Hacking
So what is a hacker? There are two definitions that are widely used. The first is a skilled computer expert that uses their tech knowledge to overcome a problem. The second is a person that uses bugs or exploits to break into computer systems.
If you consume a lot of media, you probably think of hackers using the latter definition, people who use bugs and exploits to break into computer systems. Within this definition, there are two types of hackers: white hats and black hats. White hats are security experts and get paid to test for vulnerabilities by the organization either as an employee or consultant. Black hats are engaging in illegal activities. There are also hackers that would refer to themselves as a gray hat. These are hackers that dabble in both worlds, hacking without permission but trying to remain somewhat ethical.
The first definition of a hacker is the original definition. The Tech Model Railroad Club (TMRC) was started at MIT in 1946. It was a group of clubs, including people interested in building and painting replicas of trains. One of those groups was the Signals and Power Subcommittee. This group created circuits that made the trains run. This is the group that popularized the term hacker and eventually moved on to computers and programming.
Many of the early members of TMRC are famous for their contributions to their specific fields.
John McCarthy is one of the founders of the discipline of Artificial Intelligence.
Jack Dennis was one of the founders of the Multics project which influenced the design of many other operating systems, including Unix.
Alan Kotok wrote the first chess-playing program with classmates.
Richard Greenblatt was one of the main designers of Lisp Machine at MIT. Lisp is a programming language for Artificial Intelligence.
Peter Samson wrote the Harmony Compiler which encoded music for the PDP-1.
Steve Russell created Spacewar, one of the earliest video games. He also mentored Bill Gates and Paul Allen on the use of the DEC PDP-10 mainframe.
In the spirit of TMRC, there are many artists that use technology and refer to themselves as hackers. An artist isn’t worried too much about efficiency or optimization when using a computer programming language, they’re more interested in seeing how they can use computers to express themselves.
Scott Draves is the creator of Electric Sheep and the flame algorithm. It’s a distributed computing project for animating and evolving fractal flames which are in turn distributed to networked computers and displayed as a screensaver. It was released in 1999 as open source software and later ported to Adobe After Effects. You’ve probably seen its output in various mediums as it’s widely used to generate interesting images.
For artists, free and open source software is important. Think of a fine artist. Art supplies can get expensive, but it doesn’t cost much to get started. If an artist using a computer had to not only buy a computer, but pay exorbitant amounts of money for each piece of software they used, and each library they included in their code, the only computer artists would be ones that had the privilege of wealth before they even started. This is true for me, my parents spent around $2000 to buy me my first computer as a teenager in the 1990s. That’s an enormous privilege. And that’s just for hardware.
Adobe Photoshop is expensive, but there is an open source alternative called GIMP that’s completely free. JetBrains is a programming environment that requires an annual subscription, but the programming language Java and its compiler are open source and free to use.
There is a difference between free software and open source software. Free software is an ethical imperative and essential respect for the users’ freedom. Open source software is only concerned with making software better in a practical sense. There is a place for both, as well as commercial software.
Let’s ponder Geert Lovink for a second.
“Software does not result in a creed or a set of dogmas, but in a social order.”
If you are making a product that enables creativity and expression, what should your business model be? An equitable society would strive to make products that are free or extremely low cost to allow anyone to use them.
Have you ever thought about the expensive software that is provided to you for free as a college student? When I was an undergraduate, the Microsoft Office Suite retailed for a few hundred dollars. As a student, I could buy a copy for $5. What was Microsoft’s strategy?
Microsoft wanted students to graduate from college with a reliance on Microsoft Office. When students leave college and are employed by a corporation with a lot of money, the corporation buys the expensive software for them. As time goes on, the entire company begins to rely on Microsoft products. What a wonderful way to reap profits and have a leg up on the competition, right?
How many jobs require knowledge of Microsoft Office?
How many people that choose not to go to college face a financial burden in learning required software?
And why do colleges and universities play this game with corporations?
I’m fairly certain that many black hat hackers see themselves as outlaws. While outlaw is one way of saying criminal, it also evokes an edge culture. I’m not going to dive into old world piracy, but the takeaway for me is that inside that outlaw culture, things look different.
Operation Payback was launched by Anonymous as an act of hacktivism. The initial targets were involved in anti-piracy and digital rights (British Recorded Music Industry, International Federation of Phonographic Industry). Then they shifted to sites that wouldn’t process donations for the Wau Holland Foundation, which was raising funds for WikiLeaks. They also attacked PayPal, Mastercard and Visa.
The interesting thing is that during this time, Anonymous let anyone download software to become a part of a botnet. In this regard, they weren’t infecting computers to become a part of their botnet. People joined willingly. So what were they doing?
Operation Payback was a distributed denial of service attack. In a Denial of Service attack, the attacker tries to make a machine or part of the network unavailable. It’s usually done by repeatedly requesting a simple task from the target with a really simple request such as asking a server if they’re awake. If you do this enough, it will break the server.
If a network administrator notices that a client is trying to attack them, they will block that computer’s address from accessing their network. In order to get around this, a distributed denial of service attack uses a large group of computers to all ask one server if it’s awake. This way, the network administrator’s attempts to ban a computer from their network is less effective. It’s a death from a million tiny cuts.
Anonymous releases hacking tools for anyone to use. The tool used in Operation Payback is called Low Orbit Ion Canon. It wasn’t developed by Anonymous, but they have developed a whole suite of hacking tools for would-be hackers to use. So if you want to start hacking, that’s one place to start.
A word to the wise, there’s a term for people that just use the tools but could never make them, and that’s a script kiddie. If someone calls you that, they’re not being nice.
Kevin Mitnick is a famous hacker known for his social engineering tactics. He claims that he solely gained passwords and codes through deception and never used software programs or hacking tools. He spent almost 5 years in prison for his crimes.
He now runs a security firm and gets paid for his services as a white hat hacker.
Some hackers just manipulate people into doing something or divulging information. Phishing is rampant today. It involves sending emails that appear to be legitimate requesting verification of information or dire consequences. Sometimes there is a request to click on a malicious link.
DoS attacks and phishing are low hanging fruit in the hacking world. Anyone can do it. Packet sniffing is a bit more complicated. We talked about packet switching, which entails sending packets of data through the internet. Sniffing those packets is trying to figure out where and how those things are being sent. Sometimes that alone can be enough to break into a system.
Thanks to Grace Hopper, we compile code. It saves us time, energy and resources. Compiled programs can be disassembled though. For you and me, this decompiled code might look a bit esoteric, but for someone that knows what they’re looking for, it can be quite useful.
Many commercial software products require a license key or authentication from a server. By disassembling software, it can be recompiled to look at another server, or take anything for a license number.
I’m going to go out on a limb and say that at one point in your life on the internet so far, you’ve probably run across malware. You were probably trying to download expensive software for free or perhaps you were trying to find something... arousing.
Hot tip, don’t click on the boner pills ad. When you click on a link that contains malware, there’s a reason your computer runs slow. It isn’t because the attacker wants you to buy a faster computer. They’re just using your computer, either to stage attacks on other machines or sending your data to someone. The sluggishness is a byproduct of the attack.
Scripts that run on websites can come from various sources. While you may have typed in www.dankmemes.com, the page could easily be loading something from www.evildarkhats.net that is able to run on your computer. There’s nothing illegal about one website requesting code from another site. Ad networks do this all the time. The trouble starts when either the third party site is acting in bad faith or that site itself has been hacked. A cross site injection attack is when the attacker injects client side code into the webpage you’re viewing so that it runs a program on your computer.
Phreaking, with a P-H, is the term for hacking phones. Not the smart phones of today, but the rotary phones of yesterday. Phreaking started in the late 1950s. People listened to the pattern of tones and read obscure technical documents, trying to find ways to exploit phones. For example, you used to be able to dial 1-1-4 on any phone and it would tell you the number for that phone.
Until 1984 long distance telephone calls were a premium item. Even in the late 90s, calling a zone in your same area code on the other side of town, you would be charged extra fees on your phone bill.
John Draper, known as Captain Crunch is a legendary phone phreak. He figured out that a Cap’n Crunch whistle packaged in boxes of cereal emitted a tone at precisely 2600 hertz. That frequency is what AT&T used to indicate that the line was available for a new call.
Thus, blowing a cap’n crunch whistle into the phone could get you a free long distance call.
What I’ve covered today is well known by many people. The media has published quite a lot about notorious hackers. Authors have written books about the people involved in the creation of the internet and often exalt the individual. This isn’t the full story.
Each individual that’s written about is part of a community. Traditionally, communities pop up through physical proximity. Within academic circles, we have conferences and journals that allow members to share their research and connect with each other. The internet and technologies like bulletin board systems allowed new kinds of communities to flourish. How do those communities grow? What do they look like? That’s for another time.