The term hacker hasn’t always been the negative title that it is today. A hacker originally described a person with a desire to learn about technology and to experiment and who was technically proficient with whatever systems they hacked.
The word predates personal computers; some of the first hackers were members of the Massachusetts Institute of Technology (MIT) Tech Model Railroading Club (TMRC) in the late 1950s. Students at MIT traditionally used the word hack to describe elaborate pranks that they played. Thus a hack came to mean something truly original, elegant, and ingenious. (To view a gallery of some of the most ingenious hacks at MIT visit http://hacks. mit, edu.)
You can find a more detailed description of the birth of hackers and hacking in Hackers, Heroes of the Computer Revolution by Steven Levy (Penguin USA, 2001).
There once was a time when being called a hacker was a sincere compliment of your technical abilities and problem solving skills. These days, largely due to the popular media, when people hear hacker, they wrongly think criminal. The tech community now distinguishes between hackers, who identify security flaws in order to improve computer systems, and crackers, who attempt to exploit those flaws to their own advantage. I use the term cracker to refer to computer criminals or people unethically exploiting systems.
Hackers: The White Hats
Just like in the old Hollywood westerns, the good guys wear the white hats, at least metaphorically. White hat is a term often used to describe ethical hackers that stay entirely within the law. They never access a system or network illegally, and they work tirelessly to expose holes in systems with the ultimate goal of fixing flaws and improving security. Upon finding a flaw, a white hat will usually notify the software vendor and give the company a chance to patch the flaw before making the bug public knowledge.
White hats may be security professionals, hired by companies to audit network security or test software. Using the same software tools that crackers use, a white hat seeks to improve the security of his own network by proactively attacking it as a cracker would. White hats may even create software aimed at thwarting tools available to crackers. White hats can use tools such as the Fake AP to thwart wireless sniffers that crackers might use to discover wireless networks.
Knowing how a cracker operates enables a white hat to take steps to secure a network against likely avenues of attack. Although some ex-crackers work as security consultants, simply knowing how to crack a system doesn’t translate into being able to secure it. White hats don’t acquire their skills illegally. By demonstrating sound judgment and admirable ethics, they make a much better choice for companies looking to hire a security consultant.
Crackers: The Black Hats
Hackers refer to the computer world’s outlaws as black hats. The opposite of the white hat, a black hat or cracker breaks into systems illegality for personal gain, vandalism, or bragging rights. A cracker doesn’t need to be particularly knowledgeable or skillful; in fact, most of them aren’t. Few crackers are skilled enough to create their own software tools, so most rely on automated programs that they download from disreputable Web sites.
Because crackers know they are breaking the law, they do everything they can to cover their tracks. Fortunately, security professionals catch quite a few of them because the majority of crackers lack real skill. When the authorities do catch them, their skill with a computer is often greatly exaggerated to promote the agency making the arrest (and to sell newspapers and commercials).
Still, it’s important to acknowledge that crackers present a serious threat: Many are technically proficient and can cause a lot of damage, and many systems are so woefully insecure that even technically inept crackers can wreak havoc on them.
The most dangerous crackers
Although the majority of crackers are relatively unskilled, not all are inept. Some crackers have extensive training and advanced skills. Often these crackers work as programmers or IT consultants and learn the ins and outs of networks by administering them. They have in-depth knowledge of network programming and can create tools to exploit the weaknesses they discover. This programming skill is what separates them from less-skilled computer criminals. It also makes them more dangerous and harder to catch.
Often these crackers create tools that enable less-skilled criminals to subvert security and exploit weaknesses in computer systems. While skilled crackers are in the minority, they can’t be ignored. By creating tools and malicious software (viruses, worms) they act as a force-multiplier and create a greater problem than their numbers may indicate. When planning for security it is wise to take the more dangerous crackers into account and plan for a worst-case scenario.
Script kiddies, packet monkeys, and s’kiddiots
The most common type of cracker goes by many names: script kiddies, packet monkeys, s’kiddiots, lamers, warez d00dz (dudes), and wannabes. They lack any real technical ability and, for the most part, cannot even program. To thwart the security of systems, they rely on software tools created by others. They often use these tools without any real understanding of what the actual program does.
A common pastime for script kiddies is Web page defacement. They break into an insecure Web server and replace the home page of a site with a page of their own design. Due to their ineptitude and clumsiness, they are actually far less of a threat than the media (and government) claims. However, because script kiddies make great headlines, they are acknowledged by the press as hacker-geniuses.
One recent example of a script kiddy is the case of 18-year-old high school student Jeffrey Lee Parson. Authorities arrested Parson in August 2003 for creating a variant of the Blaster worm, dubbed Blaster.B. Parson, who went by the handle t33kid (teekid), created the variant by editing the code of the original Blaster worm without any understanding of what that code did. Luckily, due to his ineptitude, his version of the worm was less virulent than the original Blaster and did little damage in comparison. It’s amazing that it took the FBI as long as it did to catch him (two weeks). Parson modified the worm to connect to his personal Web site, where he openly provided other malicious software for download. Tracking Parson through registration information for his Web site was simple. Laughingly, the press and prosecutors dubbed him a computer genius, further illustrating the problem of sensationalism in computer crime reporting. (In fact, his mother went out of her way to tell the press he. “is not brilliant, he’s not a genius.”)
You can’t defend against a threat that you don’t understand, and promoting novice crackers as dire threats to national security doesn’t further the cause of public education on computer security.
Besides the ethical difference between the two, the major factor that separates hackers from the vast majority of crackers is an understanding of computer systems and the ability to create software. A real hacker can write code in one or more languages (C, C++, assembly, Java) and understands what that code does and why it works (or doesn’t). The majority of crackers have little programming ability, or none at all, and usually don’t understand how the tools they use work. If a machine gets hacked by a script kiddy, its usually because the administrator didn’t maintain the machine and apply patches for known vulnerabilities.
Many crackers use aliases online and hang out on Internet Relay Chat (IRC). Crackers like to brag about their exploits, share software, and organize on IRC and Usenet newsgroups. Often an alias can give you a good idea about whom you’re dealing with. If the alias is L0rd Death, Terminator, or Cyber God, then you’re probably not dealing with a secure, mature adult.
Script kiddies have their own language. Called 1331 (leet, short for elite), it has nothing to do with real hackers or the way they write and speak. 133t evolved separately from writing conventions in legitimate hacker Dom, which usually were influenced by the way users were required to write in older UNIX text editors, or from system commands. 133t evolved on the old BBS systems and later IRC and Usenet.
The following are some examples of 133t from The Jargon File (version 4.4.7), org/~esr/jargon/html/index.html:
-Purposeful misspellings, such as tone (phone) and phreak (freak)
-Substitution of z for s, as in passwords, gamez, sitez; the use of z has evolved to denote something illegal, such as copied software and stolen passwords
-Random emphasis characters: Hey doodz!#!$#$
-Use of emphatic k prefix: k-kool, k-awesome
-Compulsive abbreviation: I got lotsa warez w/docs
-Type in all caps SO IT APPEARS LIKE THE SPEAKER IS YELLING ALL THE TIME
Some letter/number substitutions are common:
- 4 substituted for A
- 3 substituted for E, as in 133*
- ph substituted for F, as in phreak
- 1 or | substituted for I or L
- | V | substituted for M
- |\| substituted for N
- The digit 0 substituted for the letter O
- 5 substituted for S
- 7 or + substituted for T
Using these substitutions, you would write elite as 31337.
Other less common character substitutions include:
- 8 substituted for B
- (, k, | <,, or /< substituted for C
- < | substituted for D
- 6 or 9 substituted for G
- | -1 substituted for H
- | < or / < substituted for K
- 12 substituted for P
- | _ | substituted for U
- / or \/ substituted for V
- //or\/\ / substituted for W
- X substituted for X
- ” / substituted for Y
Crackers use the suffixes Or and x0r to mark words as 133t, as in: DU0EZ?#!# I am an 31337 hax0r
As you can see, 133t has its own unique conventions for spelling and grammar.
Here is an example of 133t, followed by a rough translation:
1337d00d: A code monkey wedge his st00pid’s gonkulator and the st00pid is MAD!#!#$$ Lamer can’t reload wind0$e ¨C st00pitude
A low-level programmer broke his boss’s expensive and pretentious new computer and the boss is mad. He doesn’t know how to reload Microsoft Windows on his computer..
Nothing is ever as black and white as we would like it to be, least of all human behavior. A gray hat is a name given to an otherwise ethical hacker who walks a fine line between legal and illegal hacking. Like white hats, gray hats find security holes and report them; but unlike white hats, they often publicize the flaw before giving the software developers a chance to fix the problem. Gray hats maintain that they are improving security by compelling companies to fix software.
Gray hats may also access computer systems without permission, with the intent to find and report flaws. While it’s better to have a gray hat finding holes in your network rather than a black hat, when you’re under attack you have no way of distinguishing between the two. In addition, in an attempt to thwart network security, a gray hat that means well may inadvertently cause damage. Skilled gray hats may produce software that exploits known flaws in systems, intending for network administrators and security professionals to use the program for network security testing. Unfortunately, even though this software can be very constructive, crackers can use it for less noble purposes.
Occasionally you may hear the term samurai hacker or Ronin. This refers to an independent white hat (or gray hat) security consultant hired to audit and improves security. Most samurai hackers claim to be loyal to their employers and to engage only in ethical cracking. The name samurai hacker derives from the fierce loyalty and high ethics associated with Japan’s samurai warriors.
A phreak is a hacker who specializes in phone systems. These days, however, phreaking is more of a cracker activity. At one time, phreaks were enthusiastic about telephone networks and simply wanted to understand how they worked and explore them. Ethical phreaks didn’t steal services or cause damage; they just used their technical skill to play with the system. Phone systems have changed and are less susceptible to technological hacks. As a result, modern phreaks intent on cracking the telecommunications systems often rely on criminal acts such as stealing phone cards and cloning cell phones.
The hacktivist is a gray hat or cracker who defaces Web pages to bring attention to a political agenda or social cause. Companies, organizations, and governments that engage in controversial practices or that have unpopular policies are likely targets of hacktivists. How ethical this behavior is depends on whether or not you support the hactivist’s agenda or believe in his cause.
Being a hacktivist is not an indication of technical prowess. Often Web sites are hosted on servers with known security holes and can be defaced with automated tools. In the United Kingdom, a hacktivist with the alias Herbless went on a hacktivism spree in 2000, hacking the HSBC bank and government Web sites to protest fuel prices and the government’s stance on smoking. His defacement of the Web pages included an activist statement, as well as instructions for other hacktivists.
On one site, he left the following message for the administrator:
Note to the administrator:
You should really enforce stronger passwords.
I cracked 75% of your NT accounts in 16 seconds on my SMP Linux box.
Please note the only thing changed on this server is your index page, which has been backed up.
Nothing else has been altered.
Cyber wars between hacktivists on opposite sides of a political debate are becoming more common. Israeli hacktivists deface Arab sites, particularly Palestinian, and Arab hacktivists return fire. Indian and Pakistani hacktivists routinely hack Web pages from each other’s countries.
While hacktivism and Web page defacement may seem harmless when compared to other cyber crime, such as online credit card fraud, the damage done to the reputation of a company or agency can be considerable.