Hacking in a Nutshell

 

The definition of Hacker:

•A varied and loosely jointed group

•Expert who has “mad skillz” and verifiable “exploits”

•Computer expert

•Programmer who lives and breathes with a computer. He/she considers computer technology a way of life rather than a job

 

 

Hacker definition: “Black Hat”

•Knowledge: vulnerabilities and exploits

•Purpose: To obtain individual freedom and accessibility that are beyond privacy and safety

•Behavior: Attack an online system without authorization

•Known as: Darkside Hacker, Cracker

•Technique: Advanced programming technique, social engineering, etc.

•Example: Kevin Mitnick

 

 

Hacker definition: “White Hat” [ethical hacker]

•Knowledge: Inner details and implementation of security system

•Purpose: Prevent system destruction, protect the safety of information system

•Behavior: 1. Attack the system or Internet legally to prove the existence of safety vulnerabilities; 2. enter a black hat’s system for investigation

•Known as: Ethical hacker, sneaker

•Technique: Necessary programming technique, cryptography, safety management, etc

•Example: Tiger Team, Tsutomu Shimomura

 

 

Hacker definition: “Gray Hat”

•Knowledge, purpose, and technique: between black and white or a mixture

•Behavior: 1. legally or illegally attacks system, non-vicious, non-self interested; 2. publicizes the details of vulnerabilities or the programs without considering the consequences

•Known as: Defacer, Fuzzer

•Example: {} and Hardbeat (apache.org hack)

 

 

Hacker’s language 2, written words

•Hackerese: [e.g. Google runs on a unique combination of advanced hardware and software. The speed you experience can be attributed in part to the efficiency of our search algorithm and partly to the thousands of low-cost PCs we’ve networked together to create a superfast search engine. The heart of our software is PageRank(tm), a system for ranking Web pages developed by our founders Larry Page and Sergey Brin at Stanford University. And while we have dozens of engineers working to improve every aspect of google on a daily basis, PageRank continues to provide the basis for all of our Web search tools.]

•Google’s hacker’s link

 

 

This is an excerpt from the Diamond Sutra, a Buddhist text.

 

 

Hacker’s version of the previous paragraph of Diamond Sutra

In red: Hacker’s new definition of Buddha is: challenge the existing techniques and successfully verify that their ideas are correct.

 

 

Hacker’s spirit 1: Reverse thinking I

•Simple reverse thinking

Limits are false: e.g. 1. break through the limits of an argument; 2. break through the limits of the internal Internet; 3. break through the limits of authorization.

What you see is not what you get: e.g. 1. the tunnel of data; 2. the hiding Trojan Horse.

 

 

Hacker’s spirits 3: reverse thinking III

•Obverse thinking:

The most simple way: 1. break the code; 2. attack the server.

Illegal is not illegal: 1. the best backdoor is the front door; 2. forge Internet identity.

 

 

The faces of hackers (4)

•The list of why hackers attack, from Zone-h

 

 

The faces of hackers (6)

•Domain names that were attacked

 

 

How to be a hacker:

 

The attitude of a hacker:

 

Hacker’s doctrine

•Internet Hackers

1. there is no perfectly safe system in the world; 2. when a system is more complicated, it has more vulnerabilities; 3. when a system is more convenient for its users, so it is to the hackers.

•All Hackers

1. Bypassing the problem is better than solving the problem; 2. when a person makes a mistake once, he/she will definitely make it twice; 3. common and mainstream point of views are usually wrong.

 

 

Social engineering: definition 1

•Classical definition

•New definition

 

Definition 2

•Expanded special definition

•Expanded common definition: a technique to directly or indirectly use any non-technical vulnerabilities to access the information you need

 

Social engineering: Classical technique 1

•Direct Approach: directly ask the information you need from the targeted person

•Individual forgery

1. Pretend to be a high level executive of the department and ask for information;

2. Pretend to be an employee who needs help and ask for assistance in solving an Internet problem to access the information;

3. Pretend to be the tech support who is dealing with the Internet problem in order to gain access to the needed information.

 

 

Classical technique 2

•Reverse social engineering

Definition: A technique to force the targeted person to ask for assistance from the attacker.

Steps: Sabotage, Marketing, and Support

•The use of email

Implement Trojan virus

Trick the receiver into sending group emails to all friends and colleagues

 

 

New techniques (1)

•Phishing: an illegal website that pretends to be legal

Purpose: gaining access to the victims’s personal information

Techniques: use deceiving emails or induce the user to the false website

•Pharming

Definition: Phishing plus DNS cache poisoning

Steps: 1. attack DNS server, make legal URL to the attacker’s false IP; 2. use the false website on the false IP to steal victim’s personal information.

 

 

New techniques 2

•Non-mutual technique

Purpose: to gain access of information without interacting with the target

Techniques: 1. use legal ways to get the information of the targeted person e.g. Dumpster diving [example from Chicago Tribune]; 2. use illegal measure to get information from those weak websites, e.g. forum users, penetrate into cooperating corporation