Minggu, 30 Desember 2007
See also: Hacker
In a security context, a Hacker is someone involved in computer security/insecurity, specializing in the discovery of exploits in systems (for exploitation or prevention), or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge. In the most common general form of this usage, "hacker" refers to a black-hat hacker (a malicious or criminal hacker). There are also ethical hackers (more commonly referred to as white hats), and those more ethically ambiguous (grey hats). To disambiguate the term hacker, often cracker is used instead, referring either to computer security hacker culture as a whole to demarcate it from the academic hacker culture (such as by Eric S. Raymond[1]) or specifically to make a distinction within the computer security context between black-hat hackers and the more ethically positive hackers (commonly known as the white-hat hackers). The context of computer security hacking forms a subculture which is often referred to as the network hacker subculture or simply the computer underground. According to its adherents, cultural values center around the idea of creative and extraordinary computer usage. Proponents claim to be motivated by artistic and political ends, but are often unconcerned about the use of criminal means to achieve them.
Contents[hide]
1 History
2 Artifacts and customs
3 Documents
4 Hacker attitudes
4.1 White hat
4.2 Grey hat
4.3 Blue Hat
4.4 Black Hat
4.5 Script kiddie
4.6 Hacktivist
5 Common methods
5.1 Security exploit
5.2 Vulnerability scanner
5.3 Packet Sniffer
5.4 Spoofing attack
5.5 Rootkit
5.6 Social engineering
5.7 Trojan horse
5.8 Virus
5.9 Worm
6 Notable intruders and criminal hackers
6.1 The 414s
6.2 Mark Abene
6.3 Dark Avenger
6.4 Brian Dorsett
6.5 John Draper
6.6 Farid Essebar
6.7 Gigabyte
6.8 Nahshon Even-Chaim
6.9 Markus Hess
6.10 Jonathan James
6.11 Adrian Lamo
6.12 Vladimir Levin
6.13 Kevin Mitnick
6.14 Robert Tappan Morris
6.15 Craig Neidorf
6.16 Kevin Poulsen
6.17 David L. Smith
6.18 IsKorptix Mahive
6.19 Max Ray Butler
7 Notable Security Hackers
7.1 Eric Corley
7.2 Fyodor
7.3 Johan Helsingius
7.4 Tsutomu Shimomura
7.5 Solar Designer
7.6 Michal Zalewski
8 References
9 Related literature
10 External links
//
[edit] History
Main article: Timeline of hacker history
This short section requires expansion.
[edit] Artifacts and customs
Contrary to the academic hacker subculture, networking hackers have no inherently close connection to the academic world. They have a tendency to work anonymously and in private. It is common among them to use aliases for the purpose of concealing identity, rather than revealing their real names. This practice is uncommon within and even frowned upon by the academic hacker subculture. Members of the network hacking scene are often being stereotypically described as crackers by the academic hacker subculture, yet see themselves as hackers and even try to include academic hackers in what they see as one wider hacker culture, a view harshly rejected by the academic hacker subculture itself. Instead of a hacker – cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat (“ethical hacking”), grey hat, black hat and script kiddie. In contrast to the academic hackers, they usually reserve the term cracker to refer to black hat hackers, or more generally hackers with unlawful intentions.
The network hacking subculture is supported by regular gatherings, so called Hacker cons. These have drawn more and more people every year including SummerCon (Summer), DEF CON, HoHoCon (Christmas), PumpCon (Halloween), H.O.P.E. (Hackers on Planet Earth) and HEU (Hacking at the End of the Universe). They have helped expand the definition and solidify the importance of the network hacker subculture. In Germany, members of the subculture are organized mainly around the Chaos Computer Club.
The subculture has given birth to what its many members consider to be novel forms of art, most notably ascii art. It has also produced its own slang and various forms of unusual alphabet use, for example leetspeak. Both things are usually seen as an especially silly aspect by the academic hacker subculture. In part due to this, the slangs of the two subcultures differ substantially. Political attitude usually includes views for freedom of information, freedom of speech, a right for anonymity and most have a strong opposition against copyright. Writing programs and performing other activities to support these views is referred to as hacktivism by the subculture. Some go as far as seeing illegal elephant cracking ethically justified for this goal; the most common form is website defacement.
The security hackers have also edited some magazines, most notably
2600: The Hacker Quarterly
Hakin9
TAP
Blacklisted 411
[edit] Documents
Hackers from the network hacking subculture often show an adherence to fictional cyberpunk and cyberculture literature and movies. Widely recognized works include:
Hackers (short stories)
The Hacker Crackdown
Snow Crash
William Gibson's Sprawl trilogy
WarGames
Cyberpunk, by Katie Hafner and John Markoff
The Matrix series
Antitrust
Hackers
Enemy of the State
Sneakers
Swordfish
The Net
Absorption of fictional pseudonyms, symbols, values, and metaphors from these fictional works are very common. A non-fictional document with which many members of the subculture identify is the Hacker's Manifesto.
[edit] Hacker attitudes
While hacker may mean simply a person with mastery of computers; however the mass media most often uses "hacker" as synonymous with a (usually criminal) computer intruder. See hacker, and Hacker definition controversy. In computer security, several subgroups with different attitudes and aims use different terms to demarcate themselves from each other, or try to exclude some specific group which which they do not agree.
[edit] White hat
Main article: White hat
A white hat hacker or ethical hacker is someone who breaks security but who does so for altruistic or at least non-malicious reasons. White hats generally have a clearly defined code of ethics, and will often attempt to work with a manufacturer or owner to improve discovered security weaknesses, although many reserve the implicit or explicit threat of public disclosure after a "reasonable" time as a prod to ensure timely response from a corporate entity. The term is also used to describe hackers who work to deliberately design and code more secure systems. To white hats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, black hats may claim the lighter the hat, the more the ethics of the activity are lost.
[edit] Grey hat
Main article: Grey hat
A grey hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted.
[edit] Blue Hat
Main article: Blue Hat
A blue hat hacker is someone outside computer security consulting firms that are used to bug test a system prior to its launch, looking for exploits so they can be closed. The term has also been associated with a roughly annual security conference by Microsoft, the unofficial name coming from the blue color associated with Microsoft employee badges. Also see Big Blue.
[edit] Black Hat
Main article: Black Hat
A black hat hacker is someone who subverts computer security without authorization or who uses technology (usually a computer or the Internet) for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, or many other types of crime. This can mean taking control of a remote computer through a network, or software cracking.
[edit] Script kiddie
Main article: Script kiddie
Script kiddie is a pejorative term for a computer intruder with little or no skill; a person who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing.
[edit] Hacktivist
Main article: hacktivism
A hacktivist is a hacker who utilizes technology to announce a political message. Web vandalism is not necessarily hacktivism.
[edit] Common methods
There are several recurring tools of the trade and techniques used by computer criminals and security experts:
[edit] Security exploit
Main article: Exploit (computer security)
A security exploit is a prepared application that takes advantage of a known weakness.
[edit] Vulnerability scanner
Main article: Vulnerability scanner
A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and it's version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.)
[edit] Packet Sniffer
Main article: Packet sniffer
A packet sniffer is an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network.
[edit] Spoofing attack
Main article: Spoofing attack
A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access.
[edit] Rootkit
Main article: Rootkit
A rootkit is a toolkit for hiding the fact that a computer's security has been compromised, is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.
[edit] Social engineering
Main article: Social engineering (computer security)
Social engineering means convincing other people to provide some form of information about a system, often under false premises. A blatant example would be asking someone for their password or account possibly over a beer or by posing as someone else. A more subtle example would be asking for promotional material or technical references about a company's systems, possibly posing as a journalist.
[edit] Trojan horse
Main article: Trojan horse (computing)
A Trojan horse is a program designed as to seem to being or be doing one thing, such as a legitimate software, but actually being or doing another. They are not necessarily malicious programs. A trojan horse can be used to set up a back door in a computer system so that the intruder can return later and gain access. Viruses that fool a user into downloading and/or executing them by pretending to be useful applications are also sometimes called trojan horses. (The name refers to the horse from the Trojan War, with conceptually similar function of deceiving defenders into bringing an intruder inside.) See also Dialer.
[edit] Virus
Main article: Computer virus
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.
[edit] Worm
Main article: Computer worm
Like a virus, a worm is also a self-replicating program. The difference between a virus and a worm is that a worm does not create multiple copies of itself on one system: it propagates through computer networks. After the comparison between computer viruses and biological viruses, the obvious comparison here is to a bacterium. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program. It is possible for a program to have the blunt characteristics of both a worm and a virus.
[edit] Notable intruders and criminal hackers
[edit] The 414s
Main article: The 414s
The 414s were a gang of six teenagers named after their Milwaukee, Wisconsin area code, who broke into dozens of computer systems throughout the United States and Canada in 1983. Their exploits included Los Alamos National Laboratory, Sloan-Kettering Cancer Center and Security Pacific Bank. [2][3] The incident appeared as the cover story of Newsweek with the title Beware: Hackers at play,[4] possibly the first mass-media use of the term hacker in the context of computer security. As a result, the U.S. House of Representatives held hearings on computer security and passed several laws [5].
[edit] Mark Abene
Main article: Mark Abene
Mark Abene (also known as Phiber Optik) inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.
[edit] Dark Avenger
Main article: Dark Avenger
Dark Avenger is the pseudonym of a Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
[edit] Brian Dorsett
Main article: Brian Dorsett (hacker)
Brian Dorsett reverse-engineered the NDS satellite access smartcard known as the HU card. Currently imprisoned at Miami FDC. Records a daily podcast from prison titled Prisoncast — Developer of "HU Loader" Pleads Guilty in Satellite Television Piracy Case
[edit] John Draper
Main article: John Draper
John Draper (also known as Captain Crunch) is widely credited with evangelizing the use of the 2600 hertz tone generated by whistles distributed in Captain Crunch cereal boxes in the 1970s, and sometimes inaccurately credited with discovering their use. Draper served time in prison for his work, and is believed to have introduced Steve Wozniak to phone phreaking through the 2600Hz tone. Draper now develops anti-spam and security software.
[edit] Farid Essebar
Main article: Farid Essebar
Farid Essebar (also known as Diabl0) is the creator of Zotob
[edit] Gigabyte
Kim Vanvaeck, alias Gigabyte, a female teen virus writer from Belgium. She is the creator of 'W32/Sharpei' virus, of which the replication code is written in C#. She is also well known for frequent run-ins with ubiquitous AV spokesman Graham Cluley over his sociological analysis of virus writers. She was recently arrested by Belgian police.
[edit] Nahshon Even-Chaim
Main article: Nahshon Even-Chaim
Nahshon Even-Chaim (also known as Phoenix) was a leading member of Australian hacking group The Realm. Targeted US defence and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He and fellow Realm members Electron and Nom were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.
[edit] Markus Hess
Main article: Markus Hess
Markus Hess is a West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
[edit] Jonathan James
Main article: Jonathan James (convicted cybercriminal)
Jonathan James (also known as c0mrade) downloaded $1.7 million dollars worth of software which controlled the International Space Station's life sustaining elements, and intercepted thousands of electronic messages relating to U.S. nuclear activities from the Department of Defense. Sentenced at age 16, he was the youngest person ever incarcerated for cybercrime in the United States.
[edit] Adrian Lamo
Main article: Adrian Lamo
Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.
[edit] Vladimir Levin
Main article: Vladimir Levin
Vladimir Levin allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used, or even if Vladamir was a mathematician, is unknown.
[edit] Kevin Mitnick
Main article: Kevin Mitnick
Kevin Mitnick was held in jail for four and a half years and released on January 21, 2000. He was convicted of computer related crimes and possession of several forged identification documents. Once "the most wanted man in cyberspace", Mitnick went on to be a prolific public speaker, author, and media personality.
[edit] Robert Tappan Morris
Main article: Robert Tappan Morris
Robert T. Morris, while a graduate student at Cornell University in 1988, created the first worm, Morris Worm, which used buffer overflows to propagate. He is the son of Robert Morris, the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA). Morris was not exactly a hacker of the computer security hacker culture, but a user of the MIT-AI, the home machine of the early academic hacker culture. According to Steven Levy, he was a true hacker who blundered.
[edit] Craig Neidorf
Main article: Craig Neidorf
In 1990, Neidorf (a co-founder of Phrack) was prosecuted for stealing the E911 document from BellSouth and publicly distributing it online. BellSouth claimed that the document was worth $80,000; they dropped the charges after it was revealed that copies of the document could simply be ordered for a minuscule $13.
[edit] Kevin Poulsen
Main article: Kevin Poulsen
In 1990, Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.
[edit] David L. Smith
Main article: David L. Smith (virus writer)
In 1999, Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.
[edit] IsKorptix Mahive
Main article: IsKorptix (defacements)
In 2006, IsKorptix was responsible for the biggest Mass Website Defacement in webhosting history. Hacking 21,549 websites in one shot, with a total estimated amount of more then 40,000 websites. The biggest hacking incident in the web-hosting history
[edit] Max Ray Butler
Main article: Max Ray Butler (carder hacker)
Between 2000 - 2007, Max Ray Butler was responsible for running one of the largest online Credit Card fraud and hacking network by the names Iceman, Aphex, Max Vision. He got arrested on 5 September 2007 by the FBI. "Iceman," Founder of Online Credit Card Theft Ring, Indicted on Wire Fraud and Identity Theft Charges
[edit] Notable Security Hackers
[edit] Eric Corley
Main article: Eric Gorden Corley
Eric Corley (also known as Emmanuel Goldstein) is the long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. He has been part of the hacker community since the late '70s.
[edit] Fyodor
Main article: Fyodor (Hacker)
Fyodor is the pseudonym of the author of the Nmap Security Scanner and many books and web sites.
[edit] Johan Helsingius
Main article: Johan Helsingius
Johan "Julf" Helsingius operated the world's most popular anonymous remailer, the Penet remailer (called penet.fi), until he closed up shop in September 1996.
[edit] Tsutomu Shimomura
Main article: Tsutomu Shimomura
Shimomura helped catch Kevin Mitnick, the United States' most infamous computer intruder, in early 1994. He is the co-author of a book about the Mitnick case, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It (ISBN 0-7868-8913-6).
[edit] Solar Designer
Main article: Solar Designer
Solar Designer is the pseudonym of the founder of the Openwall Project.
[edit] Michal Zalewski
Main article: Michal Zalewski
Michal Zalweski (lcamtuf) is a prominent security researcher.
[edit] References
^ http://www.catb.org/hacker-emblem/
^ Detroit Free Press, September 27, 1983
^ The 414 Gang Strikes Again, Philip Elmer-DeWitt, Time magazine, Aug. 29, 1983, p. 75
^ Beware: Hackers at play, Newsweek, September 5, 1983, pp. 42-46,48
^ David Bailey, "Attacks on Computers: Congressional Hearings and Pending Legislation," sp, p. 180, 1984 IEEE Symposium on Security and Privacy, 1984.
[edit] Related literature
Clifford Stoll (1990). The Cuckoo's Egg. The Bodley Head Ltd. ISBN 0-370-31433-6.
Code Hacking: A Developer's Guide to Network Security by Richard Conway, Julian Cordingley
Kevin Beaver. Hacking For Dummies.
Katie Hafner & John Markoff (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon & Schuster. ISBN 0-671-68322-5.
David H. Freeman & Charles C. Mann (1997). @ Large: The Strange Case of the World's Biggest Internet Invasion. Simon & Schuster. ISBN 0-684-82464-7.
Suelette Dreyfus (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier. Mandarin. ISBN 1-86330-595-5.
Bill Apro & Graeme Hammond (2005). Hackers: The Hunt for Australia's Most Infamous Computer Cracker. Five Mile Press. ISBN 1-74124-722-5.
Stuart McClure, Joel Scambray & George Kurtz (1999). Hacking Exposed. Mcgraw-Hill. ISBN 0-07-212127-0.
[edit] External links
Hacking in 17 easy steps, by Doug Mclean.
Voices in My Head - MindVox: The Overture by Patrick Kroupa
Defining Hacking Culture and Its Potential as Resistance
Retrieved from "http://en.wikipedia.org/wiki/Hacker_%28computer_security%29"
Categories: Articles needing additional references from November 2007 Articles with sections needing expansion Hacking (computer security)
In a security context, a Hacker is someone involved in computer security/insecurity, specializing in the discovery of exploits in systems (for exploitation or prevention), or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge. In the most common general form of this usage, "hacker" refers to a black-hat hacker (a malicious or criminal hacker). There are also ethical hackers (more commonly referred to as white hats), and those more ethically ambiguous (grey hats). To disambiguate the term hacker, often cracker is used instead, referring either to computer security hacker culture as a whole to demarcate it from the academic hacker culture (such as by Eric S. Raymond[1]) or specifically to make a distinction within the computer security context between black-hat hackers and the more ethically positive hackers (commonly known as the white-hat hackers). The context of computer security hacking forms a subculture which is often referred to as the network hacker subculture or simply the computer underground. According to its adherents, cultural values center around the idea of creative and extraordinary computer usage. Proponents claim to be motivated by artistic and political ends, but are often unconcerned about the use of criminal means to achieve them.
Contents[hide]
1 History
2 Artifacts and customs
3 Documents
4 Hacker attitudes
4.1 White hat
4.2 Grey hat
4.3 Blue Hat
4.4 Black Hat
4.5 Script kiddie
4.6 Hacktivist
5 Common methods
5.1 Security exploit
5.2 Vulnerability scanner
5.3 Packet Sniffer
5.4 Spoofing attack
5.5 Rootkit
5.6 Social engineering
5.7 Trojan horse
5.8 Virus
5.9 Worm
6 Notable intruders and criminal hackers
6.1 The 414s
6.2 Mark Abene
6.3 Dark Avenger
6.4 Brian Dorsett
6.5 John Draper
6.6 Farid Essebar
6.7 Gigabyte
6.8 Nahshon Even-Chaim
6.9 Markus Hess
6.10 Jonathan James
6.11 Adrian Lamo
6.12 Vladimir Levin
6.13 Kevin Mitnick
6.14 Robert Tappan Morris
6.15 Craig Neidorf
6.16 Kevin Poulsen
6.17 David L. Smith
6.18 IsKorptix Mahive
6.19 Max Ray Butler
7 Notable Security Hackers
7.1 Eric Corley
7.2 Fyodor
7.3 Johan Helsingius
7.4 Tsutomu Shimomura
7.5 Solar Designer
7.6 Michal Zalewski
8 References
9 Related literature
10 External links
//
[edit] History
Main article: Timeline of hacker history
This short section requires expansion.
[edit] Artifacts and customs
Contrary to the academic hacker subculture, networking hackers have no inherently close connection to the academic world. They have a tendency to work anonymously and in private. It is common among them to use aliases for the purpose of concealing identity, rather than revealing their real names. This practice is uncommon within and even frowned upon by the academic hacker subculture. Members of the network hacking scene are often being stereotypically described as crackers by the academic hacker subculture, yet see themselves as hackers and even try to include academic hackers in what they see as one wider hacker culture, a view harshly rejected by the academic hacker subculture itself. Instead of a hacker – cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat (“ethical hacking”), grey hat, black hat and script kiddie. In contrast to the academic hackers, they usually reserve the term cracker to refer to black hat hackers, or more generally hackers with unlawful intentions.
The network hacking subculture is supported by regular gatherings, so called Hacker cons. These have drawn more and more people every year including SummerCon (Summer), DEF CON, HoHoCon (Christmas), PumpCon (Halloween), H.O.P.E. (Hackers on Planet Earth) and HEU (Hacking at the End of the Universe). They have helped expand the definition and solidify the importance of the network hacker subculture. In Germany, members of the subculture are organized mainly around the Chaos Computer Club.
The subculture has given birth to what its many members consider to be novel forms of art, most notably ascii art. It has also produced its own slang and various forms of unusual alphabet use, for example leetspeak. Both things are usually seen as an especially silly aspect by the academic hacker subculture. In part due to this, the slangs of the two subcultures differ substantially. Political attitude usually includes views for freedom of information, freedom of speech, a right for anonymity and most have a strong opposition against copyright. Writing programs and performing other activities to support these views is referred to as hacktivism by the subculture. Some go as far as seeing illegal elephant cracking ethically justified for this goal; the most common form is website defacement.
The security hackers have also edited some magazines, most notably
2600: The Hacker Quarterly
Hakin9
TAP
Blacklisted 411
[edit] Documents
Hackers from the network hacking subculture often show an adherence to fictional cyberpunk and cyberculture literature and movies. Widely recognized works include:
Hackers (short stories)
The Hacker Crackdown
Snow Crash
William Gibson's Sprawl trilogy
WarGames
Cyberpunk, by Katie Hafner and John Markoff
The Matrix series
Antitrust
Hackers
Enemy of the State
Sneakers
Swordfish
The Net
Absorption of fictional pseudonyms, symbols, values, and metaphors from these fictional works are very common. A non-fictional document with which many members of the subculture identify is the Hacker's Manifesto.
[edit] Hacker attitudes
While hacker may mean simply a person with mastery of computers; however the mass media most often uses "hacker" as synonymous with a (usually criminal) computer intruder. See hacker, and Hacker definition controversy. In computer security, several subgroups with different attitudes and aims use different terms to demarcate themselves from each other, or try to exclude some specific group which which they do not agree.
[edit] White hat
Main article: White hat
A white hat hacker or ethical hacker is someone who breaks security but who does so for altruistic or at least non-malicious reasons. White hats generally have a clearly defined code of ethics, and will often attempt to work with a manufacturer or owner to improve discovered security weaknesses, although many reserve the implicit or explicit threat of public disclosure after a "reasonable" time as a prod to ensure timely response from a corporate entity. The term is also used to describe hackers who work to deliberately design and code more secure systems. To white hats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, black hats may claim the lighter the hat, the more the ethics of the activity are lost.
[edit] Grey hat
Main article: Grey hat
A grey hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted.
[edit] Blue Hat
Main article: Blue Hat
A blue hat hacker is someone outside computer security consulting firms that are used to bug test a system prior to its launch, looking for exploits so they can be closed. The term has also been associated with a roughly annual security conference by Microsoft, the unofficial name coming from the blue color associated with Microsoft employee badges. Also see Big Blue.
[edit] Black Hat
Main article: Black Hat
A black hat hacker is someone who subverts computer security without authorization or who uses technology (usually a computer or the Internet) for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, or many other types of crime. This can mean taking control of a remote computer through a network, or software cracking.
[edit] Script kiddie
Main article: Script kiddie
Script kiddie is a pejorative term for a computer intruder with little or no skill; a person who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing.
[edit] Hacktivist
Main article: hacktivism
A hacktivist is a hacker who utilizes technology to announce a political message. Web vandalism is not necessarily hacktivism.
[edit] Common methods
There are several recurring tools of the trade and techniques used by computer criminals and security experts:
[edit] Security exploit
Main article: Exploit (computer security)
A security exploit is a prepared application that takes advantage of a known weakness.
[edit] Vulnerability scanner
Main article: Vulnerability scanner
A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and it's version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.)
[edit] Packet Sniffer
Main article: Packet sniffer
A packet sniffer is an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network.
[edit] Spoofing attack
Main article: Spoofing attack
A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access.
[edit] Rootkit
Main article: Rootkit
A rootkit is a toolkit for hiding the fact that a computer's security has been compromised, is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.
[edit] Social engineering
Main article: Social engineering (computer security)
Social engineering means convincing other people to provide some form of information about a system, often under false premises. A blatant example would be asking someone for their password or account possibly over a beer or by posing as someone else. A more subtle example would be asking for promotional material or technical references about a company's systems, possibly posing as a journalist.
[edit] Trojan horse
Main article: Trojan horse (computing)
A Trojan horse is a program designed as to seem to being or be doing one thing, such as a legitimate software, but actually being or doing another. They are not necessarily malicious programs. A trojan horse can be used to set up a back door in a computer system so that the intruder can return later and gain access. Viruses that fool a user into downloading and/or executing them by pretending to be useful applications are also sometimes called trojan horses. (The name refers to the horse from the Trojan War, with conceptually similar function of deceiving defenders into bringing an intruder inside.) See also Dialer.
[edit] Virus
Main article: Computer virus
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.
[edit] Worm
Main article: Computer worm
Like a virus, a worm is also a self-replicating program. The difference between a virus and a worm is that a worm does not create multiple copies of itself on one system: it propagates through computer networks. After the comparison between computer viruses and biological viruses, the obvious comparison here is to a bacterium. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program. It is possible for a program to have the blunt characteristics of both a worm and a virus.
[edit] Notable intruders and criminal hackers
[edit] The 414s
Main article: The 414s
The 414s were a gang of six teenagers named after their Milwaukee, Wisconsin area code, who broke into dozens of computer systems throughout the United States and Canada in 1983. Their exploits included Los Alamos National Laboratory, Sloan-Kettering Cancer Center and Security Pacific Bank. [2][3] The incident appeared as the cover story of Newsweek with the title Beware: Hackers at play,[4] possibly the first mass-media use of the term hacker in the context of computer security. As a result, the U.S. House of Representatives held hearings on computer security and passed several laws [5].
[edit] Mark Abene
Main article: Mark Abene
Mark Abene (also known as Phiber Optik) inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.
[edit] Dark Avenger
Main article: Dark Avenger
Dark Avenger is the pseudonym of a Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
[edit] Brian Dorsett
Main article: Brian Dorsett (hacker)
Brian Dorsett reverse-engineered the NDS satellite access smartcard known as the HU card. Currently imprisoned at Miami FDC. Records a daily podcast from prison titled Prisoncast — Developer of "HU Loader" Pleads Guilty in Satellite Television Piracy Case
[edit] John Draper
Main article: John Draper
John Draper (also known as Captain Crunch) is widely credited with evangelizing the use of the 2600 hertz tone generated by whistles distributed in Captain Crunch cereal boxes in the 1970s, and sometimes inaccurately credited with discovering their use. Draper served time in prison for his work, and is believed to have introduced Steve Wozniak to phone phreaking through the 2600Hz tone. Draper now develops anti-spam and security software.
[edit] Farid Essebar
Main article: Farid Essebar
Farid Essebar (also known as Diabl0) is the creator of Zotob
[edit] Gigabyte
Kim Vanvaeck, alias Gigabyte, a female teen virus writer from Belgium. She is the creator of 'W32/Sharpei' virus, of which the replication code is written in C#. She is also well known for frequent run-ins with ubiquitous AV spokesman Graham Cluley over his sociological analysis of virus writers. She was recently arrested by Belgian police.
[edit] Nahshon Even-Chaim
Main article: Nahshon Even-Chaim
Nahshon Even-Chaim (also known as Phoenix) was a leading member of Australian hacking group The Realm. Targeted US defence and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He and fellow Realm members Electron and Nom were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.
[edit] Markus Hess
Main article: Markus Hess
Markus Hess is a West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
[edit] Jonathan James
Main article: Jonathan James (convicted cybercriminal)
Jonathan James (also known as c0mrade) downloaded $1.7 million dollars worth of software which controlled the International Space Station's life sustaining elements, and intercepted thousands of electronic messages relating to U.S. nuclear activities from the Department of Defense. Sentenced at age 16, he was the youngest person ever incarcerated for cybercrime in the United States.
[edit] Adrian Lamo
Main article: Adrian Lamo
Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.
[edit] Vladimir Levin
Main article: Vladimir Levin
Vladimir Levin allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used, or even if Vladamir was a mathematician, is unknown.
[edit] Kevin Mitnick
Main article: Kevin Mitnick
Kevin Mitnick was held in jail for four and a half years and released on January 21, 2000. He was convicted of computer related crimes and possession of several forged identification documents. Once "the most wanted man in cyberspace", Mitnick went on to be a prolific public speaker, author, and media personality.
[edit] Robert Tappan Morris
Main article: Robert Tappan Morris
Robert T. Morris, while a graduate student at Cornell University in 1988, created the first worm, Morris Worm, which used buffer overflows to propagate. He is the son of Robert Morris, the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA). Morris was not exactly a hacker of the computer security hacker culture, but a user of the MIT-AI, the home machine of the early academic hacker culture. According to Steven Levy, he was a true hacker who blundered.
[edit] Craig Neidorf
Main article: Craig Neidorf
In 1990, Neidorf (a co-founder of Phrack) was prosecuted for stealing the E911 document from BellSouth and publicly distributing it online. BellSouth claimed that the document was worth $80,000; they dropped the charges after it was revealed that copies of the document could simply be ordered for a minuscule $13.
[edit] Kevin Poulsen
Main article: Kevin Poulsen
In 1990, Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.
[edit] David L. Smith
Main article: David L. Smith (virus writer)
In 1999, Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.
[edit] IsKorptix Mahive
Main article: IsKorptix (defacements)
In 2006, IsKorptix was responsible for the biggest Mass Website Defacement in webhosting history. Hacking 21,549 websites in one shot, with a total estimated amount of more then 40,000 websites. The biggest hacking incident in the web-hosting history
[edit] Max Ray Butler
Main article: Max Ray Butler (carder hacker)
Between 2000 - 2007, Max Ray Butler was responsible for running one of the largest online Credit Card fraud and hacking network by the names Iceman, Aphex, Max Vision. He got arrested on 5 September 2007 by the FBI. "Iceman," Founder of Online Credit Card Theft Ring, Indicted on Wire Fraud and Identity Theft Charges
[edit] Notable Security Hackers
[edit] Eric Corley
Main article: Eric Gorden Corley
Eric Corley (also known as Emmanuel Goldstein) is the long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. He has been part of the hacker community since the late '70s.
[edit] Fyodor
Main article: Fyodor (Hacker)
Fyodor is the pseudonym of the author of the Nmap Security Scanner and many books and web sites.
[edit] Johan Helsingius
Main article: Johan Helsingius
Johan "Julf" Helsingius operated the world's most popular anonymous remailer, the Penet remailer (called penet.fi), until he closed up shop in September 1996.
[edit] Tsutomu Shimomura
Main article: Tsutomu Shimomura
Shimomura helped catch Kevin Mitnick, the United States' most infamous computer intruder, in early 1994. He is the co-author of a book about the Mitnick case, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It (ISBN 0-7868-8913-6).
[edit] Solar Designer
Main article: Solar Designer
Solar Designer is the pseudonym of the founder of the Openwall Project.
[edit] Michal Zalewski
Main article: Michal Zalewski
Michal Zalweski (lcamtuf) is a prominent security researcher.
[edit] References
^ http://www.catb.org/hacker-emblem/
^ Detroit Free Press, September 27, 1983
^ The 414 Gang Strikes Again, Philip Elmer-DeWitt, Time magazine, Aug. 29, 1983, p. 75
^ Beware: Hackers at play, Newsweek, September 5, 1983, pp. 42-46,48
^ David Bailey, "Attacks on Computers: Congressional Hearings and Pending Legislation," sp, p. 180, 1984 IEEE Symposium on Security and Privacy, 1984.
[edit] Related literature
Clifford Stoll (1990). The Cuckoo's Egg. The Bodley Head Ltd. ISBN 0-370-31433-6.
Code Hacking: A Developer's Guide to Network Security by Richard Conway, Julian Cordingley
Kevin Beaver. Hacking For Dummies.
Katie Hafner & John Markoff (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon & Schuster. ISBN 0-671-68322-5.
David H. Freeman & Charles C. Mann (1997). @ Large: The Strange Case of the World's Biggest Internet Invasion. Simon & Schuster. ISBN 0-684-82464-7.
Suelette Dreyfus (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier. Mandarin. ISBN 1-86330-595-5.
Bill Apro & Graeme Hammond (2005). Hackers: The Hunt for Australia's Most Infamous Computer Cracker. Five Mile Press. ISBN 1-74124-722-5.
Stuart McClure, Joel Scambray & George Kurtz (1999). Hacking Exposed. Mcgraw-Hill. ISBN 0-07-212127-0.
[edit] External links
Hacking in 17 easy steps, by Doug Mclean.
Voices in My Head - MindVox: The Overture by Patrick Kroupa
Defining Hacking Culture and Its Potential as Resistance
Retrieved from "http://en.wikipedia.org/wiki/Hacker_%28computer_security%29"
Categories: Articles needing additional references from November 2007 Articles with sections needing expansion Hacking (computer security)
Langganan:
Postingan (Atom)
