Hacking in a Nutshell

Selections from a hacker's manifesto and how-to guide written by one of China's preeminent hackers, Peng Yinan.



The definition of Hacker:

•A varied and loosely jointed group


The definition of Hacker:

A varied and loosely jointed group

Expert who has “mad skillz” and verifiable “exploits”

Computer expert

Programmer who lives and breathes with a computer. He/she considers computer technology a way of life rather than a job



Hacker definition: “Black Hat”

Knowledge: vulnerabilities and exploits

Purpose: To obtain individual freedom and accessibility that are beyond privacy and safety

Behavior: Attack an online system without authorization

•Known as: Darkside Hacker, Cracker

Technique: Advanced programming technique, social engineering, etc.

Example: Kevin Mitnick



Hacker definition: “White Hat” [ethical hacker]

Knowledge: Inner details and implementation of security system

Purpose: Prevent system destruction, protect the safety of information system

Behavior: 1. Attack the system or Internet legally to prove the existence of safety vulnerabilities; 2. enter a black hat’s system for investigation

•Known as: Ethical hacker, sneaker

Technique: Necessary programming technique, cryptography, safety management, etc

Example: Tiger Team, Tsutomu Shimomura



Hacker definition: “Gray Hat”

Knowledge, purpose, and technique: between black and white or a mixture

Behavior: 1. legally or illegally attacks system, non-vicious, non-self interested; 2. publicizes the details of vulnerabilities or the programs without considering the consequences

•Known as: Defacer, Fuzzer

Example: {} and Hardbeat (apache.org hack)



Hacker’s language 2, written words

Hackerese: [e.g. Google runs on a unique combination of advanced hardware and software. The speed you experience can be attributed in part to the efficiency of our search algorithm and partly to the thousands of low-cost PCs we’ve networked together to create a superfast search engine. The heart of our software is PageRank(tm), a system for ranking Web pages developed by our founders Larry Page and Sergey Brin at Stanford University. And while we have dozens of engineers working to improve every aspect of google on a daily basis, PageRank continues to provide the basis for all of our Web search tools.]

Google’s hacker’s link



This is an excerpt from the Diamond Sutra, a Buddhist text.



Hacker’s version of the previous paragraph of Diamond Sutra

In red: Hacker’s new definition of Buddha is: challenge the existing techniques and successfully verify that their ideas are correct.



Hacker’s spirit 1: Reverse thinking I

Simple reverse thinking

Limits are false: e.g. 1. break through the limits of an argument; 2. break through the limits of the internal Internet; 3. break through the limits of authorization.

What you see is not what you get: e.g. 1. the tunnel of data; 2. the hiding Trojan Horse.



Hacker’s spirits 3: reverse thinking III

Obverse thinking:

The most simple way: 1. break the code; 2. attack the server.

Illegal is not illegal: 1. the best backdoor is the front door; 2. forge Internet identity.



The faces of hackers (4)

The list of why hackers attack, from Zone-h



The faces of hackers (6)

Domain names that were attacked



How to be a hacker:


The attitude of a hacker:


Hacker’s doctrine

Internet Hackers

1. there is no perfectly safe system in the world; 2. when a system is more complicated, it has more vulnerabilities; 3. when a system is more convenient for its users, so it is to the hackers.

All Hackers

1. Bypassing the problem is better than solving the problem; 2. when a person makes a mistake once, he/she will definitely make it twice; 3. common and mainstream point of views are usually wrong.



Social engineering: definition 1

Classical definition

New definition


Definition 2

Expanded special definition

Expanded common definition: a technique to directly or indirectly use any non-technical vulnerabilities to access the information you need


Social engineering: Classical technique 1

Direct Approach: directly ask the information you need from the targeted person

Individual forgery

1. Pretend to be a high level executive of the department and ask for information;

2. Pretend to be an employee who needs help and ask for assistance in solving an Internet problem to access the information;

3. Pretend to be the tech support who is dealing with the Internet problem in order to gain access to the needed information.



Classical technique 2

Reverse social engineering

Definition: A technique to force the targeted person to ask for assistance from the attacker.

Steps: Sabotage, Marketing, and Support

The use of email

Implement Trojan virus

Trick the receiver into sending group emails to all friends and colleagues



New techniques (1)

Phishing: an illegal website that pretends to be legal

Purpose: gaining access to the victims’s personal information

Techniques: use deceiving emails or induce the user to the false website


Definition: Phishing plus DNS cache poisoning

Steps: 1. attack DNS server, make legal URL to the attacker’s false IP; 2. use the false website on the false IP to steal victim’s personal information.



New techniques 2

Non-mutual technique

Purpose: to gain access of information without interacting with the target

Techniques: 1. use legal ways to get the information of the targeted person e.g. Dumpster diving [example from Chicago Tribune]; 2. use illegal measure to get information from those weak websites, e.g. forum users, penetrate into cooperating corporation


More from Foreign Policy

Two unidentified military vessels off Taiwan
Two unidentified military vessels off Taiwan

Beijing’s Taiwan Aggression Has Backfired in Tokyo

Military exercises have stiffened Japanese resolve.

Russian President Vladimir Putin
Russian President Vladimir Putin

How to Take Down a Tyrant

Three steps for exerting maximum economic pressure on Putin.

A Taiwanese military outpost is seen beyond anti-landing spikes along the coast in Kinmen, Taiwan, on Aug. 10.
A Taiwanese military outpost is seen beyond anti-landing spikes along the coast in Kinmen, Taiwan, on Aug. 10.

Why Doesn’t China Invade Taiwan?

Despite Beijing’s rhetoric, a full-scale invasion remains a risky endeavor—and officials think the island can be coerced into reunification.

Crosses, flowers, and photographs mark the graves of victims of the battles for Irpin and Bucha at the cemetery of Irpin, Ukraine, on May 16.
Crosses, flowers, and photographs mark the graves of victims of the battles for Irpin and Bucha at the cemetery of Irpin, Ukraine, on May 16.

Russia’s Brutal Honesty Has Destroyed the West’s Appeasers

Yet plenty of Western intellectuals and politicians still ignore what Moscow is saying loud and clear.