The more we explore the alternative side of life on this blog, the more we run into hacking. This writer has a fair knowledge of computers but the finer details of hacking are elusive. As recent news stories about hacks, DDoS attacks, identity theft and spying illustrate, hacking is just going to get bigger -- so we investigate it.
As a writer, I realised that my goals of increasing my own understanding of 'things in general' is not dissimilar to what a hacker does. As I mention in the About section that symbols or imagery may appear familiar and easily understood yet there are many things in the universe that are poorly understood, and one way to find out is to "hack" them.
Definition
In common vernacular "hacking" conveys a negative image of exploiting computers and abusing financial records. To those familiar with hacking, there are three different types of hacker with their own definitions: Black Hat, White Hat and "Gray" Hat (edit: I received an email to say that the hacker hats are a false construct see page two for a response to the hacker hats).
Black Hat hacking is closest to the negative image the population has of hackers. A Black Hat hacker is there to exploit and abuse computer systems for profit, causing chaos, or increasing personal fame. They do not trouble themselves with ethical considerations, but do with computer systems whatever their skill allows them to.
The opposite is White Hat hacking, motivated by good intentions, although we'll leave the terms "good" and "bad" vague for now.
The neutral sense of the term "hacker," and the one this article is inclined to use, is exemplified by "Gray" Hat hacking. This definition is simple: the advancement of knowledge and understanding by do-it-yourself exploration. The something doesn't need to be in computing; see the following definition:
7. Computers. to devise or modify (a computer program), usually skillfully.
The mindset required for hacking is that of an inquisitive mind -- a desire to learn more by taking taking something apart. I can resonate with this sort of thinking but my own skills and knowledge is in physics rather than computing. Curiosity is a trait common to philosophers, physicists, hackers, engineers, computer scientists and many more. Curiosity in hacking may lead some to commit fraud; curiosity in physics lead to the atomic bomb.
Goals
Why hack? From the definitions above the point of hacking is self-evident: learn by doing, regardless of The Rules.
Black Hats hack to exploit, perhaps for money or just to cause chaos. Gray Hats hack to understand something better and often publish their findings; the end result is increased understanding and knowledge which could be used either for 'good' or 'bad.' White Hats use the information gained to warn people / companies about security risks; they are ethical hackers.
Doing something exploitive for personal gain and at the cost of others is perhaps uncontentiously illegal. However, discovering security flaws and making people away of security threats can be a helpful and necessary activity (provided it doesn't contradict previous statement).
Security website Sophos recently complained that hacking should always be illegal, but their grounds for making it illegal are
based on Black Hat hacking. Microsoft recently changed their view towards ethical hacking; The article states "Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services. It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a big no-no with individuals facing legal action even when they were just trying to help."
No one wants their private data shared maliciously but unfortunately security companies won't find and patch all the loop holes before a 'bad' guy does. A recent news story informs us that a blogger who exposed a security risk in a banking website is under pressure to remove his website. From my understanding of the story, the blogger isn't a hacker but rather someone that is concerned about a security loophole. Instead of being praised for finding the flaw he is being harassed by the security company.
This story seems to be typical of the experience of White Hat hackers: they find loop holes in security then warn companies that flaws exist. Instead of being thanked they are automatically assumed to be an abuser: this response is most likely due to the vernacular meaning of 'hacking' which is negative.
Hacker Culture
Gary McKinnon
I'd place Gary McKinnon as a Grey Hat, I don't think he was trying to abusive or exploitative although it isn't clear that he was doing it to inform the agencies of better security measures. While the goals of the different hackers is not coherent there is a common identity of all hackers: an inquisitive mindset. The curious mind is driven to understand how something works.
2600
This community, started in 1984 by "Emmanuel Goldstein," identifies itself as a quarterly American publication that specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer "underground" and left wing, and sometimes (but not recently), anarchist issues.
The name 2600 traces its routes to phone phreaking or Blue Boxing: To a young person dabbling in the underground in the early 1980s, few concepts were as powerful, alluring, or exciting as the "Blue Box". A number of simple circuits enclosed with push buttons, it changed everything in the relationship between the Phone Company (Ma Bell) and her customers (The Peons). With the blast of a 2600hz tone down a telephone line (signifying you Meant Serious Business), you could seize the telephone trunk and gain a sort of "Administrator" access to the phone switching equipment. And since operators were unlikely to do the sort of wild experimentation that a phreak with a blue box would try, all sorts of amazing things would happen with a few button presses.
As part of my own personal research into the hacking community I looked towards the guys at 2600 (twenty-six hundred). A friend sent me their website in an email, I read the website and thought it sounded vaguely interesting but I didn't continue further. Well, I recently came across them on twitter and decided to follow them for interests sake. Since following them and the account Linux Alive I've been updated with a lot of developments in the computing/ software. The guys from 2600 post news to their twitter feed but also to their forum.
Phrack
Phrack is a magazine that provides A harmony of all hats of hacking. See the information file from their most recent magazine issue (#66):
"In the previous prophile, we had interviewed probably the most hated "black hat" hacker, and in the current prophile, the most hated "white hat" hacker. Perceived as such. But the reality is more faded and every hacker has this paradoxical identity where each side of the barrier suddenly become very familiar to the other."
I'm not going to pretend to be overly familiar with all the sites and information I present but I hope to provide information for inquisitive minds. One article that caught my attention on the Phrack site is the following from issue 64: The projection of consciousness.
This elucidates the concept of the mind being like a computer but in this article the author is suggesting methods by which you can improve your likelihood to have lucid dreaming. He suggests some things that you can do in conscious life that will help you to have lucid dreams while unconscious. A fascinating idea that has the concept of hacking at the root of it.
DefCon
The hacker conference where hackers, feds and others interested in hacking meet to discuss the latest issues. Attending this conference is likely to boost your own level of paranoia, constantly watching to see if someone is going to exploit your computer or network access. Elinor Mills of CNET has written some interesting blogs about the most recent DefCon.
The most amusing part of the conference is the Wall of Sheep. It is what happens when you don't take good care of your security at the conference. Your username and part of your password is posted to the wall of sheep for all to see. Out of curiosity, I looked up some of the twitter accounts mentioned on the wall and to my amusement they exist.
One gem of information that is worth taking away from this conference is: what operating system did they use to administer the 'most hostile network' on the planet? OpenBSD. That has my attention. 9,000 hackers, security experts and feds are all accessing the same network. One that needs to be secure and prevent hostility despite the constant attacks.
What to do with this information?
I provide this information to provide clarity about what hacking is. I hope that it also shows the misunderstanding between what a hacker actually is and what it is perceived to be. Hacking is the trait of having an inquisitive mind: take something apart to understand it. What is done with that information at the end is an independent consequence. While many so called hackers are stealing credit card details and committing identity fraud there are others out there that are using the same skills to prevent fraud; hence, become a positive force.
Addendum - Hacker hats revisited
Soon after publishing my article I received an email from someone that uses the pseudonym PsiPhiber. He brings an alternative view on hacker hats to light. The definition I gave on the previous page is the more common and popular usage but that doesn't make it the correct usage. Just as musical genres are arbitrary with no clear dividing line then it is worth considering that hackers won't fall directly into one category or other. In fact the inherent dualism of modern thought should be avoided; it is too simplistic. PsiPhiber explains, from his viewpoint, the differences between the hat terms and puts that into historical context:
"Blackhat doesn't mean actively causing harm. It can mean simply staying out of the public / community eye. Just because a hacker doesn't post or blog what they are up to, doesn't make them nefarious, it just makes them quiet and self-reliant. The negative associations with "black hat" seem to be simplistic and immaturely experienced to me, although this definition is pervasive throughout the web, I think it is really pretty ill-defined.
"White hats are just about making things public. They will post to the security lists, contact vendors and try to make things known. I look at it as more like colors in the true sense that white reflects light and black absorbs light. Good and Bad depends on context of events, and in a defining these adjectives in general, there is no context nor specific events to speak of.
"Most of us don't really fit into definitions that people interested in making have decided to make up and propagate. When I was first exposed to the whole hoopla of what color your hat should be it didn't make any sense to me and it still doesn't. I view it as yet another human short coming in our attempts to grow and develop an accurate perception of things. The kids coming up today in the scene that I meet seem to have been really been done a disservice by this myth of separation by 'hat.' They are either on the road to being a corporate tool in the name of "white hat" or malicious ignoramus in the name of "black hat," which seems to really be more about rebellion against rules.
"Not the least of why they were drawn was our own defense mechanism. When the Patriot Act was passed, one of the things that spread was that it was able to be used to retroactively prosecute someone for violating the Computer Fraud and Abuse Act of 1990. Combined with the sweeping aside of needs for warrants and the whole Bernie S and Mitnick thing, it seemed to me then that this distinction was a way for those who love to do what they do (probe technology) to be able to present something to the totally clueless. To say something along the lines of "Look, here are two very basic distinctions. I'm going to break it down very simply for you (the politically motivated and technologically clueless)." Gray Hat was added as an after thought as any line that categorizes something into two areas inherently creates an implied third distinction which is of course the things that do not easily fit into either one of the other two."