T YPE OF H ACKER

Hackers come in all shapes and sizes; race, religion, and age are all valid variables.

First, we dispel some myths and establish a sound basis for outlining hacker types.

A prevalent myth regarding hackers is that they are derelicts with limited edu-cation and poor professionalism with nothing but time to wreak havoc on the unwary.

Many hackers have been known to be law-abiding citizens but with questionable ethics and a twisted sense of crime. Most of this is due to the anonymity the computer provides. A hacker may not run a red light or shoplift due to the obvious exposure and tangible and immediate reaction of the act, such as a car crash or getting caught walking out the door. Many hackers would be horrified if they had to confront their victims face to face, or witness the results of their actions. This is a critical differ-entiating factor between hackers and other forms of criminals. For example, in many cases an arsonist will start a fire to watch it destroy property with the simple intent of watching something burn. Similarly, hackers may only gain satisfaction knowing their activity is causing some form of dismay. The most basic example is people who write worms or viruses and launch them onto the Internet: the satisfaction of knowing it causes problems somewhere is pleasure enough.

Hackers rely mostly on impersonal acts and see computers as the tool. In the minds of hackers, computer systems do not physically hurt anyone. In addition, the challenge is a constant theme. There are several motives, discussed later, but all rely on a mixture of challenge and desire.

There are several types of hackers, but we can reduce this to three basic char-acteristics that we can use to categorize the enemy:

1. Script kiddies 2. Hackers 3. Über hacker S^CRIPT K^IDDIES

“Script kiddie” refers to a hacker wannabe who leverages tools created by other, more knowledgeable hackers to perform malicious acts. There are several degrees of damage that can be caused by people who fall into this category. Simply stating that they are less informed and unenlightened by the art of hacking does not imme-diately insinuate they are harmless. Script kiddies can be grouped into three areas:

unstructured, structured, and determined.

1. Unstructured. This group is better defined as pranksters or a nuisance that usually includes juvenile acts that are typically not long lasting. Attacks of this nature are usually port scans and minor attacks that fill logs. They have little or no capability of covering their tracks unless the program

they are using does it on their behalf. Recreational hackers, individuals who want to pursue and gain a limited understating of hacking because of the lure and excitement, also fall into this category. In many cases, the damage caused by recreational hackers is limited in scope but destructive nevertheless. Internal employees performing recreational hacking repre-sent the greatest threat to organizations. They may download tools in an attempt to perform a practical joke on their cubicle neighbor and unknow-ingly have an impact on critical systems.

2. Structured. The right tool in the wrong hands can have immense potential and combined with an opportunistic behavior can have measurable results.

For example, the Distributed Denial of Service attacks (DDoS) were founded on a handful of tools that were easily installed on insecure systems around the world. Trin00 (tree-no) is one of several server/client-based tools that can be used to construct a hierarchical web of systems for a synchronized attack. By installing Zombies on remote systems, a single hacker can conduct an attack from hundreds of computers simul-taneously, overwhelming even the most robust sites. The success of the DDoS attack can be attributed to the explosion of cable modems and insecure PCs residing on the Internet and a comprehensive toolset freely available on the Internet. Therefore, it is no longer simple to say that script kiddies are less of a concern when armed with comprehensive tools.

3. Determination. The persistence of an attacker certainly increases the prob-ability of success. If for nothing other than sheer luck, a determined script kiddie will get in eventually. When writing this book, I asked a close friend of mine and respected security professional, Stephen Coman, about determination. He replied,

Most of the hacking cases I have been involved with have had to do with a young script kiddy that just wouldn’t stop. This one kid in Texas used every attack he could compile until he found a vulnerable system. He nailed something like 200+ systems all over, based only on the fact that he tried everything until he found something that worked.

Admittedly, the shotgun approach is not the best tactic, but the determi-nation of script kiddies can be more of a problem for security adminis-trators than most of the accomplished hackers out there.

NOTE3: SOPHISTICATED TOOLS WILL COVER FOR THE UNSOPHISTICATED

Even though a script kiddie’s knowledge is limited, the proliferation of complex tools has reached staggering proportions. It requires very little understanding of security or hacking to combine several tools to obtain the desired results.

Sub-7 and BackOrifice (BO) are powerful packages that can be easily installed on systems over the Internet to allow unparalleled access and control. For

example, ButtPlug is a tool that embeds BO into a common file that when executed will install BO and contact the server (hacker’s system) upon comple-tion. Once this life cycle is complete, a completely unknown entity has total control over your computer and the information that it maintains. There are several delivery techniques that range from the complex to simply sending the attachment via e-mail—sooner or later someone will run the attachment.

There are several arguments on the subject of how to categorize hackers and the impacts of script kiddies. The tools are becoming much more complex, yet easy to install and use. It is analogous to giving a bazooka to a 13-year-old kid. Automated attacks were first postulated by Donn Parker, the foremost expert on computer crime, who believes that we’ll reach a point in time when you tell a computer program what you need and it will get it—covering its tracks—all this without a shred of skill.

H^ACKERS

Hackers are the next step in the evolution of an attacker and make up the majority of the people who inflict chaos. Hackers explore computers for education, the challenge, and to achieve a social status among other hackers. They work diligently to obtain resources and compete with their peers to gain recognition and power within the hacking community. There is a strong sense of power in controlling remote resources for their own use and the more systems owned, the more clout in the community.

Again, hackers of any kind are not to be underestimated. These are typically very intelligent people with exceptional skills and logic. It is the latter of the two characteristics, logic, that truly separates hackers from script kiddies. Hacker logic is processing information and forming deductions based on the refusal to accom-modate traditional thinking.

The simplest and oldest trick in the book is the Fax Trick. Take two pieces of paper, tape them end to end and start the fax machine. Once the first page is through, tape the leading edge to the back of the previous page; the result is a looping effect and an endless fax. This is an incredibly simplistic example of combining out-of-the-box thinking with technology. The goal is to make a system do what is needed by exploring all the options not previously combined.

As with any classification, there are variances in the characterization that can assist in further defining, and “hacker” as a label is no exception. There are four distinguishing faculties of the hacker: malicious, solvers, hacktivist, and vigilante.

Each of these has its own unique idiosyncrasy.

1. Malicious. Malicious hackers are people with the sole intent of causing damage, destruction, or disruption of information systems. Writers of malware fall directly into this category, as do people who gain access to sites and corrupt information. Hateful actions are usually based on some opinion of the target or desire to gain a reputation. In some cases, destruction

of systems and data is used as a tool to cover tracks or other attacks.

These types of hackers are especially worrisome because they have the skill and no conscience for the ramification of their actions.

2. Solvers. There are hackers that gain access to systems to solve a problem they or a friend may have. Many of these attacks are based on changing or removing information to rectify a situation. Examples include obtaining software or code for personal use or changing records to eliminate evi-dence of other misconduct. Solvers also hack to prove a point and rely on the concept that they hacked a site to prove an insecurity. A report in ComputerWorld in December 2000 disclosed that a university hospital in Seattle was hacked by “Kane” in the Netherlands, who obtained 5000 patient records and posted his findings, and a copy of the records to prove his point, on SecurityFocus.com. Through interviews with Kevin Poulsen, Kane expressed that he simply wanted to expose the weakness in the hospital’s network.

3. Hacktivist. There are several hacking communities that band together for a common cause. Anarchists, racists, animal rights, and environmental protection groups are examples. The sad reality is that the law-abiding establishments with similar goals suffer from the acts of their hacker counterparts. Advocacy hackers can be exceptionally dangerous to certain businesses that support or represent antagonism. Companies that perform testing on animals, mine for resources, or simply write software are targets of hackers of this type. This is an important factor for companies wishing to have an ethical hack performed on their networks. It will help determine the scope and provider of such services based on their methodology, capa-bility, and tenacity. In addition, by stating what represents the greatest threat to your business, the testers can assume the mindset of the proposed attacker.

Another aspect of hacktivism is the use of cyber assets for “positive change” or an activist agenda. As stated on thehacktivist.com:

The Hacktivist is dedicated to examining the theory and practice of hack-tivism and electronic civil disobedience while contributing to the evolution of hacktivism by promoting constructive debate, effective direct action, and creative solutions to complex problems in order to facilitate positive change.

4. Vigilantism. One aspect of hacking that you do not see on the news and in the daily paper is the vigilante groups that surreptitiously attack the Internet’s lower lifeforms, to use their terms. Child pornography is one of the darker sides of society and as with many social characteristics the Internet has amplified its availability and intensity. There are groups of extremely computer-savvy people who will do anything within their capa-bility to thwart, damage, or stop child pornography. Interestingly, this raises several questions of law and ethics. The FBI has regularly investi-gated perpetrators of computer crime only to find out their target was a ring of child pornography dealers and forced to arrest the vigilante-hacker trying to put lowlifes out of business. In most cases, vigilantes are

respected individuals in their normal surroundings, but once on the Inter-net an alternate persona takes over and the need to wage a war against the “scum of the Earth” takes over.

After the terrorist attack against the United States on September 11, 2001, hackers launched several cyber initiatives on their own. For exam-ple, the Web site for the Iranian government’s ministry of the interior, www.moi.gov.ir, was hacked in retaliation for the terrorist assaults. The presidential palace of Afghanistan, www.afghangovernment.org, was brought down for nearly a month because of endless DoS attacks against it. The FBI’s response was a statement reminding hackers that attacking Web sites and infiltrating network systems is against the law, adding Internet disruptions will only hurt America more. Moreover, law enforce-ment is concerned with vigilantes attacking systems because data used for prosecution can be lost during the attack, canceling the original intent of the vigilantes.