Hacking

Two things frighten today's computer users: viruses and hackers. And just similar to viruses, the majority of people don't understand hackers or what they do.

Hackers come in many varieties. The word "hacker" typically brings to mind people who break the security of computer networks, application software, and people who make malicious programs similar to viruses.

In the traditional parlance of computer programmers, a hack is a quickly written piece of code that makes something work; a hacker is someone who enjoys exploring the details of programmable system and how to stretch their capabilities, as opposite to most users, who prefer to learn only the minimum necessary. Since, hackers get hold of advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes.

Hackers always seek further knowledge, freely share what they have discovered, and never, ever deliberately damage information.

A cracker in the other hand is one who breaks into computer systems without authorization, for malicious purposes, to steal or destroy vital information, or just to show off. Therefore crackers can easily be identified because their actions are malicious.
However these aren't mutually exclusive, but it's a simple way to divide the activities that fall under hacking.

Once crackers get onto the computers that host networks, they can modify or remove files, steal information and erase the evidence of their actions. However many hackers break security systems just to see if they can do it. They may enter the system, look at the information within and never go back. For these hackers, it's more a test of skill than an attempt to steal or alter data.

Hacker ethic
The hacker ethic was not something that was written up as a guiding principle, but a commonly, silently, agreed upon creed that simply came to be. The ethic on the whole consisted of allowing all information to be free in order to learn about how the world worked, using the already available knowledge to create more knowledge. Anything that prohibited them from this knowledge was resented.
Many hackers act on this by writing and giving away open-source software. A few go further and assert that all information should be free and any proprietary control of it is bad.
The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing open-source and facilitating access to information and to computing resources wherever possible.

Where did hacking start?
It started with telephone technology. This practice was referred to as phreaking. Typically, phreaking which was wide-spread in the seventies is used to make free calls or to have calls charged to a different account. However phreaking is now recognized as any act by which to circumvent the security of the telephone company.

What attracts people to hacking?
People have always been fascinated by adventure and exploration. Never before have they been able to get this without leaving their home. It is the Internet, and the ability to go anywhere, talk to anyone, and not reveal your personal information. That is in brief what most attracts people to the hacker culture, which is gradually becoming the Internet culture. Moreover is the wide-spread of hacker-oriented sites on the Internet, it is estimated that there are about 30,000, bringing hacking and terrorism within the reach of even the technically challenged.
It is not necessary to have the full knowledge, you just have to have the time, just download the tools and the programs. It's the democratization of hacking. And with these programs they can click on a button and send bombs to a network, and the systems will go down.
Finally some crackers crack for profit. They will break into almost any type of system you like, for a price. Some of these crackers get involved with criminal schemes.

Tools used by hackers

1. Port scanners are probably the most commonly used scanning tools on the Internet. These tools scan large IP spaces and report on the systems they encounter, the ports available and other information, such as the operating system types. The most popular port scanner is Network Mapper (Nmap).
2. Vulnerability scanners tools that look for a specific vulnerability or scan a system for all potential vulnerabilities. Vulnerability tools are freely available on the net. The most popular vulnerability scanner available is Nessus.
3. Rootkits the term rootkit describes a set of scripts and executables packaged together that allow intruders to hide any evidence that they gained root access to a system. Some of the tasks Performed by a rootkit are as follows:
   

1. Modify system log files to remove evidence of an intruder’s activities.
2. Modify system tools to make detection of an intruder’s modifications more difficult.
3. Create hidden back-door access points in the system
4. Use the system as a launch point for attacks against other networked systems.

The threat from hackers

1. Trojans
A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

2. Viruses
A destructive program that has the ability to reproduce itself and infect other programs or disks. Usually a virus will not show itself straight away, but will add itself to programs and disks to spread itself widely on many computers before it is triggered into its destructive phase.
The best defence is to run anti-virus software regularly furthermore, anti-virus software should be updated monthly.

3. Worms
Type of virus or replicative code that situates itself in a computer system in a place it can do harm. They replicate themselves by emails to many computers. They are network orientated viruses, tend to exist in memory and are non permanent, whereas viruses tend to reside on disc where they permanent until eradicated.

4. Logic or time bomb
A logic bomb is a program, or portion of a program, which lies inactive until a specific piece of program logic is activated. In this way, a logic bomb is very analogous to a real-world land mine.
The most common activator for a logic bomb is a date. The logic bomb checks the system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb activates and executes its code.

Measures to prevent hacking
No one connected to a computer network is in reality safe from hackers. Fortunately, most invasions or infections don't result in severe damage to the system that has been attacked.
The only real defense is limiting the risk by using virus scanners, firewalls and (making them easier to install and configure). Furthermore improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race. However in the end, hackers see security systems as a challenge, not an obstacle.

Nevertheless the most important improvement is in the area of awareness among users, furthermore enforcing new low and regulations by governments against this crime.

The outlook for computer security?
To summaries this important topic it is fair to say that while better security technologies are appearing all the time, education and awareness will continue to be the limiting factor. System administrators must learn about and maintain their systems securely. Users have to understand their security responsibilities like choosing good passwords, not installing unauthorized modems. Nevertheless innovations like biometrics and smart cards will go a long way toward making security easier for the end user as well as for the system administrators.

References

1. Alex Noordergraaf. (2002). How Hackers Do It: Tricks, Tools, and Techniques. Sun BluePrints™ OnLine—May, 2002
2. CNET Networks, Inc. (Accessed 1 April 2004) http://www.zdnet.co.uk/
3. Linux User & Developer (13 Nov 2003) ‘Hack Attack’. Linux User & Developer Magazine. (Issue 34) page 22.