is a 1985 military science fiction novel by American author Orson Scott Card. Set at an unspecified date in Earth's future, the novel presents an imperiled humankind after two conflicts with an insectoid alien species they dub ...
'' by
Orson Scott Card
Orson Scott Card (born August 24, 1951) is an American writer known best for his science fiction works. He is the first and (as of 2022) only person to win both a Hugo Award and a Nebula Award in consecutive years, winning both awards for both ...
* ''
Evil Genius'' by
Catherine Jinks
*
''Hackers'' (anthology) by
Jack Dann
Jack Dann (born February 15, 1945) is an American writer best known for his science fiction, an editor and a writing teacher, who has lived in Australia since 1994. He has published over seventy books, in the majority of cases as editor or co-edit ...
and
Gardner Dozois
Gardner Raymond Dozois ( ; July 23, 1947 – May 27, 2018) was an American people, American science fiction author and editing, editor. He was the founding editor of ''The Year's Best Science Fiction'' anthologies (1984–2018) and was editor of ...
* ''
Little Brother'' by
Cory Doctorow
Cory Efram Doctorow (; born July 17, 1971) is a Canadian-British blogger, journalist, and science fiction author who served as co-editor of the blog ''Boing Boing''. He is an activist in favour of liberalising copyright laws and a proponent of ...
* ''
Neuromancer
''Neuromancer'' is a 1984 science fiction novel by American-Canadian writer William Gibson. Considered one of the earliest and best-known works in the cyberpunk genre, it is the only novel to win the Nebula Award, the Philip K. Dick Award, and ...
'' by
William Gibson
William Ford Gibson (born March 17, 1948) is an American-Canadian speculative fiction writer and essayist widely credited with pioneering the science fiction subgenre known as ''cyberpunk''. Beginning his writing career in the late 1970s, his ...
* ''
Snow Crash
''Snow Crash'' is a science fiction novel by the American writer Neal Stephenson, published in 1992. Like many of Stephenson's novels, it covers history, linguistics, anthropology, archaeology, religion, computer science, politics, cryptography ...
'' by
Neal Stephenson
Neal Town Stephenson (born October 31, 1959) is an American writer known for his works of speculative fiction. His novels have been categorized as science fiction, historical fiction, cyberpunk, postcyberpunk, and baroque.
Stephenson's work exp ...
Films
* ''
Antitrust
Competition law is the field of law that promotes or seeks to maintain market competition by regulating anti-competitive conduct by companies. Competition law is implemented through public and private enforcement. It is also known as antitrust l ...
''
* ''
Blackhat''
* ''
Cypher''
* ''
Eagle Eye
''Eagle Eye'' is a 2008 American action-thriller film directed by D. J. Caruso and with a screenplay by John Glenn, Travis Adam Wright, Hillary Seitz and Dan McDermott from a story by McDermott. The film stars Shia LaBeouf, Michelle Monaghan ...
''
* ''
Enemy of the State
An enemy of the state is a person accused of certain crimes against the state such as treason, among other things. Describing individuals in this way is sometimes a manifestation of political repression. For example, a government may purport to m ...
''
* ''
Firewall
Firewall may refer to:
* Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts
* Firewall (construction), a barrier inside a building, designed to limit the spr ...
''
* ''
Girl With The Dragon Tattoo''
* ''
Hackers
A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
''
* ''
Live Free or Die Hard
''Live Free or Die Hard'' (released as ''Die Hard 4.0'' outside North America) is a 2007 American action-thriller film directed by Len Wiseman, and serves as the fourth installment in the ''Die Hard'' film series. It is based on the 1997 articl ...
''
*
''The Matrix'' series
* ''
The Net''
* ''
The Net 2.0
''The Net 2.0'' is a 2006 direct-to-video mystery film, mystery thriller (genre), thriller film written and produced by Rob Cowan and directed by Charles Winkler. It is nominally a sequel to the 1995 film ''The Net (1995 film), The Net'' directed ...
''
* ''
Pirates of Silicon Valley
''Pirates of Silicon Valley'' is a 1999 American biographical drama television film directed by Martyn Burke and starring Noah Wyle as Steve Jobs and Anthony Michael Hall as Bill Gates. Spanning the years 1971–1997 and based on Paul Freiberge ...
''
* ''
Skyfall
''Skyfall'' is a 2012 spy film and the twenty-third in the ''James Bond'' series produced by Eon Productions. The film is the third to star Daniel Craig as fictional MI6 agent James Bond and features Javier Bardem as Raoul Silva, the villai ...
''
* ''
Sneakers
Sneakers (also called trainers, athletic shoes, tennis shoes, gym shoes, kicks, sport shoes, flats, running shoes, or runners) are shoes primarily designed for sports or other forms of physical exercise, but which are now also widely used fo ...
''
* ''
Swordfish
Swordfish (''Xiphias gladius''), also known as broadbills in some countries, are large, highly migratory predatory fish characterized by a long, flat, pointed bill. They are a popular sport fish of the billfish category, though elusive. Swordfis ...
''
* ''
Terminator 2: Judgment Day''
* ''
Terminator Salvation
''Terminator Salvation'' is a 2009 American military science fiction action film directed by McG and written by John Brancato and Michael Ferris. It is the fourth installment of the ''Terminator'' franchise and serves as a sequel to '' Termin ...
''
* ''
Take Down''
* ''
Tron
''Tron'' (stylized as ''TRON'') is a 1982 American science fiction action-adventure film written and directed by Steven Lisberger from a story by Lisberger and Bonnie MacBird. The film stars Jeff Bridges as Kevin Flynn, a computer programmer a ...
''
* ''
Tron: Legacy''
* ''
Untraceable
''Untraceable'' is a 2008 American psychological thriller film directed by Gregory Hoblit and starring Diane Lane, Colin Hanks, Billy Burke, and Joseph Cross. It was distributed by Screen Gems.
Set in Portland, Oregon, the film involves a seria ...
''
* ''
WarGames
''WarGames'' is a 1983 American science fiction techno-thriller film written by Lawrence Lasker and Walter F. Parkes and directed by John Badham. The film, which stars Matthew Broderick, Dabney Coleman, John Wood, and Ally Sheedy, follows Dav ...
''
* ''
Weird Science''
* ''
The Fifth Estate''
* ''
Who Am I – No System Is Safe (film)''
Non-fiction books
* ''
The Art of Deception'' by
Kevin Mitnick
Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crim ...
* ''
The Art of Intrusion
''The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers'' is a book by Kevin Mitnick
Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker. ...
'' by Kevin Mitnick
* ''
The Cuckoo's Egg
''The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage'' is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National ...
'' by
Clifford Stoll
Clifford Paul "Cliff" Stoll (born June 4, 1950) is an American astronomer, author and teacher.
He is best known for his investigation in 1986, while working as a systems administrator at the Lawrence Berkeley National Laboratory, that led to t ...
* ''
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker'' by Kevin Mitnick
* ''
The Hacker Crackdown
''The Hacker Crackdown: Law and Disorder on the Electronic Frontier'' is a work of nonfiction by Bruce Sterling first published in 1992.
The book discusses watershed events in the hacker subculture in the early 1990s. The most notable topic covere ...
'' by
Bruce Sterling
Michael Bruce Sterling (born April 14, 1954) is an American science fiction author known for his novels and short fiction and editorship of the ''Mirrorshades'' anthology. In particular, he is linked to the cyberpunk subgenre.
Sterling's first ...
* ''
The Hacker's Handbook
''The Hacker's Handbook'' is a non-fiction book in four editions, each reprinted numerous times between 1985 and 1990, and explaining how phone and computer systems of the period could be 'hacked'. It contains candid and personal comments from ...
'' by Hugo Cornwall (Peter Sommer)
* ''
Hacking: The Art of Exploitation Second Edition'' by Jon Erickson
* ''
Out of the Inner Circle
''Out of the Inner Circle: A Hacker's Guide to Computer Security'' is a book by Bill Landreth and Howard Rheingold, published in 1985 by Microsoft Press and distributed by Simon & Schuster (). The book was created to provide insight into the ways ...
'' by
Bill Landreth
William Troy Landreth (born April 5, 1963) is an American Hacker (computer security), hacker notable for his Password cracking, cracking activities during the early 1980s within a cracking club called "The Inner Circle". MySpace cofounder, Tom Ande ...
and
Howard Rheingold
Howard Rheingold (born 1947) is an American critic, writer, and teacher, known for his specialties on the cultural, social and political implications of modern communication media such as the Internet, mobile telephony and virtual communities (a t ...
* ''
Underground
Underground most commonly refers to:
* Subterranea (geography), the regions beneath the surface of the Earth
Underground may also refer to:
Places
* The Underground (Boston), a music club in the Allston neighborhood of Boston
* The Underground ...
'' by
Suelette Dreyfus
See also
*
Cracking of wireless networks
Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to ...
*
Cyber spying
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, ...
*
Cyber Storm Exercise
*
Cybercrime
A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...
*
Hacker culture
The hacker culture is a subculture of individuals who enjoy—often in collective effort—the intellectual challenge of creatively overcoming the limitations of software systems or electronic hardware (mostly digital electronics), to a ...
*
Hacker (expert)
A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
*
Hacker Manifesto
*
IT risk
Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Re ...
*
Mathematical beauty
*
Metasploit Project
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
It ...
*
Penetration test
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...
*
Technology assessment
Technology assessment (TA, German: , French: ) is a scientific, interactive, and communicative process that aims to contribute to the formation of public and political opinion on societal aspects of science and technology. This is a means of as ...
*
Vulnerability (computing)
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
References
Further reading
*
*
*
*
*
*
*
*
*
*
*
*
External links
CNN Tech PCWorld Staff (November 2001). Timeline: A 40-year history of hacking from 1960 to 2001Can Hackers Be Heroes?Video produced by
Off Book (web series)
''Off Book'' is a web series on digital culture and art created for PBS by Kornhaber Brown, a Webby award-winning production studio that creates web series, videos, and motion graphics. The series has been viewed more than six million times, an ...
{{DEFAULTSORT:Hacker (Computer Security)
Computer occupations
Identity theft
Illegal occupations
Computer security
Security breaches