What is hacking ?
What is Hacking ?
It is important to lay the groundwork for a proper introduction to computer hacking by first discussing some commonly used terms and to clear up any ambiguities with regard to their meanings. Computer professionals and serious hobbyists tend to use a lot of jargon that has evolved over the years in what had traditionally been a very closed and exclusive clique. It isn’t always clear what certain terms mean without an understanding of the context in which they developed. Although by no means a complete lexicon, this chapter introduces some of the basic language used among hackers and computer security professionals. Other terms will appear in later chapters within the appropriate topics. None of these definitions are in any way “official”, but rather represent an understanding of their common usage. This chapter also attempts to clarify what hacking is as an activity, what it is not, and who hackers are. Depictions and discussions of hacking in popular culture can tend to paint an overly simplistic picture of hackers and of hacking as a whole. Indeed an accurate understanding is lost in the translation of buzzwords and popular misconceptions.
The word hacking normally conjures images of a lone cyber-criminal, hunched over a computer and transferring money at will from an unsuspecting bank, or downloading sensitive documents with ease from a government database. In modern English, the term hacking can take on several different meanings depending on the context. As a matter of general use, the word typically refers to the act of exploiting computer security vulnerabilities to gain unauthorized access to a system. However, with the emergence of cybersecurity as a major industry, computer hacking is no longer exclusively a criminal activity and is often performed by certified professionals who have been specifically requested to assess a computer system’s vulnerabilities (see the next section on “white hat”, “black hat”, and “gray hat” hacking) by testing various methods of penetration. Furthermore, hacking for the purposes of national security has also become a sanctioned (whether acknowledge or not) activities by many national state's. Therefore, a broader understanding of the term should acknowledge that hacking is often authorized, even if the intruder in question is subverting the normal process of accessing the system. Even broader use of the word hacking involves the modification, unconventional use, or subversive access of any object, process, or piece of technology - not just computers or networks. For instance, in the early days of hacker subculture it was a popular activity to “hack” payphones or vending machines to gain access to them without the use of money - and to share the instructions for doing so with the hacking community at large. The simple act of putting normally discarded household objects to new and innovative uses (using empty soda cans as pencil holders, etc.) is often referred to as hacking. Even certain useful processes and shortcuts for everyday life, like using to-do lists or finding creative ways to save money on products and services, are often referred to as hacking (often called “life hacking”). It is also common to encounter the term “hacker” in reference to anyone who is especially talented or knowledgeable in the use of computers.
This blog is concentrate on the concept of hacking that is especially concerned with the activity of gaining access to software.
COMPUTER systems, or networks through unintended means. This includes the simplest forms of social engineering used to determine passwords up to the use of sophisticated hardware and software for advanced penetration. The term hacker will thus be used to refer to any individual, authorized or otherwise, who is attempting to surreptitiously access a computer system or network, without regard to their ethical intentions. The term cracker is also commonly used in place of hacker – specifically in reference to those who are attempting to break pass passwords, bypass software restrictions, or otherwise circumvent computer security.
Classic Hollywood scenes of the Old American West often featured cartoonish depictions of gun slinging adversaries – usually a sheriff or marshal against a dastardly bandit or a band of miscreants. It was common to distinguish the “good guys” from the “bad guys" by the colour of their cowboy hats. The brave and pure protagonist usually wore a white hat, where the Villanova wore a dark coloured or black one. The imagenery carried over into other aspects of culture over the years and eventually made it's way into the jargon of computer security.
A black hat hacker (or cracker) is one who is unambiguously attempting to subvert the security of a computer system (or closed-source software code) or information network knowingly against the will of its owner. The goal of the black hat hacker is to gain unauthorized access to the system, either to obtain or destroy information, cause a disruption in operation, deny access to legitimate users, or to seize control of the system for their own purposes. Some hackers will seize, or threaten to seize, control of a system – or prevent access by others - and blackmail the owner into paying a ransom before relinquishing control. A hacker is considered a black hat even if they have what they themselves would describe as noble intentions. In other words, even hackers who are hacking for social or political purposes are black hats because they intend to exploit any vulnerabilities they discover. Similarly, entities from adversarial nation states that are hacking for the purpose of warfare can be considered black hats regardless of their justifications or the international status of their nations.
Because there are so many creative and unanticipated ways to access computers and networks, often the only way to discover exploitable weaknesses is to attempt to hack one’s own system before someone with malicious intentions does so first and causes irreparable damage. A white hat hacker has been specifically authorized by the owner or custodian of a target system to discover and test its vulnerabilities. This is known as penetration testing. The white hat hacker uses the same tools and procedures as a black hat hacker, and often has equal knowledge and skills. In fact, it is not uncommon for a former black hat to find legitimate employment as a white hat because black hats typically have a great deal of practical experience with system penetration. Government agencies and corporations have been known to employ formerly prosecuted computer criminals to test vital systems.
Hacking & Hackers
The word hacking normally conjures images of a lone cyber-criminal, hunched over a computer and transferring money at will from an unsuspecting bank, or downloading sensitive documents with ease from a government database. In modern English, the term hacking can take on several different meanings depending on the context. As a matter of general use, the word typically refers to the act of exploiting computer security vulnerabilities to gain unauthorized access to a system. However, with the emergence of cybersecurity as a major industry, computer hacking is no longer exclusively a criminal activity and is often performed by certified professionals who have been specifically requested to assess a computer system’s vulnerabilities (see the next section on “white hat”, “black hat”, and “gray hat” hacking) by testing various methods of penetration. Furthermore, hacking for the purposes of national security has also become a sanctioned (whether acknowledge or not) activities by many national state's. Therefore, a broader understanding of the term should acknowledge that hacking is often authorized, even if the intruder in question is subverting the normal process of accessing the system. Even broader use of the word hacking involves the modification, unconventional use, or subversive access of any object, process, or piece of technology - not just computers or networks. For instance, in the early days of hacker subculture it was a popular activity to “hack” payphones or vending machines to gain access to them without the use of money - and to share the instructions for doing so with the hacking community at large. The simple act of putting normally discarded household objects to new and innovative uses (using empty soda cans as pencil holders, etc.) is often referred to as hacking. Even certain useful processes and shortcuts for everyday life, like using to-do lists or finding creative ways to save money on products and services, are often referred to as hacking (often called “life hacking”). It is also common to encounter the term “hacker” in reference to anyone who is especially talented or knowledgeable in the use of computers.
This blog is concentrate on the concept of hacking that is especially concerned with the activity of gaining access to software.
COMPUTER systems, or networks through unintended means. This includes the simplest forms of social engineering used to determine passwords up to the use of sophisticated hardware and software for advanced penetration. The term hacker will thus be used to refer to any individual, authorized or otherwise, who is attempting to surreptitiously access a computer system or network, without regard to their ethical intentions. The term cracker is also commonly used in place of hacker – specifically in reference to those who are attempting to break pass passwords, bypass software restrictions, or otherwise circumvent computer security.
The “Hats” of Hacking
Classic Hollywood scenes of the Old American West often featured cartoonish depictions of gun slinging adversaries – usually a sheriff or marshal against a dastardly bandit or a band of miscreants. It was common to distinguish the “good guys” from the “bad guys" by the colour of their cowboy hats. The brave and pure protagonist usually wore a white hat, where the Villanova wore a dark coloured or black one. The imagenery carried over into other aspects of culture over the years and eventually made it's way into the jargon of computer security.
Black Hat
A black hat hacker (or cracker) is one who is unambiguously attempting to subvert the security of a computer system (or closed-source software code) or information network knowingly against the will of its owner. The goal of the black hat hacker is to gain unauthorized access to the system, either to obtain or destroy information, cause a disruption in operation, deny access to legitimate users, or to seize control of the system for their own purposes. Some hackers will seize, or threaten to seize, control of a system – or prevent access by others - and blackmail the owner into paying a ransom before relinquishing control. A hacker is considered a black hat even if they have what they themselves would describe as noble intentions. In other words, even hackers who are hacking for social or political purposes are black hats because they intend to exploit any vulnerabilities they discover. Similarly, entities from adversarial nation states that are hacking for the purpose of warfare can be considered black hats regardless of their justifications or the international status of their nations.
White Hat
Because there are so many creative and unanticipated ways to access computers and networks, often the only way to discover exploitable weaknesses is to attempt to hack one’s own system before someone with malicious intentions does so first and causes irreparable damage. A white hat hacker has been specifically authorized by the owner or custodian of a target system to discover and test its vulnerabilities. This is known as penetration testing. The white hat hacker uses the same tools and procedures as a black hat hacker, and often has equal knowledge and skills. In fact, it is not uncommon for a former black hat to find legitimate employment as a white hat because black hats typically have a great deal of practical experience with system penetration. Government agencies and corporations have been known to employ formerly prosecuted computer criminals to test vital systems.
Gray Hat
As the name implies, the term gray hat (often spelled as grey) is bit less concrete in it's characterization of hacker's ethics. A gray hat hacker does not necessarily have the permission of a system owner or custodian, and therefore could be considered to be acting unethically when attempting to detect security vulnerabilities. However, a gray hat is not performing these actions with the intention of exploiting the vulnerabilities or helping others to do so. Rather, they are essentially conducting unauthorized penetration testing with the goal of alerting the owner to any potential flaws. Often, gray hats will hack for the express purpose of strengthening a system that they use or enjoy to prevent any future subversion by actors with more malicious intent.
The consequences of unauthorized computer access range from the minor costs and inconveniences of everyday information security to severely dangerous and even deadly situations. Although there can be serious criminal penalties against hackers who are caught and prosecuted, society at large bears the brunt of the financial and human costs of malicious hacking. Because of the interconnected nature of the modern world, a single clever individual sitting in a cafe with a laptop computer can cause enormous damage to life and property. It is important to understand the ramifications of hacking in order to know where to focus efforts for the prevention of certain computer related crimes.
There are, of course, legal consequences for hackers caught intruding into a computer system or network. Specific laws and penalties vary among nations as well as among individual states and municipalities. Enforcement of laws also varies among nations. Some governments simply do not prioritize the prosecution of cybercrimes, especially when the victims are outside of their own country. This allows many hackers to operate with impunity in certain parts of the world. In fact, some advanced nations have elements within their governments in which hacking is a prescribed function. Some military and civilian security and law enforcement agencies feature divisions whose mandate is to hack the sensitive systems of foreign adversaries. It is a point of contention when some of these agencies intrude into the private files and communication of their own citizen's, often leading to political consequences.
Penalties for illegal hacking largely depend on the nature of the transgression itself. Accessing someone’s private information without their authorization would likely carry a lesser penalty than using the access to steal money, sabotage equipment, or to commit treason. High-profile prosecutions have resulted from hackers stealing and either selling or disseminating personal, sensitive, or classified information.
Consequences of Hacking
The consequences of unauthorized computer access range from the minor costs and inconveniences of everyday information security to severely dangerous and even deadly situations. Although there can be serious criminal penalties against hackers who are caught and prosecuted, society at large bears the brunt of the financial and human costs of malicious hacking. Because of the interconnected nature of the modern world, a single clever individual sitting in a cafe with a laptop computer can cause enormous damage to life and property. It is important to understand the ramifications of hacking in order to know where to focus efforts for the prevention of certain computer related crimes.
Criminality
There are, of course, legal consequences for hackers caught intruding into a computer system or network. Specific laws and penalties vary among nations as well as among individual states and municipalities. Enforcement of laws also varies among nations. Some governments simply do not prioritize the prosecution of cybercrimes, especially when the victims are outside of their own country. This allows many hackers to operate with impunity in certain parts of the world. In fact, some advanced nations have elements within their governments in which hacking is a prescribed function. Some military and civilian security and law enforcement agencies feature divisions whose mandate is to hack the sensitive systems of foreign adversaries. It is a point of contention when some of these agencies intrude into the private files and communication of their own citizen's, often leading to political consequences.
Penalties for illegal hacking largely depend on the nature of the transgression itself. Accessing someone’s private information without their authorization would likely carry a lesser penalty than using the access to steal money, sabotage equipment, or to commit treason. High-profile prosecutions have resulted from hackers stealing and either selling or disseminating personal, sensitive, or classified information.
Victims
Victims of hacking range from being the recipients of relatively harmless practical jokes on social media, to those publicly embarrassed by the release of personal photos or emails, to victims of theft, destructive viruses, and blackmail. In more serious cases of hacking where national security is threatened by the release of sensitive information or the destruction of critical infrastructure, society as a whole is the victim.
Identity theft is one of the most common computer crimes. Hackers target the personal information of unsuspecting individual's and either use the data for personal gain or sell it to others. Victims often don't know that their information has been compromised until they see unauthorized activity on their credit card or banking accounts. Although personal data is often obtained by hackers by targeting individual victims, some sophisticated criminals have in recent years been able to gain access to large databases of personal and financial information by hacking the servers of retailers and online service providers with millions of customer accounts. These high-profile data breaches have enormous cost in monetary terms, but also damage the reputations of the targeted companies and shake the public's trust in information security. Similar data breaches have resulted in the public distribution of personal emails and photographs, often causing embarrassment, damaging relationships, and resulting is loss of employment of the victims.
There is a classic “Catch-22“ when it comes to the prevention of hacking. For most individuals, it takes little more than some common sense, vigilance, good security practices, and some freely available software to stay protected and from most attacks. However with the rise in popularity of cloud computing. Where, files are stored on an external server in addition to or instead of on personal devices, individuals have less control over the security of their own data. This puts a large financial burden on the custodians of cloud servers to protect an increasingly high volume of centralized personal information. Large corporations and government entities thus regularly find themselves spending equal or more money per year on computer security than they might lose in most common attacks. Nevertheless, these measures are necessary because a successful, large-scale, sophisticated attack – however unlikely – can have catastrophic consequences. Similarly, individuals wishing to protect themselves from cyber criminals will purchase security software or identity theft protection services. These costs, along with the time and effort spent practicing good information security, can be an unwelcome burden.
Identity theft is one of the most common computer crimes. Hackers target the personal information of unsuspecting individual's and either use the data for personal gain or sell it to others. Victims often don't know that their information has been compromised until they see unauthorized activity on their credit card or banking accounts. Although personal data is often obtained by hackers by targeting individual victims, some sophisticated criminals have in recent years been able to gain access to large databases of personal and financial information by hacking the servers of retailers and online service providers with millions of customer accounts. These high-profile data breaches have enormous cost in monetary terms, but also damage the reputations of the targeted companies and shake the public's trust in information security. Similar data breaches have resulted in the public distribution of personal emails and photographs, often causing embarrassment, damaging relationships, and resulting is loss of employment of the victims.
Prevention Costs
There is a classic “Catch-22“ when it comes to the prevention of hacking. For most individuals, it takes little more than some common sense, vigilance, good security practices, and some freely available software to stay protected and from most attacks. However with the rise in popularity of cloud computing. Where, files are stored on an external server in addition to or instead of on personal devices, individuals have less control over the security of their own data. This puts a large financial burden on the custodians of cloud servers to protect an increasingly high volume of centralized personal information. Large corporations and government entities thus regularly find themselves spending equal or more money per year on computer security than they might lose in most common attacks. Nevertheless, these measures are necessary because a successful, large-scale, sophisticated attack – however unlikely – can have catastrophic consequences. Similarly, individuals wishing to protect themselves from cyber criminals will purchase security software or identity theft protection services. These costs, along with the time and effort spent practicing good information security, can be an unwelcome burden.
National and Global Security
The increasing reliance of industrial control system on networked computer's and devices, along with the rapidly interconnected nature of critical infrastructure, have left the vital services of industrial nations highly vulnerable to cyber-attack. Municipal power, water, sewer, internet, and television services can be disrupted by saboteurs, whether for the purpose of political activism, blackmail, or terrorism. Even short-term interruption of some of these services can result in loss of life or property. The safety of nuclear power plants is of particular concern, as we have seen in recent years that hackers can implant viruses in commonly used electronic components to disrupt industrial machinery. Banking systems and financial trading networks are high value targets for hackers, whether they are seeking financial gain or to cause economic turmoil in a rival nation. Some governments are already openly deploying their own hackers for electronic warfare. Targets for government and military hacking also include the increasingly networked vehicles and instruments of war. Electronic components can be compromised by hackers on the production line before they even make it to a tank, battleship, fighter jet, aerial drone, or other military vehicle – so governments must be careful about who they contract in the supply line. Sensitive email, telephone, or satellite communications must also be protected from adversaries. It is not just nation-states who are a threat to advanced military systems. Terrorist organizations are becoming increasingly sophisticated and are shifting to more technological methods.
Comments
Post a Comment