External Hackers | Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)

I l @ ve RuBoard

The rapid growth of computer use and the proliferation of the Internet have contributed to a phenomenal growth in computer crime and a significant diversity in computer criminals. Even though most attacks which cause financial loss come from within, crime studies continuously show that most attacks come from outside the organization.

Recreational Hacker

The recreational hacker is the closest thing today to the classic hacker of old ” the hacker who hacks just to learn and for the enjoyment of manipulating technology. This is also the group that most closely resembles the average perception of hackers. The term recreational does not imply that they are not serious about hacking; for most of them, hacking is their life. Rather, it indicates that they do not make money from their hacking activities.

Recreational hackers are mostly male; however, ten to fifteen percent are female . They are usually between twelve and twenty-eight, highly intelligent , but not high achievers in school. They often come from dysfunctional families and find refuge in the computer systems as the only place where they are in control.

They may not be socially adept, but they do have social bonds within the hacker community. Hackers with the most information gain the highest prestige. Hacking involves the accumulation of knowledge, which is accompanied by greater status and power.

Many enjoy the challenge of developing new hacking techniques:

The Register magazine expressed skepticism over claims that the famous HTML bug ” an invisible one-pixel image embedded in an HTML document or e-mail message referencing another image on a remote server ” could be used for more than verifying e-mail addresses and garnering IPs. They asked their readers to suggest more malicious uses.

A number of respondents illustrated the ability to create detailed tracking methods which could collect a variety of client-side information. Others suggested that the included image could be used to create entries in the log files which could be incriminating to the unknowing user . Finally, one reader suggested using the bug to capture the client's IP address and then scan that host for open SMB shares to attack. ^[5]

^[5] Greene, Thomas, "Fun with Internet Bugs," The Register , 13 December 2000.

Professional Hacker

The professional hacker is a "new breed" of hacker. He is professionally trained to gather information from any means available. He has the social skills to get people to give him information and the technical skills to attack systems successfully. Many professional hackers have gotten their training from government intelligence agencies around the globe. What differentiates them from other hackers is that they hack for very specific targets with the value of the information in mind. Their information gathering may be for government intelligence or more often corporate espionage. They are often a hacker-for-hire. Organized crime has moved into hacking.

Some entrepreneurs from Chicago have started a new service called "Be A Hacker." It is basically hacking for hire. They say they can break into school, government and corporate computers and alter records for a fee.

Even though they guarantee the service is legitimate , there are some who remain skeptical. First, because it is not guaranteed that they will succeed in the requested break-in and, also, because everybody knows that breaking into others' systems is a serious violation. ^[6]

^[6] Sigvartsen, Ana Let cia, "Hackers for Hire," InfoSatellite.com, 5 April 2002.

The key to outsmarting a hacker lies in understanding why someone would want to become a hacker. Many people who are interested in computer technology want to be a hacker to some degree. The challenge of outsmarting the system and the thrill of discovering the forbidden hold an appeal even for the most honest person. Computer crime has attracted all types of people with all levels of skill and all types of motives.

I l @ ve RuBoard