The purpose of this article is to provide information on the history, uses, and ethics of computer hacking, in order to educate the public on such matters.
Definition(s) of Computer Hacking
Computer hacking has several definitions, but the most common understanding by both authorities and the public is basically this: Hacking is where information is unlawfully or otherwise unwillingly accessed electronically by one party from another party.
This illegal practice, established by hackers themselves, came about with the first domestic computers in the late 1970’s and early 1980’s. Hacking can also be defined as a set of techniques to exploit the vulnerabilities of a group or individual.
These types of definitions of computer hacking give hacking a deservedly bad reputation, however, there are those that would uphold computer hacking as a virtuous endeavour, which may come as a surprise to those who only understand hacking as a breach of security. We feel it is important to express both sides of these words, “hacking” and “hacker”, so as to understand them fully.
A Brief History of Computer Hacking
Around 1960, the terms “hacking” and “hacker” are introduced by the MIT. They originally conveyed the meaning of hacking as more along the lines of experimenting for fun. At this point, hacking had not yet been misused, or exploited.
John Draper, a phone phreak legend, is considered the original pioneer of computer hacking. In 1969, he was able to make long distance calls for free whenever he whistled in the handset using a whistle that had the same tone as the American telephone network. This technique is so named by its creator, and phreaking and would go on to inspire a new wave of computer hackers and programmers like Steve Wozniak (inspired by Draper), whom would help to evolve the first home computers and effectively create a global revolution.
Here is an interesting video, featuring John Draper, discussing some of these things…
It was only in 1980 that the media began publishing articles on hacking. Notably with Kevin Poulsen, who manages to enter a network reserved for the army, universities, and private companies.
There was also the release of the film Wargames whose history is centered on a hacker (played by Matthew Broderick) who manages to access the computer system of the American army. The first computer virus also appears in these years. As a result, hackers were becoming seen as dangerous and irresponsible people, and a stigma was born.
Many hackers have begun their activity by trying to break the restrictions on copyrights or by diverting the rules of computer games before the generalization of the Internet, which then opened up broader horizons to their activity.
It is with the birth of the Internet, in the 1990’s, that we speak for the first time of “cyber crimes”. The adepts of this domain of criminal activity are divided at the beginning. There are “black hat” hackers, who carry out criminal activities, and “white hat” hackers who do not want to hurt anyone, but seek out computer vulnerabilities to make them more public and thus repair them. White hat hackers are also part of the original movement of hackers who seek only to find a deeper understanding of computers as machines, in order to learn. As usual, it is the bad people who get the most attention for their dirty deeds.
In the 2000’s, hackers wanted to push the technology forward yet again and “blow up the locks imposed by the industrialists”. For example, Jon Johansen managed to bypass the DVD protections and copies the contents. Another trend that emerged in the 2000’s was the use of hacking in order to radicalize certain individuals, with hacker groups appearing on the scene like Anonymous, RTMARK, or Chaos Computer Club.
In 2017, these hackers continue to make available their resources, often in the form of a wiki or repository. Computer attacks in the days of Kevin Mitnick, Kevin Poulsen, and Jon Johansen (DVD Jon) were compared to those launched in the 2000’s. By 2017 (the year as of this writing), the threat was less virulent, but much more massive, increasing the number of script kiddies or neophyte hackers.
Behind the term “hacker”, we are generally speaking of those who prefer to delve into the bowels of a computer rather than just use it. The main motivations of such ethical or morally just hackers are often described as are “passion, play, pleasure, exchange and sharing”. In other words, hacking is a form of freedom which can only be attained by bending, if not breaking, certain rules. As such, a hacker is not necessarily going against the law. Like with many words or terms, some people object to the negative connotations attached to the word “hacker”, and struggle to uphold the more “white hat” meaning of the word.
Computer Pirate or Hacker?
In general, modern media seem to link computer hackers to computer pirates, although the meaning of the word “pirate” in the computer realm does not correspond to the definitions of “snooper” or “hacker”, which are more broad. To be clear, a computer pirate is generally always up to no good – stealing and using software that is unlicensed. Whereas, a hacker may simply be, in broader terms, a computer specialist. Hacking often indicates a certain level of knowledge with computers, but that knowledge need not be used illegally – it depends on the individual person doing the “hacking”, so to speak.
Modern Computer Hacking
According to many hackers, hacking places them “at the heart of the development of our societies”, that is, at the heart of information and information sharing. This place at the center of the development of certain new technologies and methodologies is mainly due to the curiosity of hackers. Some self-proclaimed hacker communities promote the sharing of information for main purposes of problem solving, and the distribution of free software is an excellent example of this.
Hacking Etiquette According to MIT
An ethical code for the hacker has been formalized at MIT and includes 11 guidelines:
- Be Safe – Your safety, the safety of others, and the safety of anyone you hack should never be compromised.
- Be Subtle – Leave no evidence that you were ever there.
- Leave things as you found them – or better.
- If you find something broken call F-IXIT.
- Leave no damage.
- Do not steal anything.
- Brute force is the last resort of the incompetent.
- Do not hack while under the influence of alcohol or drugs.
- Do not drop things off (a building) without a ground crew.
- Do not hack alone.
- Above all exercise some common sense.
The Conscience of a Hacker
The author of the modern hack ethic, Lloyd Blankenship, invites us not to look at a single hacker as simply an imaginative and audacious student, or a computer specialist, but to extend this hacker vision to the whole of society and even to the planet. According to him , hacking should therefore be considered in a broader, rather than a more restricted, view. Here he is, speaking on “The Conscience of a Hacker”.
According to Pekka Himanen, hacking functions to solve or help solve problems in many areas of life. Hacking has several ideological aspects that are the extension of the ethics created at MIT.
The community aspect is one of the strengths of hacking. The organization of such communities allows for the extension of information sharing, as communities are interconnected, which helps speed the spread of information along quickly. The organization of such a community allows for the mutual assistance between people, and also to people of young ages who wish to learn new things.
The interconnection of people, who do not know each other, allows an aid that places people on the same level, and this without value judgment. This aspect leads to the generalization and sharing of knowledge without this being done on the basis of criteria such as “position, age, nationality, or diplomas”. Below is a picture of the “hacker dojo”, taking place in Silicon Valley.
P2P, Warez, and Moral Ambiguity
There is a point where the individual must decide what is ethical and what is not, and make a choice, based on what they can do and what they should do. This becomes relevant to hackers when certain information is granted to them, or they have the power to “take” information, or files, illegally. Since hacking is, in part, about circumventing authority and / or copyright, individuals must, at some point, decide if they are going to cross this line of ambiguous morality. In this way, such concepts as P2P and warez communities become extremely relevant in the realm of hacking, as information is often passed between individuals in this way, and both hackers and non-hackers alike tend to embrace the credo that “Information should be free”, which can also be taken as “I want something so I will take it regardless of the consequences”. Those who value hacking as a means to wield certain power and achieve a certain freedom must also consider the responsibilities that come along with it, just like Spiderman.
In general, black hat or immoral computer hacking tends to find a security hole, and then find a way to exploit it. An effective way to find a flaw in a software program that hackers often use is to send it anything until it bugs or glitches. Then it remains only for the hacker to understand why the bug occurs, or at least how to exploit this case which was unforeseen by the programmer. The flaw can be insignificant and give access to very little information or power, but, by exploiting this system in this small way, it is possible to bring down the entire infrastructure eventually, eg. denial of service. However, these attitudes and desires to “bring down the system” do not apply to all hackers. The motivations vary according to the hacker communities, as well as their ideology.
Current Hacker Techniques
Hacking brings together a large number of techniques that come along with varying degrees of success. Here are some of the techniques used by hackers today:
- Social Engineering;
- Stack Overflows and Heap Overflows (buffer overflow),
- Writing shellcode ;
- Exploitation of “format bugs”;
- Sniffing ; snarfing; scanning; spoofing;
- Fingerprinting ;
- Misuse and use of WEB data ( Cookie , CSS , CGI , vulnerabilities in PHP , ASP , SQL , etc.);
- Network attacks
- Distributed Denial of Service (DDoS). It brings together many techniques. The goal is to overload the server (program) to make it fall.
- Attack of the middle man (MITM),
- ARP Spoofing or ARP Poisoning ,
- Fragments attacks, Tiny Fragments, Fragment Overlapping,
- TCP Session Hijacking, DNS Spoofing, DNS ID Spoofing and DNS cache poisoning (DNS Cache Poisoning 10 )
- IP spoofing (IP spoofing)
- Cross-site scripting (XSS)
- Port hopping
Hacktivism – CCC, RTMARK, Anonymous
Hacktivism is the act of hacking a computer system in order to convey a message, an opinion. The mission can be to defend the freedom of expression and to carry out a counter-power on companies and the government.
One of the first groups is the CCC (Chaos Computer Club). It was created in Berlin in the 1980s. Its main purpose is to defend freedom of information and to show that hacking can be used to defend ideological interests. In 1984, the CCC manages to penetrate the network of a German bank, stealing 134000 DM (68500 EUR) which it returned the next day.
Another group appeared in 1990 11 as the RTMARK, the purpose of which is “against abuses of corporations for the law and democracy”.
Anonymous is a hacker group that enlists many cyber-militants and claims to operate against all those who oppose freedom of expression.
Hacking in the News
In 2011, Anonymous hackers enter the Internet server of HBGary Federal, an IT security company. They access the passwords of two executives of the company. These two people had simple passwords consisting of 2 digits and 6 lower case letters. As a result, hackers were given access to the company’s research documents and emails. Also in 2011, Sony’s PlayStation Network (PSN) is hacked. The company subsequently acknowledged that credit card numbers were stolen. Reports subsequently reveal that on a computer piracy site, 2.2 million credit card numbers had been offered for sale.
The Proliferation of Cyber Security Watchdogs
There have been many cyber security watchdog agencies that have emerged in the past 20 years, designed to either to protect the privacy of personal computers or a entire large companies via antivirus, firewall, VPN, etc. On the contrary, some are designed to carry out cyber-attacks (cyber-spying, theft of information, denial of services, etc.).
Such entities related to cyber security appeared before the 2000’s, with companies spearheading such movements, such as IBM , Microsoft , Cisco, and many others offering their services to outside firms and individuals needing such protection. The NSA supports many IT security startups, including Trusted Information Systems (TIS), established in 1983, which works mainly in four areas of security: firewalls, antivirus, VPN and hacker intrusion detection software. In 1998, Microsoft equipped itself with an internal group of “hackers” to protect themselves from any potential breaches.
As of June 6, 2013, Edward Snowden makes public documents revealing many methods of cyber espionage conducted by the NSA. In 2013, Mandiant (a FireEye company) published a report in which they claimed to have evidence of the link between the People’s Army of China Unit 61398 and a global cyber-espionage campaign. This report would serve to propel the insurance market for hacking. In 2015, The Wall Street Journal found at least 29 countries with a military unit dedicated to cyberwar. In 2016, the United States have spent $ 14 billion on computer security. On March 7, 2017, 8761 documents incriminating the CIA of global cyber-espionage are revealed by WikiLeaks.
As we learn from Tom McCourt and Patrick Burkart in a publication, computer flaws are constantly being discovered, and personal information is thus at risk of being fully exposed. A first initiative is set to detect and correct these flaws before software or updates are published. Since all loopholes can not be found, insurance against losses due to piracy and identity theft have been created. Companies are required to invest doubly, first to try to avoid these flaws, but also to regain the confidence of customers or investors after a computer flaw. The investments that Sony had to make following hack of the PlayStation Network to try to compensate for the fall in the stock due to this flaw illustrates well this last point.
Italian company Hacking Team sells software for cyber espionage. By 2015, the software can range from one to several hundred thousand people, costing between US $ 50,000 and US $ 2 million per year, depending on the number of targets to be attacked. The problem with software of this type is that they can have a dual-use. They are intended to track threats but can be used to monitor domestic activities. While users of this kind of software (the security agencies of some countries) advocate a use against terrorism or crime, it turns out that the uses are mainly domestic surveillance or surveillance for political purposes. An archive of WikiLeaks also reveals that independent firms sell vulnerabilities Zero Day, malware, or spyware .
Professionalization of Hackers
There are 4 types of professionalization that a hacker can follow: paid employment, self-employment, rogue activity, or both activities in parallel and therefore a dual identity.
Hackers can be recruited for IT security tasks, especially for software development. They may also be solicited by computer security consulting firms or even as consultants. For example, Secure Point hired Sven Jaschan, arrested not long ago by the police for spreading computer viruses.
Some hackers refuse to be employed, simply because they want to be free. Self-employment often begins with the desire to contribute to computer security by making free licenses available. Then the author becomes dissatisfied that his work is used without consideration. This is how they start to set up their own business. Independence is a form of ideal for some hackers.
The creation of botnets, a computer network infected and controlled remotely by the hacker, is a crooked activity. This type of computer piracy is based on the naivety and neglect of users. The hacker then offers its services to spamming companies so that the attack is quickly disseminated. Botnets can also be rented to launch denial of service attacks or steal information.
The dual identity of a hacker is the fact that he has both a professional activity and a crook.
Cyber attacks are difficult to classify. These may include theft, espionage, terrorism, vandalism or protest, but the boundaries between these different attacks are not always well defined, nor are the motivations of the hackers. The black and white hats are required to use the same tools, making differentiation difficult. Moreover, these attacks can be carried out by a single individual or a complete organization, which further complicates the way of judging cyber crime.
The anonymity of attacks produced by hackers is also a problem with the applicable law. Nicolas Auray explains this anonymity as follows: “By giving traces in an anonymous way, they would refuse to appear before the political-judicial institutions, rejecting the legitimacy of their verdict. They would reject it rather than accept a little civil disobedience: recognize the legitimacy of punishment and let punish”.
The purpose of this article was to provide information about computer hackers, and what they are capable of doing. Not all hackers are trying to bring down the establishment or access the private information of others, and yet some are. This is just the reality of the situation, and those of us who are concerned about such breaches of security need to be more aware of it. Not everyone is looking to become a “hacker”, but most of us would benefit from knowing more about what is going on out there in the world of cyberspace. We hope this article was of some interest!