Jump to content

Security hacker

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Pengo (talk | contribs) at 02:42, 17 August 2005 (first draft, moving info out from Hacker). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A criminal hacker, cracker, or most commonly just hacker, is a person who exploits systems or gain unauthorized access through clever tactics and detailed knowledge.

In this sense a hacker is someone who subverts computer security without authorization or indeed, anyone who has been accused of using technology (usually a computer or the Internet) for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, and many other forms of crime. This can mean taking control of a remote computer through a network, or software cracking. This is the pejorative sense of hacker, in this context equivalent to cracker, black-hat hacker, or simply "criminal" in order to prevent ambiguity.

A hacktivist is a hacker who utilizes technology to announce a political message. It should be noted that web vandalism is not necessarily hacktivism.

There are several recurring tools of the trade used by computer criminals:

  • Trojan horse — These are programs designed so that they seem to do or be one thing, such as a legitimate software, but actually are or do another. They are not necessarily malicious programs. A trojan horse can be used to set up a back door in a computer system so that the intruder can return later and gain access. Viruses that fool a user into downloading and/or executing them by pretending to be useful applications are also sometimes called trojan horses. See also: Dialer.
  • Virus — A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see this article about computer viruses). Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.
  • Worm — Like a virus, a worm is also a self-replicating program. The difference between a virus and a worm is that a worm does not create multiple copies of itself on one system and that it propogates itself through computer networks. After the comparison between computer viruses and biological viruses, the obvious comparison here is to a bacterium. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program. It is possible for a program to have the blunt characteristics of both a worm and a virus.
  • Vulnerability scanner — A tool used to quickly check computers on a network for known weaknesses. Hackers also use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound.)
  • Sniffer — An application that captures password and other data while it is in transit either within the computer or over the network.
  • Exploit — A prepared application that takes advantage of a known weakness.
  • Social engineering — Using manipulation skills in order to obtain some form of information. An example would be asking someone for their password or account possibly over a beer or by posing as someone else.
  • Root kit — A toolkit for hiding the fact that a computer's security has been compromised. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.

Those who consider themselves hackers in this sense but who don't write their own programs, and who generally don't really understand the inner workings of the computers they gain access to, are known as script kiddies or "amateur hobbyists" in the UK. The term originates from the idea that no one is born with knowledge of these things, and everyone must at some point use "scripts" to learn. The term is also a reference to Linux/Unix scripts, which are small applications that can accomplish a specific task with little more input than the target of the attack. To some however the term expresses considerable contempt, being meant to indicate that they are immature (or unable to realize the equality lesson contained in the somewhat loaded term), and only use "scripts" and programs created by other people, in what is merely simple vandalism (if not outright theft).

Similiar, synonymous and related terms:

  • Blackhat / Black Hat: From the traditional Cowboy movie genre; most generally, a hacker lacking in ethics. Usually a Black Hat refers to a person that maintains knowlege of the vulnerabilities and exploits they find as secret for private advantage, not revealing them either to the general public or manufacturer for correction. Many Black Hats promote individual freedom and accessibility over privacy and security. Black Hats may seek to expand holes in systems; any attempts made to patch software are generally to prevent others from also compromising a system they have already obtained secure control over. A blackhat hacker may have access to 0-day exploits (private software that exploits security vulnerabilities; 0day exploits have not been distributed to the public). In the most extreme cases, Black Hats may work to cause damage maliciously, and/or make threats to do so for blackmail purposes.
  • Cracker: A hacker in the negative sense of a deliberate intruder. The use of the term began to spread around 1983, probably introduced both due to similar phonetic sound and as construction from the historical slang of safe cracker. Also theorized by some to be a portmanteau of the words criminal and hacker. Generally pejorative in use. A Cracker can also mean a person who has specialized in working around copy protections. See also Software cracker.
  • Grey hat: A hacker of ambiguous ethics and/or borderline legality, often frankly admitted.
  • Script kiddie: A person with little or no skill; alternately, a person who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing. Usually both refers to computer intruders and highly pejorative.
  • Sneaker: An alternate term for a deliberate intruder, usually refering to one either investigating a system by someone with lawful authority (such as an owner or law-enforcement agency), but sometimes refering to an intruder who seeks to have minimal impact on a system. Usage somewhat uncommon.
  • Whitehat or White Hat: A hacker who breaks security but who does so for altruistic or at least non-malicious reasons. White hats generally have a clearly defined code of ethics, and will often attempt to work with a manufacturer or owner to ameliorate discovered security weaknesses, although many reserve the implicit or explicit threat of public disclosure after a "reasonable" time as a prod to insure timely response from a corporate entity. The term is also used to describe hackers who work to deliberately design and code more secure systems. To White Hats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, blackhats may claim the lighter the hat, the more the ethics of the activity are lost.

Notable intruder and criminal hackers

Note that many of these have since turned to fully legal hacking.

  • Eric Corley (a.k.a Emmanuel Goldstein) — Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. He has been part of the hacker community since the late '70s.
  • Mark Abene (a.k.a. Phiber Optik) — Inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.
  • Dark Avenger — Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
  • John Draper (a.k.a. "Captain Crunch") — Draper is widely credited with evangelizing the use of the 2600 hertz tone generated by whistles distributed in Captain Crunch cereal boxes in the 1970's, and sometimes inaccurately credited with discovering their use. Draper served time in prison for his work, and is believed to have introduced Steve Wozniak to phone phreaking through the 2600hz tone. Draper now develops anti-spam and security software.
  • Markus Hess — A West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
  • Adrian Lamo — Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.
  • Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used is unknown.
  • Kevin Mitnick — Held in jail without bail for a long period of time. Inspired the Free Kevin movement. Once "the most wanted man in cyberspace," Mitnick went on to be a prolific public speaker, author, and media personality.
  • Robert Tappan Morris — In 1988 while a Cornell University graduate student was the writer of the first worm, Morris Worm, which used buffer overflows to propagate.
  • Phoenix — Leading member of Australian hacking group The Realm. Targeted US defence and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. His was the world's first computer intruder prosecution based on evidence gathered from remote computer intercept.
  • Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.
  • Brian Salcedo — Salcedo and accomplices gained access to Lowe's wireless LAN connection and installed a program designed to steal credit card account information.
  • David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.


Fictional Movies about Hackers

  • . ISBN 0370314336. {{cite book}}: Missing or empty |title= (help); Unknown parameter |Author= ignored (|author= suggested) (help); Unknown parameter |Publisher= ignored (|publisher= suggested) (help); Unknown parameter |Title= ignored (|title= suggested) (help); Unknown parameter |Year= ignored (|year= suggested) (help)
  • . ISBN 0671683225. {{cite book}}: Missing or empty |title= (help); Unknown parameter |Author= ignored (|author= suggested) (help); Unknown parameter |Publisher= ignored (|publisher= suggested) (help); Unknown parameter |Title= ignored (|title= suggested) (help); Unknown parameter |Year= ignored (|year= suggested) (help)


  • . ISBN 0684824647. {{cite book}}: Missing or empty |title= (help); Unknown parameter |Author= ignored (|author= suggested) (help); Unknown parameter |Publisher= ignored (|publisher= suggested) (help); Unknown parameter |Title= ignored (|title= suggested) (help); Unknown parameter |Year= ignored (|year= suggested) (help)
  • . ISBN 1863305955. {{cite book}}: Missing or empty |title= (help); Unknown parameter |Author= ignored (|author= suggested) (help); Unknown parameter |Publisher= ignored (|publisher= suggested) (help); Unknown parameter |Title= ignored (|title= suggested) (help); Unknown parameter |Year= ignored (|year= suggested) (help)
  • . ISBN 1741247225. {{cite book}}: Missing or empty |title= (help); Unknown parameter |Author= ignored (|author= suggested) (help); Unknown parameter |Publisher= ignored (|publisher= suggested) (help); Unknown parameter |Title= ignored (|title= suggested) (help); Unknown parameter |Year= ignored (|year= suggested) (help)

Network Security:

  • . ISBN 0072121270. {{cite book}}: Missing or empty |title= (help); Unknown parameter |Author= ignored (|author= suggested) (help); Unknown parameter |Publisher= ignored (|publisher= suggested) (help); Unknown parameter |Title= ignored (|title= suggested) (help); Unknown parameter |Year= ignored (|year= suggested) (help)

Magazines:

  • "2600: The Hacker Quarterly"
  • "Hakin9"
  • "Binary Revolution Magazine"

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Security_hacker&oldid=21188831"