It is important to understand your adversary. With understanding comes the ability to anticipate behavior and motivation, which is required to be able effectively detour attacks. People who compromise information systems cover a broad range of people with diverse motives and varied skill levels. To understand the hacker who is likely to attack your systems, you need to understand what it is that makes you a target. The systems might be targeted because of the information that they contain or some specific resources to which they have access, or their ability to be compromised. The reason for an attack can be financial, political, personal, or merely convenience due to location or ease of access. The attacks can be simple scripted attacks or they can be well-thought-out and orchestrated. They can be hit-and-run or ongoing. This extreme diversity in attacks and attackers increases the need for system administrators to have a general understanding of the hacking environment.
The Hacking Environment
A serious hacker must have a computer, network connectivity, and time to hack. The hacker will generally use a Linux computer, high-speed networking, and be a student or someone with plenty of discretionary time at work. This describes the environment at universities, which have been a popular location of hackers. Students have access to powerful computers which are attached to high-speed networks and they have plenty of time on their hands. However, each of these attributes is becoming more available at home every day, home computers are now very fast and very cheap, and always-on high-speed networking has reached the home via DSL and cable networks.
Linux is the operating system of choice among hackers. It has the ability to run the greatest variety of tools and the flexibility to control all aspects of the system. Having his own computer allows the hacker to be a peer to the system that he is attacking, not just a client. With a system of his own, he is in control of the permissions and privileges, so he can appear as anyone he wants to on an outside system. This also gives him experience at managing and securing a system, and therefore insight into his opponent , the system manager. He will need to manage his system and secure it from outside attack so he will know if someone is probing his system. If he is found out, it is likely that a system manager will be trying to identify his system's attacker.
The more network bandwidth the hacker has, the more scans , probes, and attacks he can perform. Bandwidth is generally the limiting factor to accessing remote systems.
Historic Perspective
There have been hackers for as long as there have been computer systems. Early on, hackers were students wanting access to more computer resources than they were allocated. So they would find ways to get those unauthorized resources. They might "find" another account to use to run programs or store file, or they might hack the accounting software so it didn't charge them for the resources they used. Computers were new to everyone, including instructors, so the inventiveness and ingenuity of these hacks received more focus than the infractions of misappropriation of resources. These hacks, even though they may be viewed as minor infractions, are still theft.
Over time, with the proliferation of computers, the number, variety, and severity of computer crimes have increased. Today, the diversity of computer criminals who are identified as hackers is astounding. When hacking was new, hackers were mostly students who had access to systems. This group of hackers is still a large demographic, but it has been joined by professionals with criminal motives.
Today the term "hacking" is used routinely to mean intruding into computer systems by stealth and without permission or any crime committed with, by, through, or against a computer. Computer crime dates back to the early 1970s, when employees discovered ways to use the computer to embezzle from their employers by falsifying sales records. The losses due to these hackers ran into the millions of dollars.
This book does not differentiate based on the intent of the hacker. The actual intent of the hacker is not the issue. Anyone who enters an information system without permission is committing a crime which has the possibility of causing damage. He or she will cost the owners of the systems time and money as they investigate the incident and determine what has been done and if there has been any damage. Damage, whether accidental or intentional, will have to be repaired and the impact to the business evaluated. The method of intrusion will have to be determined and repaired to eliminate recurrence .
Hacker or Cracker
Today, there is a debate about the term hacker. Those who oppose the use of the word to describe computer criminals indicate that its original use was to describe someone who could rapidly hack out a piece of code that will do what is necessary. The code was written quickly, without benefit of design and concern for maintainability. The hacker's ability to understand the system seemed to come intuitively. Hacking signified the unfettered exploration of computer systems for the sake of the intellectual challenge. The term hacker changed to a more mystical meaning: one who is a computer wizard, able to make systems do anything he wished, while the popular use of the word continues to focus on those who had started exploring the ARPAnet ” the predecessor of today's Internet. These hackers were often accessing systems and information on systems which were far away from where they were and without permission. Those who have idolized the hacker as the elite computer enthusiast are offended by the popular use of the term and have invented the term cracker to indicate one who cracks into systems or is in any way criminal in his or her hacking activities.
Emmanuel Goldstein, the editor of 2600 magazine, had this to say on the subject: "Now, we have a small but vocal group who insist on calling anyone they deem unacceptable in the hacker world a "cracker." This is an attempt to solve the problem of the misuse of the word "hacker" by simply misusing a new word. It's a very misguided, though well-intentioned, effort." [1]
[1] "Q&A with Emmanuel Goldstein of 2600: The Hacker's Quarterly," CNN Online , April 1999.
However, much of what is known about early hacks are stories which have been handed down through the hacker community, which would have a tendency to glorify the hacker and vilify any organization which wanted to stop him or her. This small but vocal group which wants to "preserve" the term hacker has had little support. The popular media continue to use the term hacker to identify computer criminals, as do the criminals themselves .
Self-Identification
Possibly the most important input to the debate on use of the term hacker comes from those who access systems and information without permission. They identify themselves as hackers. They use the term to identify the skill and prowess which they display. Nobody who hacks into systems willingly describes himself as a "computer intruder," "cracker," or "computer vandal." These terms have been invented by people who consider themselves hackers in the classic sense, and who fiercely and publicly resist any besmirching of the "noble" title of hacker. Naturally and understandably, they deeply resent the attack on their values implicit in using the word "hacker" as a synonym for computer criminal. But none of the terms has caught on. The only term that has received some acceptance is " cyberpunk " ” although not in the mainstream media.
