How does a hacker work? (pt. 2)

SUMMARY: Ed Wilson continues his discussion of hackers by looking at motivation.

Yesterday I looked at hackers who engage in their activities because they want to learn how things work. Today I want to look at another motivation for hacking – fun. A lot of hackers, particularly younger hackers, engage in their activities simply for the fun of it. There is an element of adventure, and the purpose is to break into a system, and to leave some sign that they have been there. Often, they have a hacker alias, and they work hard to enhance the reputation of that hacker alias.

These types of hackers are often called Script Kiddies because they do not write their own tools, and instead rely upon tools developed by others. They collect exploits that are published on the Internet via various usenet groups, or forums and they try to replicate the results achieved by others. They often pick up an advanced understanding of the ways that computers work, and especially the way that common security systems work, as they work at circumventing those common safeguards.

A few years ago, it was common to hack into a web site, and modify the default web page in some way that indicated the site had been compromised. These sorts of hacks are becoming more rare as web administrators learn how to apply security settings to prevent such attacks.

Common goals of Script Kiddies

Nowadays, the Script Kiddie is more interested in doing some of the following types of activities:

  • Obtaining free Internet access by cracking Wireless passwords
  • Obtaining free file storage by creating file shares on weakly secured systems
  • Setting up free file sharing for Movies, Music, Software, and Book files on weakly secured systems
  • Obtaining free copies of Movies, Music, Software, and E-Book files by cracking Copy-Protection put in place by the various Media companies
  • Obtaining free software by cracking the license verification protection placed on it by various software companies
  • Obtaining complete working copies of shareware software by obtaining working registration numbers that unlock the software
  • Obtaining cheat codes for various computer games (including console games such as XBOX ONE) to enable the player to gain access to advanced features of the game without having to work through all of the levels. Or to obtain massive amounts of experience points (or in game currency) to enable one to purchase upgrades for games.

These are obviously generalities, but if you are writing about a young hacker these would certainly be decent motivation and goals for your character. Pre-Teen hackers do not reprogram spy satellites, access NSA databases, or assume remote control of killer military drones. But they might very well have access to a file share that contains thousands of pirated movies (many of which have dozens of Oriental language subtitles).

Have a great day.

How does a hacker work? (pt. 1)

SUMMARY: Ed Wilson talks about ways that hackers work. Today he talks about the desire to learn how things work.

 

Today I want to talk about how hackers work. But before that, I should perhaps talk about motivation.

NOTE: In this series of articles, I am providing a high level overview of hacker activities for the purpose of providing some insight for writers. I am not going to discuss details of specific techniques, nor is my intention to provide a “Value judgment”. If I say something is cool, I am not implying it is legal.

Learning and exploration

For some, it simply may be about learning. The hacker wants to see what they can do, how things work, and they may wish to explore. These types of hackers wish to push the boundaries of what is possible, and they delight in finding flaws.

Often they write their own tools, they seek to answer the question of whatif. What if I type 500 different numbers in this input box. How does the program handle the unexpected input. Does the program fail? If it does, is there a routine designed to handle the failure in a graceful manner, or does it fill the computer monitor with the contents of the computer memory.

The efforts of these types of hackers is not to be destructive, nor is it to “take down systems” but they are simply trying to see how things work. They view their activities with the detachment of scientific investigation. Of course, as with other scientific experiments, sometimes things go wrong, and this is when systems crash. Many times when a system crashes, it is because the original developer did not properly handle the exception, or did not anticipate the program being utilized in that manner. These types of hackers, view such circumstances as actually helping the original developer by pointing out flaws in their logic, and in the security of their program.

When the learning and exploration type of hacking becomes more formalized, these types of hackers often become “Security Researchers.” Most reputable software companies now have programs setup to solicit security researchers, and even to provide cash bounties for the discovery of new bugs and flaws in their systems. They provide assistance, answer questions and otherwise try to work for the betterment of the ecosystem. In return, when a flaw is discovered, reputable security researchers notify the software company, provide them with details of the exploit, and code to reproduce the problem. They also agree to wait for a certain amount of time, until the software company can produce a fix for the problem, before they publish the exploit (to the web via their blog, or as a paper at a conference).

Join me tomorrow when I will talk about another motivation for hackers.

I hope you have a great day.