Friday, March 1, 2013

A Brief Primer: Hackers and Hacking

Hacking is a serious problem that should be taken more seriously. This primer should help the technological beginner understand many of the issues.

Note that there are two definitions of hacking:

  1. Informal engineering
  2. Software based attacks on computing resources, usually using network infrastructures
This article concerns definition #2

Script Kiddies at Play

Much hacking has been the domain the domain of so called script kiddies. These mischief makers often have minimal technical skills. Instead they use freely available tools to break into poorly administered websites. They are not terribly organized, malicious, or dangerous.

Hacking Inspired by the Godfather

Criminal organizations hack for profit. Often they steal financial data, send spam, or commit click fraud (automatically click ads into order to earn ad revenue). They use malware such as viruses, worms, and trojans to hijack consumer PCs. Once they gain control of a PC, these groups link the machine up to a botnet, a group of hijacked machines that coordinate. These botnets usually consiste of more easily hijacked windows machines, but are often led by higher-powered hijacked Linux machines. Another technique criminals use is phishing, deliberately misleading someone into giving away their user name and password. Usually, this is done by presenting the user with an email or webpage that appears to be from a reputable online bank, retailer, or service provider. When the user enters their password, the criminal stores it and exploits the user later. This technique can lead to illegal credit charges, bank transfers, and even identity theft. Sometimes the thieves use social engineering or active impersonation to deceive users (over the phone or in person). Estimates of the cost of these cyber-crimes range from the low billions to $1 trillion. The true cost is probably somewhere in between.

Hacking Inspired by MLK, Ghandi, and Mandela

Hacktivists constitute another category of hackers. These collectives view hacking as a form of non-violent social or political protest. Anonymous is by far the best organized, most famous, and most capable such collective. One of the most common techniques used by Anonymous and other hacktivist organizations is the distributed denial of service attack. This form of attack sends so many requests to a server, that the server cannot handle legitimate requests. Many hacktivists have argued that DDoS attacks are legal. Another common hacktivist strategy is to steal data or hijack a website in order to humiliate its target. One of the most dramatic hacktivist actions occurred on live television. Anonymous announced that it hacked the infamous Westboro Baptist Church while the organizations' representative debated live on air.

Hacking as Patriotism

Recently, there have been many controversial reports regarding state sponsored hacking. Although not 100% confirmed (approximately 99.99% confirmed), these hacking incidents are particularly scary for two reasons:

  1. Nation states have an order of magnitude more hacking resources
  2. Nation states may attack enemy's critical infrastructure

More on state sponsored hacking upcoming.

No comments:

Post a Comment