November 27, 2006 12:55 PM PST

Security from A to Z: Hackers

Hacking doesn't just mean breaking into computer systems: It can refer to any action that achieves an outcome by deviating from the intended path.

Computer hackers write, use and modify software to break into computer systems, often exploiting flaws in another programmer's code.

roundup
The A to Z of security
Read the first part in our rundown of hot security topics, from antivirus to zero-day threats.

The security troubles that have dogged Microsoft's Internet Explorer Web browser, for instance, are caused by hackers writing pieces of code that exploit vulnerabilities in IE's code. These enable the hackers to use the browser as a springboard to carry out a malicious action, such as hijacking a user's PC.

Although many hackers are malicious and intend to cause disruption or hijack PCs for their own ends, some can simply be out for the challenge of cracking a particular security system. In the corporate world, so-called ethical (or professional) hackers are even employed to probe corporate security systems for flaws--a business known as "penetration testing."

Notable hackers include Gary McKinnon, the so-called "NASA hacker" and Kevin Mitnick, who served five years in jail for his exploits. Since being released from jail, Mitnick has carved a career for himself in the security industry--a path followed by many former hackers.

Natasha Lomas reported for Silicon.com in London.

See more CNET content tagged:
Kevin Mitnick, hacker, computer system, security, Microsoft Internet Explorer

5 comments

Join the conversation!
Add your comment
Missleading; Hacker does not equal Criminal
I find it miss-leading to use the term Hacker to mean Criminal. It does the public a dis-service to the public and the Hacker community by breading fear of an internet "boogyman" rather than placing the blame squarily where it belongs; Criminals.

The most accurate modern description I've seen is this:

In short, users want to get something done; check email, look at websites; don't care how it works. Hackers want to understand and control each step in the functional process; what key strokes do what, how does the computer authentication work, what flaws exist in a system, how can the system be improved. What new OS can be explored next.

"Normal Users" do things with there computer without interest or understanding of how it functions. They don't care how the engine runs as long as the car goes forward when they press the gas peddal.

"Computer Geaks" do things with and too there computers with a higher degree of knowledge though perhaps more limited to understanding the difference between hardward specs and choosing custom component lists for there systems. Most computer gamers fall into this area as they understand the hardware enough to make the games function better but not to an obsesive level.

"Hacker" the often obsessive, overly knowledgable of the computer user community. The hacker doesn't want to just do things with and too the computer, they want to understand each step in the process of each function. They want to explore the limits of hardware and software systems. They want to break those limits (and this is the one bit of information you where accurate on) finding new and unplanned ways of using the technology.

"Computer Criminal" (not as sexy as two sylables I know but,) is someone who studies the intricacies of information, security or social systems only far enough to purpitrate crime. These may be users who began as Hackers but at some point, the curiousity and persute of knowledge was lost in favour or easy money and exploitation of Normal Users.

As a simple example of system use beyond intended function; Email sends communication, Wordpad is a very basic (slightly more adept than Notepad) text editor with some formatting functions, Windows File Explorer gives you a view of your files and folders accessible through the machine. What regular user would think to copy the path from File Explorer, paste it too Wordpad for a quick search and replace quickly turning it into a hyperlink address then paste it into an email so a non-techie user can find the file they are talking about?

Hackers are curious not distructive. If a Hacker enteres a network un-approved, it's probably some highschool kid making a poor judgement call (kids do stupid things, that's why they're kids) but the intent is exploration, puzzle solving, not harm and more than likely, you'll find nothing out of place, nothing intentionally deleted or take. The intent is not profit.

Of course they know all the tricks that criminals are finally catching on too. They knew and understood Denial of Service (ah, the IRC cowboy days), SPAM, authentication circomvention years before the public realized that computer crime was possible. Ever forgotten your password? If your neibour's kid is a bit of a hacker, he probably help you avoide a complete system reinstall.

Heck, if your computer security expert is not a bit of a hacker and regularily reading the "big bad boogieman hacker" websites, fire there ass; they aren't keeping up to date on the evolution of there industry.

Let's stop scaring Auntie Alice with stories of the computer "boogyman" and put the blame where it lies. Spammers, Pirates, Virus writers; criminals not hackers.

There intent is to profit at others lack of knowledge or expense (usually both).
Posted by jabbotts (492 comments )
Reply Link Flag
damned right
I love the post here mate. You really capture the meaning of being a "hacker" rather than a "cracker." (Or computer criminal). Nice detail in explaining things. In fact, in the 80's "hacker" was a term of prestige. "Hackers" were the ones building the internet. In the 90's "hackers" were thought more of mischievous computer users. It wasn't until the new millennium that "hacker" became synonymous with "terrorist."

The Mentor was an early hacker who published this:
<a class="jive-link-external" href="http://www.phrack.org/archives/7/P07-03" target="_newWindow">http://www.phrack.org/archives/7/P07-03</a>
The Hacker Manifesto or The Conscience of a Hacker. Here you see the intent is not destruction, as mentioned by jabbotts, but a smart individual who has been misunderstood.

"My code doesn't have flaws. It just has...random features."
Posted by magick_samurai (2 comments )
Link Flag
MItnick a hacker?
"Notable hackers include Gary McKinnon, the so-called "NASA hacker" and Kevin Mitnick, who served five years in jail for his exploits. Since being released from jail, Mitnick has carved a career for himself in the security industry--a path followed by many former hackers."

Kevin Mitnick was jailed for his Social engineering exploits, in reference to this article i wouldn't class him as a "Hacker".
Posted by beastx (1 comment )
Reply Link Flag
Mitnick was a social engineering specialist
Social engineering is a tool used by anyone trying to get around security. It existed long before computers, people just used it there too. Mitnick has his place in the Hacker community and computer history. He may not have been exploring new hacks or publishing truly clean code but he did push the bounds of the computer knowledge out a ways.

I'd sudgest that his fault was exploring systems he clearly shouldn't have been in at an earlier time when computer security got some media attention and the government needed a trophy.
Posted by jabbotts (492 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.