What is Hacking?

Username: system
Password: manager
Welcome to ABL Computer Research Lab. You have five new messages.
$

That is how easy it was to hack into a computer network. The most prominent definition of hacking is the act of gaining access without legal authorization to a computer or computer network. A hacker first attacks an easy target, and then uses it to hide his or her traces for launching attacks at more secure sites. The goal of an attack is to gain complete control of the system (so you can edit, delete, install, or execute any file in any user’s directory), often by gaining access to a "super-user" account. This will allow both maximum access and the ability to hide your presence.

Often attacks are based on software bugs that a hacker can use to give himself or herself super-user status. The example above was used by West German hacker "Pengo" who exploited the fact that many systems came with default usernames and passwords which some buyers neglected to change. He succeeded by persistence.

Also one can get a copy of the password file (which stores usernames and encrypted passwords and is often publicly accessible) and either do a brute-force attack trying all possible combinations, or encrypt a dictionary and compare the results to see if anyone chose a password that is a dictionary word. Another method of hacking is to email someone a program that either automatically runs, or that runs when they click on an attachment. This can install a program that will give you control of their computer. L0pht Heavy Industry’s Back Orifice 2000 (a crude parody of Microsoft’s Office 2000) allows someone to have nearly complete control (running programs, deleting files, viewing the screen, logging typed keys, etc.) over the target computer without being noticed. One complicated method, known as IP spoofing, is to get one computer to pretend that it is another one which is trusted by the target system, thus gaining the access privileges of the latter.

Early hackers needed to be very knowledgeable so that they were able to identify bugs themselves (a task requiring extensive knowledge about the operating system, and reading complex manuals) and often write their own programs to exploit them. They had to keep track of the leading developments in the field (latest bugs, latest patches, latest bugs in the patches, etc.). Later hackers were able to increasingly rely upon the hacking community to identify bugs and write programs that could be adapted for their specific purpose. For instance, famed hacker Kevin Mitnick used a trojan horse written by the West German Chaos Gang to gain access to hundreds of systems. As another example, it does not take much intelligence to download a copy of Back Orifice 2000 from www.bo2k.com and send a copy of the client as an attachment disguised as a game or cute program, to an unsuspecting person. In fact, Back Orifice has been downloaded over 300,000 times (Deane 1999) and received substantial computer media coverage. In Pengo’s case it is often more a matter of dedication and trying well-known recipes until one finds a place that has not fixed the bugs, than genius.

The growing number of inexperienced hackers (deridingly called "lamers" or "crackers"), due to the growth first in BBSes and then in the Internet, helps explain the antagonism between the older generation that did more of the problem-solving for themselves and the new generation that can get a quick start by running hacker programs without understanding how they work. The reaction of the older generation is to shun the newbies, thus ignoring those who might show talent as well as those who are in it just to copy tactics.