Separating Hackers from Crackers

The term hacker was originally used to describe a person who was technically proficient with whatever systems he or she hacked and could write exceptional computer code. Some of the original hackers were members of the Massachusetts Institute of Technology (MIT) Tech Model Railroading Club (TMRC). In fact, the term hacker has been around longer than the personal computer or the Internet, for that matter.

At MIT, students traditionally use the word hack to describe the elaborate and often amazing pranks that they play on each other and the faculty. In their world, a hacker is someone who creates something ingenious and truly original.

As an activity, hacking has its roots in the computer culture of the 1950s and 1960s. The timesharing of mainframe computers was tightly controlled, and many individuals who wanted to increase their knowledge and technical abilities found alternative ways to gain entry. Out of these roots has grown a full spectrum of hackers from the true law-abiding security experts to computer criminals (crackers).

At one time, the term hacker was a complimentary title bestowed upon someone by peers in recognition of technical abilities and problem-solving skills. This is no longer the case, mostly due to the media’s misrepresentation of hackers and crack- ers adopting the title. The information security community distinguishes between hackers and crackers, labeling crackers as criminals who attempt to exploit those flaws to break into systems.

The general term hacker can be broken down into several categories that help define the type of individuals and the threats that they present. These terms are an attempt to categorize human motives and behaviors; but they are not absolutes. They are helpful because they provide a way to discuss different types of individuals and understand their motivations.

Meeting the white hats

Borrowing a simple visual metaphor from old Hollywood westerns, ethical, lawabiding hackers refer to themselves as white hats, distinguishing themselves from the bad guys, or black hats. Many white hats are security professionals who seek to improve network security. Understanding the software that crackers use and how they operate allows a white hat to take steps to secure a network against likely attacks. Some white hats even create software to defend against known attacks from crackers.

Avoiding the black hats

Using the same Old West metaphor, the computer world’s outlaws wear the black hats. A black hat, or cracker, breaks into systems for a number of reasons, with personal gain and bragging rights at the top of the list.

Because the majority of crackers rely on software tools, or canned exploits, created by more skilled people, security professionals are able to catch quite a few of them. Unfortunately, when they do catch crackers they often exaggerate the cracker’s skill with a computer. This increases misinformation, confusion, and fear among computer users.

While many crackers are inept, it’s still important to acknowledge that some crack- ers are a serious threat to computer security. The technically proficient in their ranks can cause a lot of damage, and the software they create enables unskilled criminals to crack into systems. In addition, many systems are woefully insecure to begin with, and others, such as wireless, have security issues that users are often unaware of.

Understanding the gray hats

Apart from Hollywood’s portrayal of the Old West, human behavior is never as black and white as it appears. Considering this, a gray hat is an otherwise ethical hacker who, in the interest of improving security, may cross the line occasionally and actually break into a system. While breaking into a system in order to improve security, a gray hat that means well may inadvertently cause damage.

Many gray hats work to find security holes and report them, and they may publicize flaws for bragging rights. Gray hats try to improve security by using publicity to force companies to fix software flaws, rather than giving them a chance to fix the problem before telling the world about it.

Identifying script kiddies

The most common type of cracker lacks any real technical ability or understanding of how computer systems work, and many of them rely on software and scripts created by crackers who are more skilled. Real hackers have many names for these individuals; script kiddies, packet monkeys, s’kiddiots, lamers, warez d00dz (dudes), and wannabes.

In August 2003, 18-year-old high school student and script kiddy Jeffrey Lee Parson made headlines. The FBI arrested Parson, who went by the handle t33kid (teekid), for creating a variant of the Blaster worm. Parson created his version of the worm by editing the source code (code used to create the worm) of the original. Because he didn’t understand what that code actually did, his version of the worm, dubbed Blaster.B., did little damage in comparison to the original worm.

Further illustrating the problem of sensationalism when reporting computer crime, the press and prosecutors held Parson up as an example of an evil computer genius; even his mother dismissed the idea he was a computer genius. Script kiddies make great headlines, so this pattern tends to repeat itself. They are more of a nuisance than a threat, and it’s easy to secure your systems against individuals of their skill level.

Web page defacement, or cyber vandalism, is a common pastime among script kiddies. Script kiddies break into a Web server and replace Web pages with defaced versions that they’ve created (see Figure 3-1). This isn’t as hard as you might think, because many Web server administrators don’t adequately secure their systems. Web page defacement doesn’t take a great amount of skill, just the right tools.

Figure 3-1: The defaced Library of Congress Web site

The average script kiddy in the United States is an adolescent white male, usually intelligent. He likely lives in a parents’ basement and collects comic books and Star Wars memorabilia (okay, I added that last part). Script kiddies do like to hang out on Internet Relay Chat (IRC) where they organize and brag about their exploits. They also share software on IRC and Usenet newsgroups. The IRC aliases they use can give you a good idea of whom you’re dealing with. Most secure, mature adults don’t routinely refer to themselves as L0rd Death, Terminator, or CyberG0d.

Based on recent demographics compiled by the FBI and leading security firms, the profile of a skilled cracker has shifted to a professional white male in his early 30s who works with computers (or even security). As attacks become more complex and the stakes get higher, the demographic is shifting toward more skilled, highly intelligent, and well-supported individuals. The threat from cyber terrorists and organized crime is increasing, but the odds are that your WLAN isn’t going to be the target of a rogue nation or mafia don anytime soon.

Hacktivists

A hacktivist is a hacker-activist who uses cracking as a means to bring attention to a political agenda or social cause. The most common attention-seeking behavior is usually Web page defacement, and the most likely targets are governments and organizations with controversial practices or policies. Web page defacement doesn’t require a great deal of skill and many hacktivists are just script kiddies with an agenda.

In 2000, during a hactivism spree, a United Kingdom hacktivist called Herbless hacked the HSBC Bank and various British government Web sites. He did it to protest fuel prices and the government’s stance on smoking. His defacement of the Web pages included an activist statement, and on one site he left the following message for the administrator:

Note to the administrator: You should really enforce stronger passwords.  I cracked 75% of your NT accounts in 16 seconds on my SMP  Linux box. Please note the only thing changed on this server is  your index page, which has been backed up. Nothing else has been altered.

Hacktivists on opposite sides of a political argument frequently engage in cyber wars. Indians and Pakistanis routinely hack Web pages from each other’s countries, usually referencing the conflict over Kashmir.

Israeli and Palestinian sympathizers have used hacking as a weapon of war. During October-November 2000 this hacking escalated from political to criminal to terrorist. The attack began with the defacement and disabling of more than 30 sites.

Palestinian-affiliated hackers then publicly posted the personal information of the American Israeli Public Affairs Committee members.

Israeli supporters retaliated by posting Palestinian leaders’ cell phone numbers, information about accessing the telephone and fax systems of the Palestinian Authority, 15 Internet relay channels (IRC), and an IRC server through which the Palestinian movement communicates. Palestinian hacktivists also attacked several U.S. companies, including the Israeli Public Affairs Committee and Lucent, which has business interests in Israel.

While hacktivism may seem harmless when compared to online credit card fraud and other cyber crimes, it can cause considerable damage to the reputation of a company or agency.