Saturday, June 9, 2007

Hacking Defined

This is a essay that I did a while a back and I though I would post since it defines the various types of hackers and dismisses some common misconceptions about this group of people. As with the my other posts, you may use this for your educational use with out question --- provided you give me credit. If you would like to use my work for profit you can make a request here. Enjoy ;-)

Hackers: Protectors of Computers

“What is a hacker?” seems like it has an obvious answer, but it does not. Right now I bet you are thinking about some kind of evil crook that tries to break into a company’s, or individual’s, computer in order to steal private information. Though this may be true, a hacker is just someone “who is proficient at using or programming a computer” (“Hacker”). There are two types of hackers. Black hat hackers give hacking a bad name; they break into computers to destroy them or to steal data. White hat hackers look for vulnerabilities in a computer system to make the owner and data safer. Script kiddies, amateurs, and elite hackers, the three skill levels of hacking, can be either black hats or white hats.

In the book, Hack Proofing, Jeff Forristal explains the differences between white hats (also called ethical hackers) and black hats (or malicious hackers). The term “ethical hacking occurs anytime you are ‘testing the limits’” concerning a piece of software or hardware you, or your affiliates, have created (10). Those hacking as black hats can be labeled as “malicious hackers … [who] exploit a weakness … lead to theft, a DDoS attack [denial of service], or defacing of a website” (10). There is also the question that some people may ask: when “is it … okay for someone to … poke around in some manner in search of an exploitable weakness?” (11).

There are many companies that hire white hat hackers in order to prevent black hats from taking over. In Jeff Forristal’s book, which tells businesses how to protect their websites, he recommends, “the best possible way to focus on security … is to begin to think like a hacker” (32). Another suggestion is to “invite a hacker into your code. Think security from every level” (527). He is basically saying in order to protect your system and data, you must know the way they think and try to observe the methods they use to hack into your system.

The most novice hackers, script kiddies, do not know what they are doing or what the rules of hacking are. They think it is “kool” to hack government or company computer systems and, therefore, they can create much damage and be traced easily. Christopher J. Coyne from the Department of Economics at Hampden-SydneyCollege stated, “inferior programming skills prevent them from creating effective hacking programs” (17). Most of the time, they are just trying to “gain notoriety for the damage they cause using the programs and information created by more elite hackers” (17); this is why they are called “script” kiddies.

Amateur hackers are between script kiddies and elite hackers. They have good knowledge of hacking rules and how to get what they want. They many times can’t be traced easily. They may use a backdoor, a way of running an undetectable code on a host’s system that requires no login or confirmation (Forristal, 196). These people hack for enjoyment, although some could still be using it as a way to show off.

Elite hackers are the most proficient; their success and recognition among their peers makes them “the cream of the underground” (Coyne, 21). They could be thought of as hacker’s heroes, or leaders, since they “are the most innovative in the underground and are responsible for making hacking programs publicly available” (21). Some start out as “individuals who used to hack illegally” and, on their own or by being caught, ended up as ethical hackers and/or hired as security analyzers (21). This “‘hiring a hacker’” has great advantages because the new “security professional is familiar with the methods used by hackers” (Forristal 11). They still may hack for fun, but a lot of the time, these “hackers sell their skills at finding security weaknesses in computer systems.” (Coyne, 21).

Governments, computer businesses, and individuals pay in order to have hackers test their security by inviting them to hack into their computer systems. It takes hours, weeks, and even months to move from script kiddie to amateur; and many years to obtain the well deserved “rank” of elite hacker.

Coyne, Christopher J. and Peter T. Leeson. “The Economics of Computer Hacking.” Journal of Law, Economics, and Policy 1 (2006): 511-532.

Forristal, Jeff. Hack Proofing: Your Web Applications. Ed. Julie Traxler. Massachusetts: Syngress Publishing, 2001.

“Hacker.” The AmericanHeritageCollege Dictionary. 4th ed. 2004