History and Evolution of Hacking
According to Bruce Sterling, author of The Hacker Crackdown, the roots of the modern hacker underground can be traced back most accurately to a now-obscure hippie anarchist movement known as Yippies. Because I agree with Bruce on this ancestry, this section is paraphrased from his book with permission.
The Yippies took their name from the largely fictional Youth International Party and carried out a lively policy of surrealistic subversion and outrageous political mischief. One of the most visible Yippies was Abbie Hoffman. Sought by federal authorities, Hoffman went into hiding for seven years in Mexico, France, and the U.S. While in hiding, Hoffman continued to write and publish work with help from sympathizers in the American underground. Hoffman survived mainly through false IDs and odd jobs and eventually underwent facial plastic surgery, adopting a new identity as Barry Freed. After surrendering to authorities in 1980, Hoffman was convicted on cocaine charges and spent a year in prison.
As the glory days of the 1960s faded, so did Hoffman’s view of the world. He reportedly committed suicide in 1989, albeit under suspicious circumstances. Hoffman’s FBI file was the single largest investigation file ever opened on an individual American citizen. Hoffman was a practiced publicist who regarded broadcast media as both a playground and a weapon. He manipulated network TV and other media with various lies, rumors, impersonation scams, and other distortions, all designed to upset law enforcement officials, presidential candidates, and federal judges. I think Hoffman knew the world was watching him, but what he probably didn’t know was that he had inspired a new generation of activists who would use the popular new personal computer as an instrument against society. Thus, the hacker was born.
Hoffman’s most famous work was Steal This Book, which publicized a number of methods by which young, penniless hippies might live off the fat of the American system. Steal This Book, whose title urged readers to damage the very means of distribution that had put it into their hands, might be described as a spiritual ancestor of the computer virus.
In effect, hacking got its start in the early 1960s, about the same time the first full-fledged time-sharing systems began to appear in universities around the globe. Computer wizards back then unofficially used storage areas of the systems for their own private experiments, ranging from programming adventures to computer games. In fact, if we can define technical hacking as the mischievous manipulation of technology, then we could say that hacking began even earlier, with antics such as rewiring elevators so they traveled to the wrong floor. However, most people consider hackers part of the computer world.
Toward the end of the sixties, the first experimental networks had arrived on the scene, including the now-legendary ARPAnet. At that time, computer hackers began venturing into what is now called cyberspace — that great expanse encompassed by the networks. The early hackers were, for the most part, privileged individuals who had access to a university’s terminals and networks. But that profile changed as personal computers began to trickle into the market, along with low-speed and low-cost modems. BBSs began popping up everywhere, and users shared what they knew about breaking into computers.
In 1990, a nationwide crackdown on computer hackers was instituted, which resulted in arrests, criminal charges, at least one dramatic show-trial, several guilty pleas, and huge confiscations of data and equipment all over the U.S. The Hacker Crackdown of 1990 was larger, better organized, more deliberate, and more resolute than any previous efforts in the world of computer crime. The US Secret Service, private telephone security, and state and local law enforcement groups across the country joined forces in a determined effort to break the back of the electronic underground. It was a fascinating effort, with very mixed results.
The Hacker Crackdown of 1990 had another unprecedented effect — it spawned the creation of the Electronic Frontier Foundation (EFF), a new interest group dedicated to the establishment and preservation of electronic civil liberties. The Crackdown of 1990 created a continuing debate over electronic crime, punishment, freedom of the press, search and seizure, and ethics.
Hacker Ethics — Do They Exist?
Hacker ethics is a precarious subject. It seems contradictory that someone acting on the borderline of legality should have a set of ethics. Although most hackers insist that they do no harm and that the crackers are the lawbreakers, they do stray across the bounds of legality, often causing irreparable damage. However, hackers do have ethics, in a vague sense of the word.
The basic hacker ethic is that information should be free and that any information discovered by a hacker that may be valuable to others should be offered freely, no matter what source it comes from. This knowledge alone gives you a good idea of what you’re up against. Here are few items that most hackers profess to include in their credo:
Access to computers and any information that might teach you something about the way the world works should be totally unlimited.
All information should be free.
Don’t trust authority, and do promote decentralization.
Hackers should be judged by their abilities, not criteria such as degrees, age, race, or position.
You can create art and beauty on a computer.
Computers can change life for the better.
Some of these ideas make sense, and other parts obviously do not. We can never expect that all information in our society will become free to everyone; that much access would destroy our ability to compete. It seems that hackers lean toward a nonprivate life, in which people cannot keep anything about themselves or their activities private. This belief in itself makes them dangerous to your networks and your privileged information.
The hacker point of view has some merit, but it certainly doesn’t justify their actions. One hacker has been quoted as saying, "Few people object to the sports of clay-pigeon shooting or archery, although rifles, pistols and crossbows have no real purpose other than to kill things — and hackers have their own code of responsibility too. Real hacking is not as it is shown in the movies and on TV. The sport of hacking may involve breaches of some aspects of the law, notably theft of electricity, theft of computer time, and unlicensed usage of copyright material; however, every hacker must decide individually the morality and legality of each instance as it arises."
I agree that killing animals for sport serves little, if any purpose, other than self-gratification. On the other hand, I also believe that hackers’ unauthorized use of any type of facility also serves little purpose other than self-gratification and self-gain.
Virtual Gangs
Just as the world has gangs that roam the streets, the world also has gangs that roam our electronic networks. These virtual gangs, if you will, are as serious a threat as a kid with a handgun in a street gang. Instead of a gun, they carry knowledge and vengeance. They want to free the world’s information and prove to everyone that they cannot be stopped — a futile dream, but one that exists in the minds of virtual gang members. They are organized and thorough and have even formed worldwide associations, with regular meetings and conventions. Once such convention is the annual Ho-Ho-Con held each year near the end of the year. It may serve you well to attend one of these conferences occasionally, as federal law enforcement agencies do, just to keep up with trends and opinions.
You should understand the reality of these virtual gangs, if for no other reason than to understand that their power is in numbers. What one member may not know or have time to find out, another member will. This cooperation makes virtual gangs a more serious threat than the standalone intruder. Gangs attack and retaliate in force and in numbers, and when they do, it can quickly become a living hell on your network, with attacks coming from all different directions. On the bright side, protection against any intruder is also protection against virtual gangs.
Infamous Exploits
Various individuals and virtual gangs have perpetrated many publicized intrusions. You may recall the headlines from November 1989, when a gang crashed the computers at one of New York’s public television stations, WNET, leaving the message, "Happy Thanksgiving you turkeys, from all of us...." Needless to say, that stunt caused quite an uproar and spawned numerous debates, leading the U.S. Congress to seek action to stop such shenanigans.
More recently, a young phone phreak and computer outlaw, Kevin M., made world headlines when he tapped the phones of the FBI agents assigned to catch him during a two-year manhunt. Kevin was finally caught in February 1995 after his foolish yet successful Internet attack on one of the foremost computer security experts, Tsutomu Shimomura. That attack provoked Tsutomu into a full-time search for Kevin. John Markoff, who had followed the story since profiling the hacker for the 1992 book Cyberpunk, reported the eight-week cyberhunt in The New York Times . Kevin, who grew up a shy loner in the Los Angeles suburb of Sepulveda, had gained notoriety earlier in his life by successfully breaking into MCI, the Manhattan phone system, and a NORAD defense computer system, foreshadowing the 1983 hacker film War Games.
Internet crackers recently infiltrated the Justice Department’s home page, altering the official Web site to include swastikas, obscene pictures, and criticism of the Communications Decency Act. The official Web site, which was turned off by government officials when the intrusion was discovered, was changed to read "United States Department of Injustice," next to a red, black, and white flag bearing a swastika. The page included color pictures of George Washington, Adolf Hitler, and a topless photo of Jennifer Aniston. You can see a copy of the page as the crackers altered it at http://www.darkening.com/ museum/museum/gallery/doj.
Law enforcement officials also recently charged a 21-year-old Argentinian with using the Internet to break into computer networks at DoD installations, NASA, Los Alamos National Laboratory, and several universities. The Justice Department is now seeking another man who is believed to have accessed confidential research files on aircraft design, radar technology, and satellite engineering.
Computer experts at Cambridge University are using the Internet to hunt for a hacker who breached their security systems to access some of the world’s most sensitive research information. The authorities have no indication whether the hacker deleted or altered files, although it is possible. The intruder may have viewed or copied files belonging to world-renowned research scientists, giving the hacker an insight into commercially and academically sensitive material. The hacker used a sniffer, which sat silently within the computer system for four weeks, monitoring its activities. With the sniffer, the hacker could have compiled the passwords to give him unhindered access to every computer on the university’s network.
Hundreds of cases similar to these go unreported or undetected. These few exploits are only the tip of the iceberg. The best of the best never get caught or detected at all.
Intruder Hangouts
Potential intruders have a number of well-known hangouts on the Internet. You should visit these sites periodically to keep up with the trends and movements. At the very least, you’ll gain lots of insight into their methods and antics, which will give you a better understanding of the potential risks for your network.
A word of caution before you surf these sites: Be sure you check your security settings on your Web browser, making certain you’ve turned off all forms of Java and ActiveX. You need to ensure your visit to a hacker hangout doesn’t turn out to be a reverse attack on your computer system during your visit, because sometimes these sites have malicious programs embedded in the Web pages that a user may never know about.
Web Sites
You should monitor these Web sites for new information:
Phrack — http://www.fc.net/phrack. This site is an age-old publication for hacking, cracking, and phreaking information that dates from the early 1980s.
National Hacker Association — http://junior.apk.net/~matto/index.html. This organization publishes monthly newsletters that offer information on the wide world of hacking. It’s well worth the effort to join their mailing list and Web site.
2600 Magazine — http://www.2600.com. The 2600 club is named after the 2600 Mhz tone that, once upon a time, gave you control over a regional Bell company’s trunk groups; at that point, you had complete control over that portion of the phone network. Monitoring this group will help you minimize fraudulent use of your phone systems.
L0pht Heavy Industries — http://www.l0pht.com. This site offers hard-to-find files from the computer underground and beyond. It also contains security advisories.
Hackers Layer — http://www.cris.com/~lordsome/index.shtml. This Web site is an exhaustive resource of files, program cracks, hacking information, and links to other well-known Web sites hackers use.
CERT — http://www.cert.org. The Computer Emergency Response Team runs this Web site. CERT typically watches for all new security threats as they become known and posts warnings and suggested solutions.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What? This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions
What Would You Do If You Ran Microsoft? ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.
Maximize Your SharePoint Investment This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.
Windows IT Pro
Register
