Page 1 of 2

The more we explore the alternative side of life on this blog, the more we run into hacking. This writer has a fair knowledge of computers but the finer details of hacking are elusive. As recent news stories about hacks, DDoS attacks, identity theft and spying illustrate, hacking is just going to get bigger -- so we investigate it.



As a writer, I realised that my goals of increasing my own understanding of 'things in general' is not dissimilar to what a hacker does. As I mention in the About section that symbols or imagery may appear familiar and easily understood yet there are many things in the universe that are poorly understood, and one way to find out is to "hack" them.

Definition

In common vernacular "hacking" conveys a negative image of exploiting computers and abusing financial records. To those familiar with hacking, there are three different types of hacker with their own definitions: Black Hat, White Hat and "Gray" Hat (edit: I received an email to say that the hacker hats are a false construct see page two for a response to the hacker hats).Black Hat hacking is closest to the negative image the population has of hackers. A Black Hat hacker is there to exploit and abuse computer systems for profit, causing chaos, or increasing personal fame. They do not trouble themselves with ethical considerations, but do with computer systems whatever their skill allows them to.The opposite is White Hat hacking, motivated by good intentions, although we'll leave the terms "good" and "bad" vague for now.The neutral sense of the term "hacker," and the one this article is inclined to use, is exemplified by "Gray" Hat hacking. This definition is simple: the advancement of knowledge and understanding by do-it-yourself exploration. The something doesn't need to be in computing; see the following definition

7. Computers. to devise or modify (a computer program), usually skillfully.

The mindset required for hacking is that of an inquisitive mind -- a desire to learn more by taking taking something apart. I can resonate with this sort of thinking but my own skills and knowledge is in physics rather than computing. Curiosity is a trait common to philosophers, physicists, hackers, engineers, computer scientists and many more. Curiosity in hacking may lead some to commit fraud; curiosity in physics lead to the atomic bomb.

Goals



Why hack? From the definitions above the point of hacking is self-evident: learn by doing, regardless of The Rules.



Black Hats hack to exploit, perhaps for money or just to cause chaos. Gray Hats hack to understand something better and often publish their findings; the end result is increased understanding and knowledge which could be used either for 'good' or 'bad.' White Hats use the information gained to warn people / companies about security risks; they are ethical hackers.



Doing something exploitive for personal gain and at the cost of others is perhaps uncontentiously illegal. However, discovering security flaws and making people away of security threats can be a helpful and necessary activity (provided it doesn't contradict previous statement).



Security website Sophos recently complained that hacking should always be illegal, but their grounds for making it illegal are

based on Black Hat hacking. Microsoft recently changed their view towards ethical hacking; The article states "Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services. It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a big no-no with individuals facing legal action even when they were just trying to help."



No one wants their private data shared maliciously but unfortunately security companies won't find and patch all the loop holes before a 'bad' guy does. A recent news story informs us that a blogger who exposed a security risk in a banking website is under pressure to remove his website. From my understanding of the story, the blogger isn't a hacker but rather someone that is concerned about a security loophole. Instead of being praised for finding the flaw he is being harassed by the security company.



This story seems to be typical of the experience of White Hat hackers: they find loop holes in security then warn companies that flaws exist. Instead of being thanked they are automatically assumed to be an abuser: this response is most likely due to the vernacular meaning of 'hacking' which is negative.





Gary McKinnon



I'd place Gary McKinnon as a Grey Hat, I don't think he was trying to abusive or exploitative although it isn't clear that he was doing it to inform the agencies of better security measures. While the goals of the different hackers is not coherent there is a common identity of all hackers: an inquisitive mindset. The curious mind is driven to understand how something works.

2600



This community, started in 1984 by "Emmanuel Goldstein," identifies itself as a quarterly American publication that specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer "underground" and left wing, and sometimes (but not recently), anarchist issues.



The name 2600 traces its routes to phone phreaking or Blue Boxing: To a young person dabbling in the underground in the early 1980s, few concepts were as powerful, alluring, or exciting as the "Blue Box". A number of simple circuits enclosed with push buttons, it changed everything in the relationship between the Phone Company (Ma Bell) and her customers (The Peons). With the blast of a 2600hz tone down a telephone line (signifying you Meant Serious Business), you could seize the telephone trunk and gain a sort of "Administrator" access to the phone switching equipment. And since operators were unlikely to do the sort of wild experimentation that a phreak with a blue box would try, all sorts of amazing things would happen with a few button presses.

As part of my own personal research into the hacking community I looked towards the guys at 2600 (twenty-six hundred). A friend sent me their website in an email, I read the website and thought it sounded vaguely interesting but I didn't continue further. Well, I recently came across them on twitter and decided to follow them for interests sake. Since following them and the account Linux Alive I've been updated with a lot of developments in the computing/ software. The guys from 2600 post news to their twitter feed but also to their forum.

Phrack

Phrack is a magazine that provides A harmony of all hats of hacking. See the information file from their most recent magazine issue (#66):

"In the previous prophile, we had interviewed probably the most hated "black hat" hacker, and in the current prophile, the most hated "white hat" hacker. Perceived as such. But the reality is more faded and every hacker has this paradoxical identity where each side of the barrier suddenly become very familiar to the other."

I'm not going to pretend to be overly familiar with all the sites and information I present but I hope to provide information for inquisitive minds. One article that caught my attention on the Phrack site is the following from issue 64: The projection of consciousness.

This elucidates the concept of the mind being like a computer but in this article the author is suggesting methods by which you can improve your likelihood to have lucid dreaming. He suggests some things that you can do in conscious life that will help you to have lucid dreams while unconscious. A fascinating idea that has the concept of hacking at the root of it.

DefCon

The hacker conference where hackers, feds and others interested in hacking meet to discuss the latest issues. Attending this conference is likely to boost your own level of paranoia, constantly watching to see if someone is going to exploit your computer or network access. Elinor Mills of CNET has written some interesting blogs about the most recent DefCon.

The most amusing part of the conference is the Wall of Sheep . It is what happens when you don't take good care of your security at the conference. Your username and part of your password is posted to the wall of sheep for all to see. Out of curiosity, I looked up some of the twitter accounts mentioned on the wall and to my amusement they exist.

One gem of information that is worth taking away from this conference is: what operating system did they use to administer the 'most hostile network' on the planet? OpenBSD. That has my attention. 9,000 hackers, security experts and feds are all accessing the same network. One that needs to be secure and prevent hostility despite the constant attacks.

What to do with this information?