Hacking, Cracking, and HactivismChantel Frenette, Roxanna Shinall, & Brooke Walker
The Tech Model Railroad Club Hack definition: 1) an article or project without constructive end 2) work undertaken on bad self-advice 3) an entropy booster 4) to produce, or attempt to produce, a hack
The Hacker Ethic -Steven Levy1. Access to computers - and anything which might teach you something about the way the world works - should be unlimited and total. Always yield to the Hands-On imperative!2. All information should be free.3. Mistrust authority - promote decentralization.4. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.5. You can create art and beauty on a computer.6. Computers can change your life for the better.
John Draper aka Cap’n Crunch
History Highlights• BBSs and hacking groups emerge including Legion of Doom• War Games• Hacker magazines• CFAA• The Morris Worm• Cyberespionage• Hacker’s Manifesto
History Highlights• Operation Sundevil• Kevin Poulsen• Def Con• Kevin Mitnick• AOHell• Pentagon breakins• Denial of Service attacks• DNS Attacks
Hacking - For Good Ethical Hacking “The Best Defense Is A Good Offense.”• Performed for the sake of “enhancing the performance of a device or exposing the vulnerabilities of a security system for the benefit of the system administrator.”• Penetration Testing- analysis and probe of system for purpose of targeting flaws and weaknesses that could be hacked and exploited by a malicious hacker (Black Hat hackers). - Old/unpatched software. - Poor configuration of - Disabled or faulty security Web servers. systems.
Hacking - For Good Who are they? White Hat hackers. Computer and network experts who “possess a variety of knowledge and skills concerning the web, network and operating systems, programming, and physical security.” Abide by ethical principles which prevent them from abusing computer systems. Trusted individuals with strict confidentiality policies.
Hacking - For Good Ethical Hackers and Certifications Universal Certification Does Not Exist• The EC-Council (International Council of Electronic Commerce Consultants) has released a certification called Certified Ethical Hacker test.• Other certifications available: – OSCP-Offensive Security Certified Professional – CEPT-Certified Expert Penetration Tester – CPTE-Certified Penetration Testing Expert – CPTS-Certified Penetration Testing Specialist – ECSA-EC-Council Certified Security Analyst
Hackers - For good Who uses them?“Increasingly, companies of all types and sizes are hiring security experts to act like the enemy.” Some companies have departments dedicated to ethical hacking: • IBM • Microsoft
Hacking - For Good Where did it come from?• Ethical hacking emerged from early open source software on the internet.• Such software still exists such as Mozilla Firefox, Wikipedia, and Citizendium. “Open source is a development method for software that harnesses the power of distributed peer review and transparency of process.”
Hacktivism:• Fusion of hacking and activism.• The act of hacking or breaking into a computer system, for a politically or socially motivated purpose.• The individual who performs an act of hacktivism is said to be a hacktivist.• Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software.• The impact of computer hacking varies from simply being simply invasive and annoying to destructive.
What is Hacking?• Unauthorized use of computer and network resources.• “Hacker” originally meant a very gifted programmer.• Hacking is a felony in the US and most other countries.• When it is done by request and under a contract between an ethical hacker and an organization, it is OK!• The difference is that the ethical hacker has authorization to probe the target.• “The number of really gifted hackers in the world is very small, but there are lots of wannabes…”(-Dr. Charles C. Palmer, IBM)
DefinitionsHacker: Cracker:A person who enjoys exploring One who breaks security on a the details of programmable system. Coined ca. 1985 by systems and how to stretch hackers in defense against their capabilities, as opposed journalistic misuse of hacker. to most users, who prefer to An earlier attempt to establish learn only the minimum `worm in this sense around necessary. 1981--82 on Usenet wasOne who programs largely a failure. enthusiastically (even …though crackers often like to obsessively) or who enjoys describe themselves as programming rather than just hackers, most true hackers theorizing about programming. consider them a separate andA malicious meddler who tries to lower form of life. discover sensitive information by poking around. Hence `password hacker, `network hacker. The correct term for this sense is cracker.
Who hacks?• Hackers in Eastern Europe hacked about 1 million credit card numbers from 40 financial companies in the United States in 2003 alone.• 64% of companies suffered losses from hackers’ activities.• More serious offenders, able to cause damage to a system, are known as hackers.
Who cracks?• There are 3 groups of crackers:• Vandals: hack computer systems for destruction (deleting files).• Jokers: the most harmless; hacking systems and carrying in different sounds, noises, and visual effects.• Breakers: professional criminals commit hacking of computer systems with the purpose of money theft, industrial or commercial espionage, and thefts of expensive software.
Laws, Fines, and Penalties• Hackers, virus and worm writers could get 20 years to life in federal prison.• Anyone who uses computers to cause death or bodily harm, such as bringing down power grids or airport control centers, can get the maximum sentence.• The sentence is increased by 25% if they steal personal information.• The sentence is increased by 50% if they share the stolen information.• If posted on the Internet, sentence is doubled!
Computer Fraud and Abuse ActSummary of CFAA Compromising Confidentiality ProvisionsOffense -Sentence•Obtaining National Security Information -10 (20) years•Compromising the Confidentiality of a Computer -1 or 5•Trespassing in a Government Computer -1 (10)•Accessing a Computer to Defraud & Obtain Value -5 (10)•Knowing Transmission and Intentional Damage -10 (20 or life)•Intentional Access and Reckless Damage -5 (20)•Intentional Access and Damage -1 (10)•Trafficking in Passwords -1 (10)•Extortion Involving Threats to Damage Computer -5 (10)
Works Cited• Baase, Sara. A Gift of Fire. Upper Saddle River: Pearson, 2003.• “A Convicted Hacker Debunks Some Myths.” CNN.com. 13 Oct 2005. CNN. 3 Nov 2007. <http://www.cnn.com/2005/TECH/internet/10/07/kevin.mitnick.cnna/>.• Draper, John. “The Story so Far…” Cap’n Crunch in Cyberspace. 2005. 3 Nov 2007. <http://www.webcrunchers.com/crunch/story.html>.• Eltringham, Scott (ed.). “Prosecuting Computer Crimes.” Computer Crime & Intellectual Property Section of the United States Department of Justice. Feb 2007. United States Department of Justice. 3 Nov 2007. <http:// www.cybercrime.gov/ccmanual/index.html>.• InfoSec Institute, "Ethical Hacking and Countermeasures." Certified Ethical Hacking. EC-Council. 10 Nov 2007. <http://www.infosecinstitute.com/>.• Kreider, Aaron. “Ambiguous Definitions of Hacker: Conflicting Discourses and their Impact Upon the Possibilities of Resistance.” Campus Activism. 13 Dec 1999. Campus Activism. 3 Nov 2007. <http://www.campusactivism.org/html- resource/hackers/index.html>.• Lemos, Robert. "New laws make hacking a black-and-white choice." CNET News.com. 23 Sep 2002. CNET News. 11 Nov 2007 <http://www.news.com/ 2009-1001-958129.html?tag=fd_lede>.• McMillan, Robert. "Hackers at Microsoft?! ." Washingtonpost.com. 6 Oct 2007. PC World. 7 Nov 2007 <http://www.washingtonpost.com/wp-dyn/content/article/ 2007/10/06/AR2007100600065.html>.
Works Cited• “The National Information Infrastructure Protection Act of 1996 Legislative Analysis.” Computer Crime & Intellectual Property Section of the United States Department of Justice. 1996. United States Department of Justice. 3 Nov 2007. <http://www.cybercrime.gov/1030analysis.html>.• PCWorld.com staff. “Hacking’s History.” PCWorld.com. 2007. PC World Magazine. 3 Nov 2007. <http://www.pcworld.com/article/id,45764-page,1/article.html>.• Peterson, Craig R. "The Laws, Fines and Penalties Facing Hackers." Mainstream Security Services, LLC. 4 Nov 2007. <http://www.mainstream.net/summary/ hacker_laws_sentencing_penalties.shtml>.• ProzacOD. “Business card for Mitnick Security Consulting, LLC.” Online Image. Mitnick Security Consulting, LLC. 10 Nov 2007. <http:// www.kevinmitnick.com/>.• Raymond, Eric S. “The New Hacker’s Dictionary.” Jargon File Resources. 25 July 1996. 3 Nov 2007. <http://www.ccil.org/jargon/jargon_toc.html>.• Redfern, Chad. "What is Ethical Hacking?." PRWeb Press Release News Wire. 29 Dec 2004. PRWeb Press Release News Wire. 11 Nov 2007. <http:// www.prweb.com/releases/2004/12/prweb191822.htm>.• Sabadash, Victor. "What is Hacking?" Computer Crime Research Center. 2 Nov 2007. <http://www.crime-research.org/news/>.• Sabadash, Victor. "Who hacks? Who cracks?" Computer Crime Research Center. 2 Nov 2007. <http://www.crime-research.org/news/>.
Works Cited• Samavati, Shaheen. "More companies using ethical hackers to pose as enemy in the name of security." The Plain Dealer. 1 Oct 2007. The Plain Dealer Newspaper. 8 Nov 2007. <http://www.cleveland.com/business/plaindealer/ index.ssf?/base/other/119122827862110.xml&>.• Samson, Pete (derived). “Abridged Dictionary of the TMRC Language.” The Tech Model Railroad Club of MIT. 23 Nov 2005. Tech Model Railroad Club. 3 Nov 2007. <http://tmrc.mit.edu/dictionary.html>.• Scholes, Dan. “Kevin Mitnick: The Most Notorious Hacker.” Webster University Worldwide. Webster University. 3 Nov 2007.<http://www.webster.edu/ philosophy/~umbaugh/courses/frosh/dairy/mitnick.htm>.• Various. "Ethical Hacking." The Ethical Hacker Network. 2007. The Ethical Hacker Network. 11 Nov 2007. <http://www.ethicalhacker.net/content/category/ 1/31/3/>.• “Various.” Various dates. Online images. myoldmac.net. 10 Nov 2007. <http:// myoldmac.net/FAQ/TheBlueBox-1.htm>.• “Various.” Various dates. Online images. Amazon. 10 Nov 2007. <http:// www.amazon.com/>.• “Various.” Various dates. Online Images. Google.com. 10 Nov 2007. <https:// www.google.com>.• Various. "Welcome to Offensive-Security.com." Offensive-Security. Various dates. Offensive-Security. 11 Nov 2007. <https://www.offensive-security.com/ index.php>.• Various. “White Hat." Wikipedia. 2007. wikipedia.org. 11 Nov 2007. <http:// en.wikipedia.org/wiki/White_hat>.