Hackers: misplaced definition and social hacking

Definition of Hacking seems to be extremely misplaced: quite general computer knowledge or even social activity is widely being presented or perceived as hacking. To me, and I’m sure to many, it seems as if I’m able to accomplish task using a computer not on a pre-defined scenario, first thing that comes to mind of observer(s) is to ask whether I am a hacker.

Let’s establish a baseline. First, let’s separate 2 groups: white hat hackers and black hat hackers. White hat hackers are hired or freelance contractors, who assess vulnerabilities of networks and computers, documenting their efforts, and reporting findings in order to improve security of the infrastructure in question. Black hat hackers are hacking infrastructures in order to obtain access to information either for financial gain, disruption or fun.

Hacking is closely tied with MIT, and early hacks where rather pranks. One of the most known hacks was carried out on one of the favorite sites of hacks “Great Dome”, Building 10. In May of 1994 hackers created what might just become one of the most famous Dome hacks of all time, by placing MIT Campus Police cruiser on top of the building. Picture source.

MIT Car hack

Top 3 Black Hat hackers in history

One of the most known Black Hat hackers is Kevin Mitnick. Kevin’s hacking spree lasted over 2,5 years. Among his most notorious hacks are breakins in IBM, Motorola, crowned by access to the National Defence Warning System. Interestingly, Kevin prefered to be refered to as “social engineer”, instead of “hacker”. Social engineering became a mainstream among hacking methods.

Second most known hacker was Vladimir Levin. In 1994 Vladimir managed to hack into accounts of Citibank from his apartment in St. Petersburg, Russia using a lousy dial-up connection and an outdated computer. According to press, Vladimir accessed accounts of large corporations, and transferred funds to accounts set up in Finland, United States, Netherlands, Germany and Israel. Many refer to him as “genious”.

Third place in the history of hacking undisputedly goes to a duo: Matthew Bevan and Richard Pryce. In 1997, at the age of 21 and 17, Matthew and Richard broke into US Defense networks and North Korean Defence Network (not confirmed, rumored that by mistake they actually hacked South Korean Defense Network). Their intent was to escalate tensions between the 2 countries to start a war.

What does it take to be a hacker?

To demonstrate how easy it is to “Hack” without special skills – here is an example: a former employee tried to hack into my blog (this very site). Keep in mind that the person in question is a developer, way more skilled in code writing compared to me. How surprising it was to me that once I have just entered the IP address, which was registered by the firewall as origin of attack, I came onto his router’s login page. It stated the router’s make and model. A simple web search of default login and password for this model (in this case login – admin, password – admin), I was able to login to the router, see complete infrastructure of the attacker, block him from being able to access my pages and even discover that the router he used was a company property, which was stolen. Both – inability to secure his own data and the fact of the theft made me finally feel that the employee was let go by my partner for good of the company, fact which I was not entirely in agreement with.

Are you a hacker?

I don’t consider myself a hacker because in my estimate of their capabilities (both: white and black hat), my skills are incomparable limited. I frequently stress-test my own computers, company IT infrastructure, websites I run to see whether there are any vulnerabilities. If I manage to successfully hack my own infrastructure from the “outside”, to me indicates that the infrastructure is so weak that a real hacker would have a blast getting in, not that I am good in hacking.

During my student times we’ve done a lot of experiments: once the faculty restricted bandwidth to individual dorm rooms as well as set traffic limits to 500 mb/month, we figured how to generate fake device ID’s (MAC addresses), so that the server’s would reset it’s limit for our machines. We have been discovered: system administrator of the faculty came to our party and we shared this in good spirit we shared that vulnerability (to be fair to him – our limits were lifted as a “thank you”).

We have been cross-hacking our own servers, essentially computers in our rooms hosting message boards or personal pages, making raid copies of hard drives and encoding these, pranking one another with system alerts popping up on screen. On the desktop (or in root) of our computers you could find port scanners, sniffers, DDoS instruments etc. The closest I, personally, came to a definition “Hacker” was again, during my student years, around 15 years ago. I wrote a computer virus (Trojan), which was a part of a jpg image file. Once executed (opened) on a target computer, it allowed me to monitor the computer ‘s screen and system activities. Currently it would not be possible to execute – systems got much further since then, but so did the advancement of hacker’s knowledge.

My best “Hack”

The best Hack I’ve ever accomplished was rather psychological when technical: I was running my personal site at that time to post pictures, share lecture scripts and news with co-students. What I did was so simple, harmless and obvious, yet shocking, that at the first sight a person I presented it to was speechless.

I would bet that I am able to hack into any computer within of 1 minute. Pretending that I am doing something on my end, I would finally send a link or input an address in browser of the person (mypage.com/hack/) to present results: the person would instantly see contents of own hard drive. In reality, it was just a page with a frame (page within of the page), which was showing it’s own drive’s root directory. Put simply – it was not hacking: the visitor was watching own files via web browser same as if it would have been file explorer, without me or anyone else having way of accessing it from outside. Just by looking up a source of the page, which was somewhat 15 strings short (to put in perspective – the page you look at now has around 500-800 lines), anyone could figure out how primitive this “Hack” was, but I’ve seen many skilled “Hackers” shockingly starting to re-check their firewalls, antiviruses and unplugging Ethernet cables assuming they are truly hacked.

Social hacking

“Social Hacking” enabled new way for hackers to attack, leverage risks of individual members, create social and economic impact of actions driven orchestrating public trends instead of (or in connection with) profound technical knowledge.

Let’s scratch the surface on these topics. For further study, as usual, follow the links to sources I provide: I’ve read/watched them, and below is just a short extract supporting my opinion, not all the facts presented.

Anonymous group

Once thousands of masked persons hit the streets of main cities worldwide (Project Chanology) in 2008, media has widely reported that these are hackers. In reality, “Anonymous” is a simple term, commonly used online: you can identify yourself when posting a message or a post, or choose to remain anonymous. Origin of the Anonymous Group’s name goes back to a famous message board, 4chan.org, where the group members where (are) communicating and most of the posts are marked as “Anonymous”. It seems almost (and perhaps in some cases is true) as if one person is asking a question, and the very same person responds to it as all is posted under “Anonymous”.

I don’t imply that Anonymous Group has no hackers (they have proven to have quite a community of such), but simply stating that the first widely covered public event had little to do with an ability to hack, but rather with it’s social impact.

To summarize above
  1. Public perception of the definition “Hacker” is, in my opinion, very misplaced. On one hand it is putting pretty much anyone in position to claim be a hacker, on the other – still being an acronym for a person being able to do things such as launch missiles, move satellites or get into a trading system.
  2. It is apparent that “hacking” is evolving as a social skill (or an ability to create social response that enables lifting of technology barriers). Good example for that is the Anonymous Group’s “Operation: Payback is a Bitch (2010)”, which essentially was enabled by distribution of user-friendly client software, which, once executed from many computer’s at once, brought down infrastructures of PayPal, Visa, US Government institutions etc.
  3. Resulting from above point, “social hacking” creates a measurable commercial impact. Good example to refer to – back in 2012 GoDaddy, one of the world’s largest hosting companies, announced it’s support of SOPA and PIPA censorship bills, up to 82 thousand domains have been transferred by it’s customer’s to another registrars in protest, forcing GoDaddy to change it’s opinion.

Thanks for reading.

Sources:

  1. http://www.youtube.com/watch?v=FAECyLvSCHg
  2. http://en.wikipedia.org/wiki/Anonymous_(group)
  3. http://www.4chan.org/
  4. http://www.youtube.com/watch?v=vXr-2hwTk58
  5. http://www.youtube.com/watch?v=VmipxAOffwA
  6. http://godaddyboycott.org
  7. http://www.youtube.com/watch?v=kobrwhxgkgQ
  8. http://www.youtube.com/watch?v=L6Hip_eX72c
  9. http://en.wikipedia.org/wiki/Social_Hacking
Share