Thursday, January 10, 2008

HACKING

What is hacking?

Hacking is a widely feared and completely misconstrued activity. To the average person, a hacker is a kid with a super powerful computer in a clean room with super colorful display of pictures and characters flashing on the screen. They rapidly press random buttons and are suddenly presented with a prompt to enter basic commands.

The reality is, the definition of hacking is about as complex as the actual task.

First, there are multiple forms of hacking. The true "hacking" is usually done by college and graduate level students, or IT professionals probing for program or hardware weaknesses. White hat/red hat/black hat definitions are technically moot, since hacking for malicious purposes is covered by the term Cracking.

Using premade tools or walkthroughs is not hacking, and is considered being a "script kiddie." These are the younger (generally high school level) users who have little or no skill, but want to be considered "elite" by others. While the programs they use are capable of cracking into secured systems, the result is random damage and loss of data that the script kiddie has no facilities to understand.

Think of the difference in these examples:

Hackers: A group of painters are hired to paint a mural on the side of a building that others can see.

Crackers: Paint that same mural with the same skill, but do it without permission, leaving the owners of the building to hire someone to paint over it.

Script Kiddie: A kid with a can of spray paint who draws crude pictures of genitalia on street signs.

How does hacking work?

Hacking is essentially solving a complex puzzle involving a constantly evolving set of rules, math, and computer language. Some "hacks" as they are called, are actually quite simple, and are a result of the laziness of the software engineers, others require nothing short of a mathematical genius to solve.

If one is curious, they have only browse a video sharing site, such as youtube.

This is an example of a more complex bluetooth hack:



However, some are a bit more simple, and show the dangers of being hacked a little better. This is another bluetooth hack that is done much quicker using one cellphone to attack another. Note that most bluetooth has a range of approximately 10 meters, which is a little under 30 feet... the perfect distance for someone to hack from the other side of a starbucks. Some, more powerful bluetooth devices can transmit and recieve up to 100 meters:



However, some tutorials will even go in depth and show you the entire process of hacking:



This makes it pretty easy to start basic hacking. There are many more places that yield advanced information. Sources other than the internet also exist. For example, in high school, I visited my local radioshack, and found a large book with every radio frequency used by the DOD, DOT, EMS, and Air Traffic Control/FAA. These types of books also exist for IP's and security protocols in place for the same entities.

A quick google turned up this in reguard to DoD IPv4 allocation (click).

This is a publicly available list of IPv4 Class A assignments. Its a little like putting a bullseye on a tank. Everyone knows where to aim.

Do not be mistaken, however. Just because you know where your target is, doesn't necessarily mean hacking it will be easy.

Why bother?

Each individual has their own reasons, and this is why there are multiple names for "hackers." While a hacker may try to prove a system is vulnerable, or be curious about the contents of a server, they will leave the system in the same state they discovered it. They rarely ever harm a network, and if so, its usually an accident.

Crackers, on the other hand, use their skills to damage or destroy data, systems, and /or deny other users the ability to access network resources. Though money may be a secondary motive, their primary is simply destruction and bragging rights.

Emerging Threats

As computers and computing knowledge becomes more prevalent, the number of attackers and attacks continue to increase. The lure of easy money and soft targets of opportunity for a new breed of terrorist is too strong to ignore. Industrial espionage is becoming common place.

What Hacking is Not

Asking someone for their password, then using it, is not hacking. That is social engineering. This goes for looking over someone's shoulder or claiming to be the last prince of an African country named Robatswania. These attacks are made on those who are, sorry to say, ignorant or uninformed.

Identity theft is not hacking. The information may have come from hacking, but identity theft is not remotely exclusive to hacking. It is common for the information to be found in dumpsters, recycle bins, and laying right on somebody's desk. The forged documents can be created on a computer without any access to the internet.

What Hacking will not Accomplish

Hackers cannot make your computer explode and kill you.
Hackers cannot steal any information that is not stored electronically. If your filing cabinet is pried open when you come home, that is burglary, not cracking. They can't hijack all the tv stations in the world to broadcast a message.

It really comes down to information and electronic storage.

How to avoid being hacked

1. don't use a computer.

Thats pretty much it. Any information you send over a network passes many nodes and is stored in many forms in many locations. The potential for your system to be hacked or cracked exists while it is connecting to the internet, or any network or machine that is connected to the internet.

There are, of course, the standard methods of weeding out the weaker hackers, such as a firewall, anti-virus, security updates etc. The biggest defense that a common person has, is to remain anonymous. Few people will waste their time on a system with no information or value.

1 comment:

Amber Salm said...

This article helped me to learn about the exact meaning of hacking. This concept is highly misunderstood by most of the people. But the above detail gave a clear understanding.
digital certificates