A security hacker or security researcher is someone who explores methods for breaching or bypassing defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, sabotage, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.[citation needed]

History

Bruce Sterling, author of The Hacker Crackdown

Birth of subculture and entering mainstream: 1960s–1980s

The subculture around such hackers is termed network hacker subculture, hacker scene, or computer underground. It initially developed in the context of phreaking during the 1960s and the microcomputer BBS scene of the 1980s. It is implicated with 2600: The Hacker Quarterly and the alt.2600 newsgroup.

In 1980, an article in the August issue of Psychology Today (with commentary by Philip Zimbardo) used the term "hacker" in its title: "The Hacker Papers." It was an excerpt from a Stanford Bulletin Board discussion on the addictive nature of computer use. In the 1982 film Tron, Kevin Flynn (Jeff Bridges) describes his intentions to break into ENCOM's computer system, saying "I've been doing a little hacking here." CLU is the software he uses for this. By 1983, hacking in the sense of breaking computer security had already been in use as computer jargon, but there was no public awareness about such activities. However, the release of the film WarGames that year, featuring a computer intrusion into NORAD, raised the public belief that computer security hackers (especially teenagers) could be a threat to national security. This concern became real when, in the same year, a gang of teenage hackers in Milwaukee, Wisconsin, known as The 414s, broke into computer systems throughout the United States and Canada, including those of Los Alamos National Laboratory, Sloan-Kettering Cancer Center and Security Pacific Bank. The case quickly grew media attention, and 17-year-old Neal Patrick emerged as the spokesman for the gang, including a cover story in Newsweek entitled "Beware: Hackers at play", with Patrick's photograph on the cover.

Pressured by media coverage, congressman Dan Glickman called for an investigation and began work on new laws against computer hacking. Neal Patrick testified before the U.S. House of Representatives on September 26, 1983, about the dangers of computer hacking, and six bills concerning computer crime were introduced in the House that year.

Use of the term hacker meaning computer criminal was also advanced by the title "Stalking the Wily Hacker", an article by Clifford Stoll in the May 1988 issue of the Communications of the ACM. Later that year, the release by Robert Tappan Morris, Jr. of the so-called Morris worm provoked the popular media to spread this usage. The popularity of Stoll's book The Cuckoo's Egg, published one year later, further entrenched the term in the public's consciousness.

Naming

Longstanding controversy surrounds the meaning of the term "hacker". In this controversy, computer programmers reclaim the term hacker, arguing that it refers simply to someone with an advanced understanding of computers and computer networks, and that cracker is the more appropriate term for those who break into computers, whether computer criminals (black hats) or computer security experts (white hats). A 2014 article noted that "the black-hat meaning still prevails among the general public". The subculture that has evolved around hackers is often referred to as the "computer underground".

Classifications

In computer security, a hacker is someone who focuses on the security mechanisms of computer and network systems. Hackers can include someone who endeavors to strengthen security mechanisms by exploring their weaknesses and also those who seek to access secure, unauthorized information despite security measures. Nevertheless, parts of the subculture see their aim in correcting security problems and use the word in a positive sense. White hat is the name given to ethical computer hackers, who utilize hacking in a helpful way. White hats are becoming a necessary part of the information security field.

Subgroups of the computer underground with different attitudes and motives use different terms to demarcate themselves from each other. These classifications are also used to exclude specific groups with whom they do not agree.

Cracker

Eric S. Raymond, author of The New Hacker's Dictionary, advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as a wider hacker culture, a view that Raymond has harshly rejected. Instead of a hacker/cracker dichotomy, they emphasize a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie. In contrast to Raymond, they usually reserve the term cracker for more malicious activity.

According to Ralph D. Clifford, a cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system." These subgroups may also be defined by the legal status of their activities.

White hat

A white hat hacker breaks security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client, or while working for a security company that makes security software. The term is generally synonymous with ethical hacker, and certifications, courseware, classes, and online training covering the diverse arena of ethical hacking have been developed.

Black hat

A black hat hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain". The term was coined by Richard Stallman, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration in hacker culture, or the ethos of the white hat hacker who performs hacking duties to identify places to repair or as a means of legitimate employment. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".

Grey hat

A grey hat hacker lies between a black hat and a white hat hacker, hacking for ideological reasons. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hat hackers sometimes find the defect in a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.

Script kiddie

A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using automated tools written by others (usually by other black hat hackers), hence the term script (i.e. a computer script that automates the hacking) kiddie (i.e. kid, child an individual lacking knowledge and experience, immature), usually with little understanding of the underlying concept.

Neophyte

A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.

Blue hat

A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

Hacktivist

Anarchist hacker village at a Hackers On Planet Earth (HOPE) conference, 2018

Hacktivism (or hactivism; a portmanteau of hack and activism) is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. A form of Internet activism with roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

Organized criminal gangs

Groups of hackers that carry out organized criminal activities for profit. Modern-day computer hackers have been compared to the privateers of by-gone days. These criminals hold computer systems hostage, demanding large payments from victims to restore access to their own computer systems and data. Cyber theft and ransomware attacks are now the fastest-growing crimes in the United States. Bitcoin and other cryptocurrencies facilitate the extortion of huge ransoms from large companies, hospitals and city governments with little or no chance of being caught.

Attacks

Hackers can usually be sorted into two types of attacks: mass attacks and targeted attacks. They are sorted into the groups in terms of how they choose their victims and how they act on the attacks.

A typical approach in an attack on Internet-connected system is:

  1. Network enumeration: Discovering information about the intended target.
  2. Vulnerability analysis: Identifying potential ways of attack.
  3. Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.

In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.

Security exploits

A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, cross-site scripting and cross-site request forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), PHP, SSH, Telnet and some Web pages. These are very common in Web site and Web domain hacking.

Notable intruders and criminal hackers

Notable security hackers

Customs

The computer underground has produced its own specialized slang, such as 1337speak. Writing software and performing other activities to support these views is referred to as hacktivism. Some consider illegal cracking ethically justified for these goals; a common form is website defacement. The computer underground is frequently compared to the Wild West. It is common for hackers to use aliases to conceal their identities.

Hacker groups and conventions

The computer underground is supported by regular real-world gatherings called hacker conventions or "hacker cons". These events include SummerCon (Summer), DEF CON, HoHoCon (Christmas), ShmooCon (February), Black Hat Conference, Chaos Communication Congress, AthCon, Hacker Halted, and H.O.P.E.[citation needed] Local Hackfest groups organize and compete to develop their skills to send a team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker groups became popular in the early 1980s, providing access to hacking information and resources and a place to learn from other members. Computer bulletin board systems (BBSs), such as the Utopias, provided platforms for information-sharing via dial-up modem. Hackers could also gain credibility by being affiliated with elite groups.

Consequences for malicious hacking

India

SectionOffencePunishment
65Tampering with computer source documents – Intentional concealment, destruction or alteration of source code when the computer source code is required to be kept or maintained by law for the time being in forceImprisonment up to three years, or/and with fine up to 20000 rupees
66HackingImprisonment up to three years, or/and with fine up to 50000 rupees

Netherlands

  • Article 138ab of Wetboek van Strafrecht prohibits computervredebreuk, which is defined as intruding an automated work or a part thereof with intention and against the law. Intrusion is defined as access by means of: Defeating security measures By technical means By false signals or a false cryptographic key By the use of stolen usernames and passwords.

Maximum imprisonment is one year or a fine of the fourth category.

United Kingdom

In the United Kingdom, offences relating to malicious computer hacking are defined by the Compuer Misuse Act (1990). The Act makes the following four behaviours illegal:

  • Unauthorised access to computer material, with a penalty of up to six months in prison and/or a £5000 fine.
  • Unauthorised access to computer materials with intent to commit a further crime, with a penalty of up to five years in prison and/or an unlimited fine.
  • Unauthorised modification of data, with a penalty of up to five years in prison and/or an unlimited fine.
  • Making, supplying or obtaining anything which can be used in computer misuse offences, with a penalty of up to ten years in prison and/or an unlimited fine.

United States

18U.S.C., more commonly known as the Computer Fraud and Abuse Act, prohibits unauthorized access or damage of "protected computers". "Protected computers" are defined in 18 U.S.C. as:

  • A computer exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government.
  • A computer which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

The maximum imprisonment or fine for violations of the Computer Fraud and Abuse Act depends on the severity of the violation and the offender's history of violations under the Act.

The FBI has demonstrated its ability to recover ransoms paid in cryptocurrency by victims of cybertheft.

Hacking and the media

In film and news media, hackers are often depicted as hooded figures typing in the dark.

Hacker magazines

The most notable hacker-oriented print publications are Phrack, Hakin9 and 2600: The Hacker Quarterly. While the information contained in hacker magazines and ezines was often outdated by the time they were published, they enhanced their contributors' reputations by documenting their successes.

Hackers in fiction

Hackers often show an interest in fictional cyberpunk and cyberculture literature and movies. The adoption of fictional pseudonyms, symbols, values and metaphors from these works is very common.

Books

Films

TV series

Non-fiction books

Tools

Depending on the targeted device or software, a variety of tools to assist in hacking a system are available.

  • Kali Linux - Linux-based OS and tools focusing on network penetration testing
  • Ghidra - open-source software decompiler
  • IDA Pro - proprietary software decompiler
  • SoftICE - proprietary software debugger (legacy)
  • Nmap - open-source network inspection tool

See also

Further reading

  • Samuel Chng; Han Yu Lu; Ayush Kumar; David Yau (March 2022). . Computers in Human Behavior Reports. 5. ISSN.
  • Apro, Bill; Hammond, Graeme (2005). Hackers: The Hunt for Australia's Most Infamous Computer Cracker. Rowville, Vic: Five Mile Press. ISBN1-74124-722-5.
  • Beaver, Kevin (2010). . Hoboken, NJ: Wiley Pub. ISBN978-0-7645-5784-2.
  • Conway, Richard; Cordingley, Julian (2004). Code Hacking: A Developer's Guide to Network Security. Hingham, Mass: Charles River Media. ISBN978-1-58450-314-9.
  • Freeman, David H.; Mann, Charles C. (1997). . New York: Simon & Schuster. ISBN0-684-82464-7.
  • Granville, Johanna (Winter 2003). . Australian Journal of Politics and History. 49 (1): 102–109. doi:. Archived from on October 14, 2013.
  • Gregg, Michael (2006). Certified Ethical Hacker. Indianapolis, Ind: Que Certification. ISBN978-0-7897-3531-7.
  • Hafner, Katie; Markoff, John (1991). . New York: Simon & Schuster. ISBN0-671-68322-5.
  • Harper, Allen; Harris, Shon; Ness, Jonathan (2011). (3rded.). New York: McGraw-Hill. ISBN978-0-07-174255-9.
  • McClure, Stuart; Scambray, Joel; Kurtz, George (1999). . Berkeley, Calif: Mcgraw-Hill. ISBN0-07-212127-0.
  • Russell, Ryan (2004). Stealing the Network: How to Own a Continent. Rockland, Mass: Syngress Media. ISBN978-1-931836-05-0.
  • Taylor, Paul A. (1999). Hackers: Crime in the Digital Sublime. London: Routledge. ISBN978-0-415-18072-6.

External links