Coming Soon to a Computer Near You!
Watch! As they perform their evil deeds!
Thrill! To the crimes committed!
Gasp! At their rationalizations!
Diabolical intruders are pounding at the gates of all computers, employing techniques both primitive and hyper-tech (and even occult) in their unslaked thirst for other people's information. This is the prevailing media image of "hackers" -- those ne'er-do-wells who trespass (jaywalk?) on the "Information Highway."®
If you'd like a more realistic view of computer hackers, and how they practice their arcane arts, I'd like to recommend a book to you. Namely, "Secrets of a Super Hacker" (Dennis Fiery, Loompanics Unlimited, POB 1197, Port Townsend WA., 88368; ISBN 1-55950-106-5, 1994; $19.95; 205 pages) by “The Knightmare” provides a good look at the basic tools -- both ideological and technical -- of a hacker.
In the modern world secrets are still protected by walls and metal locks, but now there are also electronic safeguards as well. Most of the modern bureaucratic state and much of the corporate world could not function without information -- electronic dossiers, reports, balance sheets, inventories, etc.. Indeed, the very systems that are basic to electronic communication are themselves dependent upon information (e.g. billing data, links between systems and protocols for exchanging information, switching and routing information). All of this data is protected by several layers of security -- ignorance (if no one knows the information exists nobody will look for it), walls and locks, access codes, passwords and so on.
Inevitably this mountain of data attracts interest -- some of it not sanctioned by the owners of said information. There are many reasons why people try to get into such computer systems -- revenge, corporate/governmental espionage, theft of services or goods, investigations by agencies or individuals, as well as the old stand-by, curiosity. And as the cliché tells us, curiosity killed the felix domesticus. (Curiosity is currently either a misdemeanor or a felony, butnot yet a capital offense.) The popular media image of the hacker as vicious kaot and wrecker is one definition of that curiosity, but there are others. In the introduction to “Secrets,” Gareth Branwyn sketches the various popular images of the hacker (Independent Scientist, Cowboy, Terrorist, Hero, etc.) and how they do -- and don't -- fit reality. After this short discourse, The Knightmare takes us into the hacker's world.
The first section, "Before The Hack," covers a lot of the basics including the motivations of hackers. There is a serviceable introduction to the basics of computers for neophytes, and a brief history of hacking from the early days of the "Youth International Party Line" (YIPL) and *phrack* up to the present. He then shows some basic methods for researching a target, ranging from the standard perusal of garbage ("dumpster-diving") to more technical methods of trying to read damaged and discarded floppy disks. (People worried about government agents obtaining data from disks might pay heed to this section.) The Knightmare discusses the basics of passwords and computer accounts, and some of the different schemes used to try to protect computer systems. Some appendices have related material on common default accounts (an account on a computer is basically an identity on that machine which allows for certain levels of access) and two lengthy lists of common passwords.
The best chapters are on the most reliable methods of gaining access to computers -- "social engineering." Although some information can be gleaned from public sources and documentation, much that is of interest to the unauthorized interloper is not openly publicized. Social engineering is the term applied to the gentle art of coaxing such tidbits out of their possessors. This is probably the most successful strategy for gaining entry, and The Knightmare does a good job of explaining how to persuade people you've never met to tell you things about their computers and/or companies; he even provides some simple role-playing scenarios for practice. The basic idea is simple: make the person you are talking with believe that you are a legitimate user of the system. Being able to mention people and procedures that are known helps establish a familiarity as well as authenticating you. Although many companies try to remind employees not to hand out any information to people that they don't know, the course of daily business in a large company often involves taking others (even unknown people) at face value. As with more ordinary computer security measures (strict permissions about who can run which programs, or see data, etc.), the tighter the guard, the more constraining it is. If it becomes too much of a restraint, people will begin to circumvent the security measures so they can get their jobs done; this can leave the company less well protected than it was in the first place. With the more obvious security holes in computers plugged, this technique continues to strike fear into the hearts of computer security people everywhere.
The Knightmare also looks at the more difficult -- and more useful -- technique of "reverse social engineering," in which you persuade your target to call you when they develop a problem with their system. Examples might include posting business cards with your "company" name and phone number, perhaps along with a (possibly forged) note recommending your services. Because they call you, they are much more likely to entrust you with information they might otherwise balk at handing out (such as passwords). Of course, if they never have a problem they won't call, so this technique requires either great patience or active intervention. He has a list of five general categories of such non-permanent sabotage (e.g. setting obscure switches on a terminal or modem to keep it from working normally; changing certain parameters that most users don't know about, or installing lots of (non-destructive) programs into the computer's memory so it slows down or won't run other programs). This is paired with a warning -- in keeping with the hacker ethic of not doing damage to a computer -- that these measures mustn't be truly harmful. As with its cousin, reverse social engineering strikes at the trust and confidence co-workers have for each other.
He also discusses more traditional methods of computer intrusion, including guessing passwords (what are the subject's interests, etc.) and brute force approaches to getting passwords. He discusses several methods of purloining accounts, such as those issued by computer science classes to enrolled students. Although often limited in what they can do, they can provide a starting point for a more determined attempt at getting the hacker's grail -- the password for the "root" or "superuser" account which allows one unlimited control over the machine's operations. Other chapters discuss the use of programs ("Trojan horses") which deceive the innocent user into parting with his/her account name and passwords. Although there are many variants, they all involve presenting a screen which looks exactly the screen a user usually sees when logging onto a computer; hopefully any differences in behavior will not be noted, or won't be noticed until it's too late. Such methods can be used in both public (bulletin board systems -- BBSs -- or computers for general use in a school or company) and private computers. There's also a section on setting up a fake BBS that collects passwords from known persons. This depends on a known foible of computer users -- they tend to use the same password on all the computer systems they work with. Hence, if one of these people has an account on a computer that the hacker is interested in, the chance that the password will work on both machines is quite high. BBSs are targets of hacking as well. Among other tidbits to be gleaned might be the spoor of other hackers, either through finding their tools on site (such as a Trojan horse) or by finding underground BBSs for/by hackers. He makes some good points of etiquette on such boards. He also has some points about running one's own BBS.
Another chapter covers the basics of what to do while inside a site (or a computer) and copious hints on ways of getting out of limited user accounts into more interesting sections of a computer. A good starting point is to learn the basic commands for that type of computer and to exploit known problems with certain types of software. He keeps these sections moving by not burdening the reader with lots of jargon or technical procedures, which keeps these sections moving. The tradeoff is that he doesn't usually give concrete examples. (This is mitigated by a list of common commands for major operating systems in an appendix.) There is an interesting section on getting purloined information from where it’s captured to your own machine. For instance, when a Trojan horse is employed, it collects account names and passwords. You could just send it by electronic mail to yourself (assuming that the target machine can communicate with other computers), but this is similar to breaking into an office, photocopying documents, putting them in an envelope and leaving it the office's outgoing mail; great if it works, but if anybody notices you've given away your identity. Several different approaches are outlined, including hiding or disguising files, transmitting short messages one bit at a time and other tricks of the trade.
An entire section of the book is about how not to get caught even if you are detected. There are tips on using portable computers (almost mandatory for the modern hacker), a discussion of the types of laws that apply to hacking (ranging from trespass to larceny to criminal conspiracy) and his version of the hacker ethic (never harm or alter any computer system, don't profit unfairly, inform system managers about their vulnerabilities, etc.). He gives an example of himself at work, having been invited by the director of a library to try to hack the new computer system. He illustrates how the various techniques shown in the book help him to break into the system, and how his actions reflected his ethics.
There are some omissions -- The Knightmare doesn't discuss sophisticated systems, such as the network of computer networks known as The Internet, or such arcane approaches to hacking as using devices called "sniffers" which show data as it is transmitted, nor does he consider more sophisticated protection schemes used to verify that both parties are in fact who they purport to be. He does a good job on the basics (which are probably more than your average computer security type would like you to know). It's unlikely that law enforcement people will be amused/diverted by any claim of ethics by hackers, nor are all hackers likely to share such beliefs. Still, The Knightmare may help to de-demonize the mythical hacker, and wise people up to the biggest vulnerability in any system -- its users.
3½ . Recommended reading for the curious, the wanna-bes, the watchdogs, and all who want to know about the real activities of a hacker.