Go Backindex

Hacking and Hackers

an introduction

Summary

The following pages will and cannot serve as a hackers guide, for that the information is too generic. But the information below will certainly serve to inform the reader to get a general idea on the subject.

What follows is a peek at how busy hackers have been in the past 35 years.

Note to the reader: if you have any other information you want to share with us, or have any comment, please do not hesitate to contact us.mail us

Related Articles
 
  eight thesis
   
Related Resources
  Phishing
Virus
DOS attack
   

 

General

With Hacking is not meant cracking or phishing. Though in this chapter the editor will mention or describe crackers and phreakers or other cybercultural occurrences connected with this subject.

 

Definition (If there is a proper definition at all)

Though we often associate Hacking with criminal activities. Hacking does not always mean breaking into computers.

There are different definitions:

Originally Hacking had nothing to do with breaking into one another's computers. It was primarily tinkering away with hardware to make things work. And this strain of hackers are still out there in multitude!

Hacking can also be done to perform reverse engineering of software whereof the source code is lost. Mostly done with legacy or so called "Ben Hur" (old) systems

Hacking also can be cracking a code (Enigma code during WWII, modern spies deciphering secret messages, or just for the fun of the intellectual challenge!)

But, for the general public at least, in the last few decades tinkering away with hardware became equivalent to: gain unauthorized access to a computer. This is how the press and official and may be not so official bodies wants us to believe.

...Or cracking the security coding of satellite TV or copy protection of data media like dongles, CD's, floppies, DVD's etc. This is often called cracking and the person doing that is mostly called a cracker. Mostly activities in that aspect are illegal.

Any more definitions, oh yes. Hacking or Cracking is merely a human trait that is triggered and inherent to our being: our unbridled curiosity. Hide something and you're bound to find someone that wants to find out. Make some complicated machinery or other gadget and someone will find a way to reverse engineer it. Nothing malicious too that. But it is the use you make of your gained knowledge that makes it sometimes illegal.

The players:

Government and their enforcement, hackers, companies, security organizations, highly skilled (software) engineers

As authorities and contra's see it

  • Disrupting telecommunications by entering computerized telephone switches and changing the routing on the circuits of the computerized switches.
  • Stealing proprietary computer source code and information from companies and individuals that owned the code and information.
  • Stealing and modifying credit information on individuals maintained in credit bureau computers.
  • Fraudulently obtaining money and property from companies by altering the computerized information used by the companies.
  • Disseminating information with respect to their methods of attacking computers to other computer hackers in an effort to avoid the focus of law enforcement agencies and telecommunication security experts.

Now, there are always two sides of the story

As hackers see it

  • Safe a company by reverse engineering their software of which the code is lost
  • See if you can get it to work, or find out how it works out of pure curiosity or to improve the product
  • The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources wherever possible.
  • motto: 'Freedom of Information contra security by obscurity
  • Disseminating information to other computer hackers in an effort to make the system safer and put focus of law enforcement agencies and telecommunication security experts to the systems flaws
  • The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.
  • Using telecommunications for free by entering computerized telephone switches and changing the routing on the circuits of the computerized switches.
  • Studying computer source code and information from companies and individuals that are having security leaks in their systems and software.
  • Redistributing money and credit information maintained in credit bureau computers.
  • Obtaining money and property from companies by altering the computerized information used by the companies.

Both of these opinions are widely accepted , but by no means universally, among all parties involved. Most hackers subscribe to the hacker ethic, and many act on it by writing and giving away free software. A few go further and assert that *all* information should be free and *any* proprietary control of it is bad. By the way in some respects this philosophy is also part of the philosophy behind the GNU project.

Here is another view:

Crackers (hackers), whom are mostly depicted as criminals by official bodies, have less problems with ethical considerations. They often operate on the edge of the law or beyond. In their view the law is but a contemporary set of unwieldy rules not intended for hackers or crackers and reflected upon as a nuisance for the free creative mind.

More controversial:

Some people consider the act of cracking itself to be unethical, like breaking and entering. But the belief that 'ethical' cracking excludes destruction at least moderates the behavior of people who see themselves as 'benign' crackers. On this view, it may be one of the highest forms of hackerly courtesy to:

    1. Break into a system,
    2. and then explain to the sysop, preferably by e-mail from a superuser account, exactly how it was done and how the hole can be plugged -- acting as an unpaid (and unsolicited) "tiger" team.

The most reliable manifestation of either version of the hacker ethic is that almost all hackers are actively willing to share technical tricks, knowledge, software, and (where possible) computing resources with other hackers. And to remind you: huge cooperative networks such as Usenet, FidoNet and Internet can function without central control because of this trait. They both rely on and reinforce a sense of community that may be hackerdom's most valuable asset.

 

Hacking a computer system

A few requisites

Surprisingly enough there is no distinct profile of a hacker. He or she comes from all creeds and breeds, old or young. Some see it as a sport: 'the tinkerers'. Others just want to get to the goodies, some are spies, some are just out to destroy the system, some are even anarchists, and some are pacifists trying to save the world and not to forget some are professionals unveiling the weaknesses of a particular system. They are rich, poor, wealthy, upper or lower class, blue color or white color, smart or just lucky. Hark! Computing does not make a difference.
But, when they are pursuing it, they all WILL find a way to gain access into company, government or other computer systems.

Since not all humans are evenly smart and intelligent there are various types of hackers and methods to gain access to computers.

What would you need and need to know whilst to be or becoming a hacker that wants to hack a computer:

Now you should understand why companies want to hire a caught hacker: he or she knows it all!

Also you will understand that to be or become a fairly successful computer hacker you have to be a knowledgeable, intelligent and persistent entity. When you never want to be caught you have to be crazy and genius at the same time. And you will never read this page on hacking.

 

-o0o-

 

But to get there means doing it. And how to achieve a hack depends on the complexity of the system, the level of security, the intelligence of the hacker and above all its persistence. And a combination of all of the above.

Generalizing there are three large contingents of hackers.

The hardworking, knowledgeable and intelligent one

The hardworking persisting one

The easy ones

 

Actually to make a hack the need for hardware or software is modest. All you need is a connection to the Internet, or have a modem of various types (synchronous, asynchronous) or a connection via cable or an existing network. Plenty of time and some intelligence and luck. And to no much surprise you will be in business before you know it.

This all sounds very optimistic, but be aware that:

IT IS WAR OUT THERE !

As soon as you enter the arena the cyber-war is going to be between the guardians and you. So don't tell us you weren't warned! There are only a very few success stories. And of course economic interest grow larger by the day, companies will try to protect their products more and more aggressive, especially the music industry.

 

 

-o0o-

 

The latter years of the 1990's various government bodies established what has become known as cyber cops.

The FBI, KGB, CIA, MI5, Interpol, United Nations, various secret services of all governments, anarchistic movements, terrorists fractions, police organizations all have their special cyber forces.
Most governments are overreacting in their law making attempts to secure the networks and attached computers. Mainly because of 'what you don't know you fight'. But also: what might be expected of a politician that heard the term hacking for the first time when attending a meeting on that subject to pass a law. Just imagine, by the time the law is passed the technology has again leaped forward to make the law redundant by the time it gets approved. Or what becomes more and more the reality producers of audio visual products try to clamp down on relatively innocent attempts to circumvent copy protection schemes, some are not so innocent agreed. But again the industry is overreacting as was the case in the late 1980's. Millions of dollars were spent in protecting software but by the time the software reached the market hackers broke the code. The difference now is that the industry is trying to stamp down on the creators of anti copy protection software like dropping an atomic bomb on an anthill.

But protection schemes and the technology behind it becomes much more complicated every day. It is therefore no wonder that corporations and other agencies turn to specialized persons or businesses that specialize in that type of security. From the end of the 20th century that industry is booming: cyber security. There is little to tell about these companies of organizations. For obvious reasons: there is little known. History has just begun.

 

-o0o-

 

Hackers Chronology(3)

1878

Less than two years after Alexander's Graham Bell's telephone system went into operation a group of unauthorized teenagers were thrown off the network.

 

1960

Early mainframes at MIT were used by 'original' hackers to develop skills and explore the potential of computing. 'Hacker' was, at that time a complimentary term for users with exceptional knowledge of computing

 

1971

picture: John Draper

 

Before the widespread use of computers and the Internet, 'phreakers' used the more prevalent playground of telephone networks. John Draper, a.k.a. Cap'n Crunch, finds a toy-whistle allows callers to circumvent billing systems for long distance calls

 

1976

'Freedom of Information contra security by obscurity'

Two homebrew computer club members Steve jobs and Steve Wozniak launch so called blue boxes which can be used to hack into phone systems.

 

1983

First arrest of hackers as FBI clamps down on 414 group after it hacked in to the Los Alamo research center

The movie war games is released, shaping public perception of hackers and glamorizing the hacker

Plovernet BBS (Bulletin Board System) was a powerful East Coast pirate board that operated in both New York and Florida.

Owned and operated by teenage hacker 'Quasi Moto', Plovernet attracted five hundred eager users. The actual Legion of Doom bulletin board was quite ahead of its time. It was one of the first "Invitation-only" hacking based BBSes; it was the first BBS with security that caused the system to remain idle until a primary password was entered; and it was the first hacking BBS to deal with many subjects in close detail, such as trashing and social engineering. This BBS was so heavily trafficked, that a major long distance company began blocking all calls to its number (516-935-2481).(7) Eric Corley ('Emmanuel Goldstein') was one-time co-sysop of Plovernet, along with 'Lex Luthor', who will found the phreaker/hacker group, Legion of Doom.(6)

 

1984

Quarterly publication 2600 (named after the frequency of John Draper's whistle) is founded, providing a platform for hackers and phreakers (phone hackers)

Two hacker groups form this year:

The Legion of Doom in the United States founded by the hacker .a.k.a. Lex Luthor to educate new generations of hackers.

And the Chaos Computer Club in Germany.

In one of the first arrests of hackers, the FBI busts the Milwaukee-based 414s (named after the local area code) after members are accused of 60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory.

Comprehensive Crime Control Act gives Secret Service jurisdiction over credit card and computer fraud.

1986

January; Legion of Doom/H member Loyd Blankenship ('The Mentor') is arrested. He publishes a now-famous treatise that comes to be known as the Hacker's Manifesto. (6)

 

The following was written shortly after my arrest...

\/\The Conscience of a Hacker/\/
by
+++The Mentor+++

Written on January 8, 1986
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me...
Or feels threatened by me...
Or thinks I'm a smart ass...
Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..."

I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals.
We explore... and you call us criminals.
We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without
religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

+++The Mentor+++

source: http://www.phrack.org/show.php?p=7&a=3 Phrack Inc. Volume One, Issue 7, Phile 3 of 10

 

1987

Seventeen year old Herbert Zinn is arrested in September after hacking AT&T's system for months. Experts say he was close to crashing the entire US phone network.(9)

First known MS-DOS virus 'Brain' is created. Investigators believe it is written by two brothers in Pakistan. It infected the boot sector of floppy disks

 

1988

(3)

Robart Morris crashes some 6000 computers across the ARPANET with his worm which he claimed is accidentally released.

CERT (Computer Emergency Response Team) is founded in response.

First anti virus software released by a code writer in Indonesia

 

1989

First known case of cyber espionage in Germany (west) allegedly the CHAOS computer club is involved.

Mentor releases the hacker manifesto Conscience of a hacker, which ends with the intriguing line: "You may stop the individual, but you can't stop us all."

 

1990

Freedom on the Internet advocacy group Electronic Frontier is launched

Sophisticated virus types such as polymorphic viruses ( which modifies themselves when they spread) and multipartite viruses (infecting multiple locations in the machine) appear.

First National Citybank of Chicago is relieved of 70 million US$ in the first acknowledged major computer bank hack.

Hacker Dark Dante, Kevin Lee Poulsen, is arrested after a 17-month search. He got hold of military secrets.

Mitnick and Shimomura lock horns

 

1993

The first Def Con hacking conference takes place in Las Vegas. The event was supposed to be a one-off-knees-up to bid good-bye to BBS's (outdated by the web), but was so popular it became an annual event.

Hackers hit US federal web sites, including the CIA, Department of Justice, NASA and the Air Force. This isn't popular with US officials. ;=)

 

1994

 

(3)
Vladimir Levin

Vladimir Levin, the legendary head of a Russian hacking ring, is believed to have masterminded a $10 million virtual holdup of Citybank. He is arrested in London a year later and extradited to the USA.

 

1995

US defense department suffers a quarter of a million hacks in one year.


Kevin Mitnick

Mitnick is arrested on suspicion of stealing 20,000 credit card numbers. He pleads guilty a year later.

(3)

The movie Hackers hits cinema screens, sparking more misconceptions about hackers' activities.

 

1998

Network Associates runs an anti-hacker advert during the Superbowl in the US. In it, two Soviet missile technicians blow up the world, unsure whether the orders came from Moscow or hackers.

Hackers claim to have cracked a military satellite system and threaten to sell secrets to terrorists

NIPC (National Infrastructure Protection Center) launched with multi million dollar funding.

Hacking group LOpht tell congress it could shut down the Internet in half an hour and calls for greater security.

 

1999

Massive year for Microsoft patches as hackers exploit Windows 1998 vulnerabilities. Birth of mainstream anti-hacking software.

 

2000

Denial of Service attacks cripple the net's biggest names.

(4)
Jon Johansen

Jon Johansen (Norway) co-authored with two other programmers who remained anonymous, a program called DeCSS and published it on the Internet.

The program decrypted DVD's so that DVD's could be run on a computer too. On Jan 23 he got arrested on the charge of hacking on to other's computers: by creating a program that enables people to watch (legally bought) DVD's on their own computers in stead of a stand alone DVD player. This time the case was not won by the Motion Picture Association because the E.U. law they were banking on was not yet implemented(8). A few years later in 2005 Jon Johanson will be acquitted by the justice department because European law explicitly allows reverse engineering when needed for interoperatibility.

 

2001

XP - 'the safest windows yet' - is cracked before launch

Benni Baermann posts his "eight thesis on liberation" on 27th of December. A statement that can be interpreted as opposition against commercial software and pro sharing of knowledge. All in the thru hackers philosophy.

 

2002

Microsoft Bill Gates launches Trustworthy computing. It soon appeared the the security leaks were as numerous as in all other Microsoft software.

ISP CloudNine was literally hacked to death because of massive DOS attacks. The company could no longer serve its customers and closed down its network. Customers are transferred to other ISP'S and the company goes broke.

 

 

-o0o-

 

Hacker movements

(Publicly known)

 

Chaos Computer Club 1989

The CCC (Chaos computer club) from Hamburg began around 1989 as a loose organization of hackers with modems.

They proved how good they were so people would be interested. They took over app. 75,000 US$ from the Hamburg's national savings bank but then they gave it all back the next day.
The Chaos Computer Club is also associated with cracking computer systems on assignment for the Russians.

Cult of the Dead Cow 1984

Quoting from their website:

Based in Lubbock, Texas, the CULT OF THE DEAD COW (cDc) is the most-accomplished and longest-running group in the computer underground. Founded in 1984 and widely considered to be the most elite people to ever walk the face of the earth, this think tank has been referred to as both "a bunch of sickos" (Geraldo Rivera) and "the sexiest group of computer hackers there ever was" (Jane Pratt, _Sassy_ and _Jane_ magazines). The cDc is a leading developer of Internet privacy and security tools, which are all free to the public. In addition, the cDc created the first electronic publication, which is still going strong.

Legion of Doom

The Legion of Doom (LOD) was an influential hacker group from the 1980s and 1990s.

It released the LOD Technical Journals. The Legion of Doom was founded by the hacker Lex Luthor to educate new generations of hackers on the Internet. The Legion of Doom split into two factions after Phiber Optik (a new member of LOD) was thrown out because of a feud with Erik Bloodaxe. Phiber Optik joined another group, the Masters of Deception as did some other former LOD members who opposed Erik Bloodaxe. The division of these two rival hacker factions led to the Great Hacker War, where both groups competed for prestige in the hacker community by gaining access to computer and telephone networks. The Legion of Doom disbanded in the early 1990s after Operation Sundevil and Operation Redux began the era of US Secret Service crackdowns on hacker groups.(5)

The group's wide ranging activities included diversion of telephone networks, copying proprietary information from companies and distributing hacking tutorials.

The group of individuals who made up the original Legion of Doom were: Lex Luthor, Karl Marx, Mark Tabas, Agrajag the Prolonged, King Blotto, Blue Archer, EBA, The Dragyn, Unknown Soldier (6)(7)

L0pht

New Hack City

Restricted Data Transmissions (RDT)

Soylent Communications

the Hasty Pastry

the Masters of Deception (MOD)

the USENIX Association

the Walnut Factory

    The editors are convinced that there are a lot more active groups and would like to hear about them!

 

-o0o-

Books on Hacking, hackers and hacker's ethic:

an annotated bibliography

The page mentioned here only give the most publicized books. There are many other books to read about Hacking, encryption, cryptography, programming, system topologies etc. There are also quite a few movies to watch on the subject(1) which are clearly overly romanticized.

-o0o-

Links

Nasbar: a collection of postinge on hacking, cracking, freaking etc

 

Go Backindex Last Update 21 March, 2010 For suggestions please mail the editors 


Footnotes & References