Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
Hacking and Hackers
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
A hacker is a person who is knowledgeable enough about some computer system to be able to exploit that system in some way. This has both good and bad connotations. A hacker might work long hours to learn about a system, and then come up with some way to make that system do something it wasn't designed to do. Unfortunately, the more modern definition of a hacker is someone who illegally breaks into a system. Based on that description, the opposite of a hacker is a "good citizen."
Related to hacking is cracking (breaking encryption schemes), spoofing (masquerading as another user to gain access to a system), sniffing (listening to traffic on a network to gain useful information), and phreaking (illegally gaining access to phone lines). These activities are performed by internal malicious users and the underground community of pranksters, hardened criminals, industrial spies, and international terrorists who want to break into your systems for profit and pleasure. John O'Leary of the Computer Security Institute says that "the biggest problem with the hacker threat is that hacking is fun!"
It is believed that hundreds or even thousands of unemployed computer experts have begun to attack systems around the world. They are especially skilled at break-ins. In 1994, a Russian hacker cracked Citicorp's electronic funds transfer system more than 40 times and managed to transfer millions of dollars into other accounts. He was eventually arrested, but Citicorp apparently never figured out how he broke into the systems. A large British bank has reportedly been paying ransom to a hacker that has proved on several occasions that he has the power to bring down their information system.
Bill Hancock is a security analyst who has been paid to break into companies and systems in order to find their weaknesses. His exploits are outlined in the April 1996 issue of Network Security magazine (http://www.elsevier.com/locate/netsec). In one case, he showed up at the computer room with network hardware in hand. Employees helped him into the communication closet where he was able to install phone taps. In another case, he walked into a company's branch office claiming to work for the corporate office. He asked for some space where he could get work done before a plane flight. They gave him a spare office that had a live network connection. He hooked a network analyzer into the connection and monitored traffic on the network. In another case, he created a fake user ID with a "magnetic strip" made of electrical tape. Then he waited for someone to enter a secure area and entered with them as they held the door.
One of the most basic hacking techniques is portscanning, a technique that is used to discover the services being offered by a host. The hacket uses an automated program that attempts to make a connection to every one of the TCP ports available on a system. A response from any port indicates that it is active. The hacker sees active ports as doors that can be opened so that attacks can be stages. See "Ports."
Part of being a hacker, cracker, or spoofer is gaining information about a target company and its computer systems. A popular trend among hackers is to get a job as a janitor at the target site they intend to attack. While on-site, information can be collected to help in the attack, such as information stored on desktop computers or passwords left on sticky notes!
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.