Hacker: Difference between revisions

This article is about computer hacking. For other uses, see Hacker (disambiguation) and Hacking.

A Hacker is a general term in computing that refers to a computer programmer who takes advantage of the faults in the design of computer software or hardware (commonly referred to as "weaknesses") in order to:

1. gain further knowledge about the internal workings of the software or hardware,
2. gain access to some previously locked or hidden function of the software or hardware,
3. disable some previously functioning part of the software or hardware so that it no longer works in the way it was originally intended, or
4. command the software or hardware to perform an additional task that it was not originally designed to do.

As a hacker's activities commonly (but not always) involve reverse engineering^{[Note 8]} or direct modification of the software or hardware without the manufacturer's knowledge or authorisation, hacking often violates existing Copyright and Patent laws^[1] in many countries. A hacker's activities also frequently include the exploitation of a weakness in software or hardware to, for example, command the software or hardware to perform a malicious action against an individual or organisation. While reverse engineering software or hardware to gain further knowledge about its internal may not be considered a crime, malicious acts arising from the exploitation of any weaknesses found are considered crimes and are even considered as terrorist acts in some countries^[2]. For these reasons, hacking, the activity of a hacker, is considered a crime under law in most countries especially United States Law. Numerous hackers have been, and continue to be, prosecuted^[3][4] for their actions, some even becoming infamous through the reporting of their activities in the media.

The word Hacker is a general term within the field of computing and there are more specific terms in use, particularly just within the United States, to describe the different types of hackers and the different kinds of software and hardware that they find weaknesses in. These different types of hackers are listed briefly in Section 6 of this arcticle, however, to read in detail about these different kinds of hackers, please consult Hacker (disambiguation) or Hacking.

Overview

The hacker of the late 1950s to the early 1970s was originally known for applying expertise and skill to getting the maximum benefit out of hardware and software. These hackers were computer enthusiasts who were highly respected and their skills helped the software and hardware industries to advance very quickly in the early days of computing. However, hackers in general quickly became associated with crime as some of them applied their considerable expertise to illegal activities such as:

• the theft of assets (e.g. money^[5] or information^[6])
• the use of services (e.g. telephones) without paying, and
• performing malicious deeds against, or causing material damage to, corporations and government institutions (e.g. espionage^{[7][Note 3]}).

Within the Computer User clubs and IT-related Universities in the United States of America, there is currently a debate about the usage of the word hacker within US Academia and there is a proposal that it should only be associated with its original expertise-oriented meaning. To read in detail about this debate, and the issues involved, please see the article Hacker Definition Controversy.

Dawn of the hacker

As early as the mid 1940s, the American Government was sponsoring projects to build huge mainframe computers to forward research into processors and possible applications of those processors. One such project was a US Navy contract initiated during World War II for a flight simulator computer. The computer took so long to design that, by the time the designs were completed, the war was over and the US Navy had lost interest in the project^[8]. However, the Massachusetts Institute of Technology (MIT) in Cambridge, Massachusetts, USA, took over the designs and built just the computer. The result was the MIT Whirlwind computer. The MIT Whirwind computer is said to have been the first ever computer to have a full-screen graphical display and it was this feature that led programmers of the huge mainframe (four floors of a two-storey building) to exercise their skills and stretch the capabilities of the computer to perform tasks that it was not originally designed to do. One such programmer, George Yale Cherlin, Ph.D, became famous amongst the Whirlwind project's 175 staff when he and some colleagues together managed to use the military-designed mainframe to create a graphical, real-time, simulation of the physics of a bouncing rubber ball^[8]. Cherlin's expertise in programming at that time can certainly be considered one of the earliest acts of hacking in the original good sense of the word.

First hardware hackers

While US universities, like MITs Artifical Intelligence Laboratory, continued to push the boundaries of processors and the software running on those processors, industrial applications of the new technology were also being pushed. However, while software was advancing at a very fast pace, the first recorded hacking attempts were on simpler electronic machines that were designed to perform only a single task. Among the first such machines were the part electronic/part mechanical US telephone exchanges and it was in the late 1950s that a young boy called Joe Engressia^{[Note 4]} first managed to hack one of these exchanges.^[9]

Engressia was born in 1949 and was blind from birth^[10]. As a result of this, however, he was endowed with other amazing talents, one of which was Perfect Pitch. Perfect Pitch is the ability to be able to repeatedly, and exactly, generate a tone of any frequency through singing or whistling. He discovered by accident at the age of just eight years old that the US long-distance^{[Note 1]} telephone exchanges responded to a special "line-idle tone", a 2600Hz frequency tone internal to exchanges that indicated a long-distance line was available for use^[10]. The tone was important as it was used by the exchanges to detect when calls had finished, and therefore was used to calculate telephone bills. If a freephone^{[Note 5]} number was dialled, the local exchange would search for an available long-distance line and mark the call as free. Once the long-distance line had been found, generating the 2600Hz idle tone would make the long-distance exchange think the line was idle and it would stop billing the call. However, the local exchange was still connected and any number dialled would then not be billed. Every time Engressia wanted to make a free long-distance call, he would simply whistle into the telephone receiver and receive his free call.

Soon after, in the early 1970s, another man called John Draper discovered the same tone was generated by a toy whistle that came free with boxes of breakfast cereal^[11]. Draper blew the whistle into a telephone receiver and also received free calls. Draper become somewhat infamous for envanglesing the technology to be able to cheat the telephone companies without actually using the technology himself. He even gave hacking classes and workshops to his fellow inmates whilst in jail and gave practical demonstrations of his hacking techniques using prison telephones^[11].

Both Engressia and Draper were arrested and convicted (Draper on multiple occasions) for their hacking of US telephone exchanges and even became infamous in the local newspapers of the time. Engressia died on August 8th, 2007^{[9][Note 4]}, however, both Engressia's and Draper's activities inspired a whole division of hacking focussed on telephone systems that would later be called Phreaking.

Emergence of software hackers

During the 1960s and 1970s, computers were too expensive to buy for the majority of normal people. However, this all changed in the late 1970s and the 1980s with the worldwide home computer revolution. Corporations and individuals alike rushed to create machines for hobbyists to use and experiment with in their own homes and many brands like Apple, Commodore, and Tandy/Radio Shack were born. Many hobbyists rushed out to buy a computer and one such person was a young boy called Kevin Mitnick.

Long before he used a computer, Mitnick had already been involved in hacking when in 1976, at the age of just 13, he managed to hack the bus ticket system in his hometown of Los Angeles, USA to get free bus rides^[12]. The system relied on tickets with punched holes in them and Mitnick, using his own specially-made hole punch, was able to cheat ticket machines and travel to any destination he wanted within the Los Angeles area free of charge. By 1982, at the age of 19, he was proficient enough with a computer to be able to hack into the US Government's North American Aerospace Defense Command system (NORAD), a military surveillance system^[12]. Although no damage was done and no criminal charges were brought, it is this incident that is widely believed to have been the inspiration for the 1983 film WarGames, a story about a young boy who hacks into a government computer and accidentally starts a launch countdown for some nuclear missiles. In 1988, however, Mitnick went one step further and hacked into the computers of an IT company and illegally downloaded $1m of the computer company's software^[13]. The case, brought to court by the computer manufacturer Digital Equipment Corporation, was sucessfully prosecuted and Mitnick received one year in prison in 1989 for his crime.

Mitnick has been jailed on multiple occasions^[12] and his reputation as a hacker, plus the rumour that the 1983 film WarGames was based on Mitnick's own experiences, has turned him into a cult figure. Mitnick, having served his sentences, now provides his skill and expertise as a security consultant for is own legitimate internet security firm. However, Mitnick has found himself, ironically, the victim of several successful hacking attempts^[14], bringing much embarassment to the person they once used to call "the most wanted computer hacker in the world"^[12].

Difficulties in prosecuting hackers

The 1980s and the 1990s saw a revolutionisation in the computer industry that resulted in computers filling every office and touching every aspect of our lives. Whilst technology has continued to advance to bring the world faster and cheaper computers that are in everything from car engines to mobile phones, and the software security to protect those computers has also been advancing, the hackers have also been evolving their techniques to break the new, stronger security.

In August 2007, a 17-year old teenager named George Hotz hacked a mobile phone so that the software restricting its use to a single mobile phone network was disabled, enabling the phone to be used on any rival mobile phone network^[15]. Apple Inc.'s iPhone mobile phone handset was announced in an exclusive partnership will US mobile network provider AT&T Wireless^{[Note 6]} in January 2007^[16]. Although software in the handset made sure that the iPhone could only operate on AT&T Wireless's network, the phone presented a challenge to hackers who wanted to use the phone on other providers' networks. Hotz was the first person to hack the phone using a combination of software and hardware modifications and he demonstrated his modified iPhone handset working on AT&T Wireless's rival T-Mobile's network.

Whilst Hotz was congratulated by hacking communities everywhere, Apple and AT&T Wireless were not happy, although Hotz appears to have been spared going to court when he stated in interviews that he didn't want to sell his hack^[15]. Instead, he was consulted by Apple as to the nature of the hack and Apple soon released an update to the phone's software that was claimed not to include the weaknesses that Hotz had managed to exploit. However, companies and other hacking firms that did try and sell Hotz's hack were approached by Apple's lawyers who successfully blocked the firms from selling the hack citing copyright infringment and reverse engineering^[17], something that is considered illegal through such legislation as the United States Digital Millennium Copyright Act ^[18].

Hotz's actions highlighted the difficulties that software and hardware companies face when trying to prevent hackers from reverse engineering their work. While corporations struggle to protect their inventions and business strategies, hackers everywhere are struggling equally hard to try and reverse engineer those inventions for their own profit or gain. One of the reasons why Hotz wasn't brought to trial was because of sections of the US Digital Millenium Copyright Act^[18] that appear to permit software or hardware to be reverse engineered and modified without the original manufacturer's consent, where the modification allows the product to interoperate with other programs^[19] in the manner for which it was originally intended^{[Note 2][20]}. This was important, as Apple's iPhone was originally designed to be used on every provider's network in the world although this design was limited to AT&T's network using special security software. Thus, as Hotz's modifications to the iPhone did not change the iPhone's original purpose, and the modifications allowed the phone to interoperate with another provider's network, both Apple and AT&T found it difficult to prosecute the teenager, a situation that neither corporation was happy about.

Increasingly, hackers are avoiding prosecution by being hired by corporations to deliberately find the weaknesses in their software or hardware as this is often cheaper than having their system breached and losing the confidence of customers^[21]. Hotz is one such person who, by agreeing to co-operate with Apple in explaining the nature of his hack, caused both Hotz and Apple to benefit from what was initially a very serious situation.

Evolution of the hacker

As the software industry has evolved over time, it has become an industry with many different areas of expertise. Along with the expansion of the industry has come an expansion in the number of specific terms in use, particularly just within the United States, to describe the different types of hackers and the different kinds of software and hardware that they focus on.

The different types of hacker that exist today are listed in the table below.

Hacker Type	Explanation
Black Hat	A Black Hat hacker concentrates on finding, and exploiting, the weaknesses in systems in order to perform malicious acts or to cause some kind of injury. All activities of the Black Hat hackers are considered crimes and so, where possible, prosecutions have, and continue to be, brought against this kind of hacker.
Cracker	A Cracker is a person who concentrates on finding weakesses in the security-related parts of software and hardware in order to disable the security and allow unauthorised use. Most activities of the cracker are illegal, however, they often go unprosecuted as the people whose software has been compromised have neither the resources nor the time to persue them.
Phreaker	A Phreaker concentrates on finding, and exploiting, the weaknesses in telephone systems.
Open Source	An Open Source Hacker is a person who enjoys designing software and building programs with a sense for aesthetics and playful cleverness. These hackers have been responsible for creating the Open Source movement, a collection of computer programmers who collectively write software that is free to use and distribute.
White Hat	A White Hat hacker concentrates on finding the weaknesses in systems in order that the systems themselves may be fixed. These hackers are sometimes hired by corporations to find weaknesses in the corporation's own products and so are not prosecuted for their work.

As the number of hackers has increased, and the seriousness of the hacker's crimes has also increased, groups of programmers within US Academia and the homebrew clubs^{[Note 7]} have been trying to distiguish and distance themselves from the criminal hackers and the criminal image of hacking. These groups are trying to reestablish the use of the general word "hacker" in its original sense - i.e. as a person who exercises great skill in creating or modifying software and getting the maximum benefit out of it. To read about this discussion in detail, please read Hacker Definition Controversy.

Techniques of the Hacker

There are many techniques that the Hacker uses to engage in his or her activities, and new methods are being continuously being devised and discovered. Each method is designed to exploit a particular kind of weakness and a hacker may use one method, or many methods in combination with each other, to achieve their objective.

Although there are many different techniques and technologies, most techniques can be split into a small number of distinct categories which are listed below:

Technique	Explanation
Trojan Horse	What is it? A Trojan Horse is any piece of software that gives the impression it is doing a particular task when, in fact, it is secretly performing a much more malicious task. The software will often look appealing and is designed to be welcoming, however this is merely a trick to divert the attention of the user while the real malicous work is being secretly being performed. The hacker typically uses a Trojan Horse when something needs to be illegally installed on a user's computer, or something needs to be illegally acquired from a user's computer. Why the name? In Greek Mythology[22], a long war was fought at a city called Troy. The army trying to gain entrance to the city were on a mission to rescue a lady called Helen who was being kept a hostage within the city. After nine years and still no success, a man called Odysseus, a member of the army trying to enter the city, had the idea to build a large wooden horse and offer it as a "gift" to the people of Troy to convince the city's leaders that they had given up. When the horse was completed, it was left outside Troy's city walls and the attacking army returned to their ships and left. Seeing the ships leave, Troy's leaders accepted the horse. However, Odysseus had hidden a group of the army's best soldiers inside the horse. Once inside the city's defensive walls, the soldiers jumped out of the horse and sprung their attack on the city from the inside, surprising their opposition and rescuing Helen. Thus, software that copies Odysseus's technique of using a disguise to hide the real task to be done is called a Trojan Horse. Example Spyware is a common type of Trojan Horse. Spyware is software that gives the impression it is offering some kind of (often free) service but is actually secretly stealing personal information from the user's computer and transmitting it over the internet to another location. After the hacker steals the information, they either use it to perform more malicous deeds against the user or they just sell it on for profit.
Virus	What is it? A virus is a piece of software that can copy itself and then transmit itself to another computer, where it then copies itself again. The virus is normally embedded into another piece of software (the host software) and is therefore hidden from view. Once embedded inside the host software, the virus uses the normal functions of the host software to copy itself, only becoming visible when the copies of the virus are transmitted to other computers. The chain of replication is normally very difficult to break and the number of computers that become infected with such software can increase very rapidly. As a virus relies on the host software to function, viruses can be very small programs and can be very simple to create. The hacker favours viruses when small size and simplicity are desired. Why the name? In the human body, viruses operate by hiding inside cells so that they become hidden from the view of the body's natural defences[23]. They either copy themselves inside the cell, or they sleep and are copied when the cell naturally copies itself. After the virus has been copied many times through either method, each separate copy of the virus leaves its host cell and then goes to find a new cell, starting the cycle again. The virus only becomes visible when the copies exit the host cell, not while it's being copied. This means the body's natural defenses are sometimes not able to detect the virus until copies of the virus are too numerous to stop. Example Email "Address Book" viruses were, and still are, amongst the most common of software viruses. The virus uses the address book of a user's email application to target users that it will infect next. The virus then attaches itself to an email and uses the normal functions of the email application to email a copy of itself to each selected target. When the virus email is received, the virus relies on the email application to copy itself again (for example, when the user opens the email). Users who often believe they are safe by not opening the email's contents (e.g. an attachment) unknowingly help the virus to spread just by opening the email. A hacker uses a virus to deliver some kind of message or program to the largest number of computers in the smallest amount of time. After the computers have been infected, the hacker may use the delivered messages or programs to perform additional damage to infected computers.
Worms	What is it? A worm is a piece of software that can copy itself and then transmit itself to another computer, where it copies itself again. A worm is different from a virus in that it does not need to rely on host software to spread. A worm contains all of the copying function within itself. A hacker uses a worm to alter or disable a computer's functions without causing the computer to stop or display any kind of physical problem and this means that the effects of a worm can go unnoticed for a significant amount of time. During this time, the computer may become vulnerable to, or a participant in, an external attack by the hacker who is then able to exploit the computer to gain unauthorised access or to perform some other malicious action. Why the name? John Brunner wrote a novel in 1975 called The Shockwave Rider [24], in which he described the idea of a Computer Tapeworm based on the biological Tapeworm parasite. Brunner's worms entered a computer system and lived invisibly within a computer, spreading themselves by attaching to any kind of data that was transmitted to another machine. In 1978[25], two reseachers at Xerox, in Palo Alto, California, USA, actually wrote a worm program to usefully utilise a computer system's "spare" resources at the times when a system was not 100% busy[26]. The worm used only the spare resources to do useful work, and to spread itself to other computers so that more work could be done. However, now worms often use a computer's spare resources in order to perform malicous tasks like launching attacks on other computers, or consuming more resources than are actually available (causing the infected computer to operate many times slower). Example In 2003, a worm called Blaster[27] was created which copied itself when the computer was connected to the internet, even if the user was not actually performing an internet-related action. The worm activities went unnoticed on millions of users' computers as most of the time it did no real work; the worm was just waiting until a pre-programmed time. The actual effect of the worm was that computers infected with the worm waited until August 15th 2003 at which time they all attacked Microsoft Corporation's Online Update website in unison in order to try and disrupt Microsoft's services.

Influence of hackers on everyday society

The effect of hackers on the way we live our lives has been significant. Software, although reliable at performing the same task identically millions and millions of times, now has to be protected against hackers who want to modify it so it repeatedly performs a different, often malicious, task. Furthermore, as the protection that is used is itself a target for the hackers, technology that can automatically detect when the security has been broken has also had to be developed (for example, a CD player detects when a copy of a CD is being played instead of the original purchased CD).

In the modern world, software is operating every minute of every day making sure that actions performed by machines on behalf of individuals are only performed when properly authorised to do so. For example, the action of withdrawing money from a bank using a card must only be done by the authorised card holder, and special software in the form of smart cards attempts to protect stolen bank cards from being used. Another example might be a company who wants to protect the copyright of its products and in this case the software could be protecting the product from being copied illegally, or from being used in a manner that the company explicitly forbids (like using a mobile phone handset on another company's network). At the same time, however, hackers are trying their best to devise new techniques based on Trojan Horses, Viruses, and Worms to find and exploit weaknesses in software so that they can use your stolen bank card or they can use that mobile phone on another provider's network. Thanks to the skill and expertise of engineers in the IT industry, though, this conflict remains largely hidden and does not affect normal people in all but the most extreme cases.

As hackers' techniques advance further still^[28], software design is also advancing so that software can withstand the attempts of hackers to reverse engineer or modify the software. One of the biggest challenges facing all sections of the computer industry is how to implement software so that the copyright of works, or access to personal information, can be protected from hackers without making software products so complicated that they become unusable, bringing the lives and jobs of ordinary people to a standstill.

References

1. United States Department of Justice - 18 U.S.C §§1831-1839 Theft of Commercial Trade Secrets
2. United Kingdom Office of Public Sector Information - Terrorism Act 2006 ¶16
3. United States Department of Justice, Computer Crime & Intellectual Property Section - Summary of Computer Crime Cases
4. United States Department of Justice, Computer Crime and Intellectual Property Section - Press Releases
5. $70M bank scam foiled; 7 charged - USA Today Newspaper Archives, 19th May 1988
6. Police Swoop on 'hacker of the year' - The Sydney Morning Herald, 15th November, 2007
7. Dangerous Decisions: Problem Solving in Tomorrow's World - Enum Mumford. ISBN-13: 978-0306461439. Pages 161-165 (paperback)
8. Edward Cherlin, Simputer Evangelist and son of George Yale Cherlin, Ph.D, courtesy of www.oldcomputers.com
9. New York Times, 20th August 2007 - "JoyBubbles, 58, Peter Pan of Phone Hackers, Dies" (Online Version: delete cookies before viewing)
10. Origins of Phreaking - Gary Robson
11. John Draper interviewed in early 1995 by Tom Barbalet, software programmer and Co-Chair of Intellectual Property Rights Special Interest Group
12. The Trials of Kevin Mitnick - CNN Special Report, 1999
13. Biography of Kevin Mitnick - Courtesy of Takedown.com
14. Prominent Hacker Mitnick Hacked - BBC News Online, 11th February, 2003
15. Teenage Hacker Unlocks the iPhone - BBC News Online, 25th August, 2007
16. Apple Inc. Press Releases - Apple Chooses Cingular as Exclusive US Carrier for Its Revolutionary iPhone, January 7th 2007
17. Legal Threats Halt iPhone Crack - BBC News Online, 28th August 2007
18. The Digital Millenium Copyright Act of 1998, U.S. Copyright Office Summary - Library of Congress
19. The Digital Millenium Copyright Act of 1998, U.S. Copyright Office Summary - Library of Congress. Page 5, exception 2
20. Library of Congress, United States Copyright Office - Fair Use
21. Canadian Hacker worked with MPAA to combat BitTorrent downloads - Financial Post, 22nd October, 2007
22. The Library of Greek Mythology - Apollodorus (translation by Robin Hard) ISBN-13: 978-0192839244
23. How Viruses Work - Craig C. Freudenrich, Ph.D. Courtesy of How Stuff Works
24. The Shockwave Rider - John Brunner ISBN-13: 978-0345324313
25. Xerox Parc - Innovation Milestones
26. The "Worm" Programs - early experience with a distributed computation. Shoch, J.F and Hupp, J.A. Palo Alto Research Center NY: ACM; 1999; 19-27
27. Symantec Corporation: Security Responses - W32.Blaster.Worm
28. Wireless World Is Vulnerable - National Post, 6th December, 2007

Notes

• ¹ Long-distance telephone calls are calls made within the United States where the number being called is in a different state to the caller's number. See Long Distance (US) for more information.
• ² US Copyright Law, of which the DMCA is an extension, states "fair use" as using a work (in this case, the iPhone hardware and software) in a way that does not infringe the way in which the original author (in this case, Apple Inc.) "expressed themselves". The modified iPhone was identical is appearance, features, and function to the original iPhone, so use of the modified iPhone could have been argued to constitute "fair use".
• ³ Markus Hess, a German hacker who lived in Hanover, Germany, breached the security of at least 24 US military computers between 1986 and 1989. He was jailed for stealing United States military secrets and for later selling the secrets, and the hacking techniques used to steal those secrets, to the KGB in return for money.
• ^{4a 4b} Joe Engressia's legal name was "JoyBubbles" as from 1991.
• ⁵ Freephone (United Kingdom, Australia), Freecall (New Zealand) or Toll Free (United States, Canada) numbers are telephone numbers that can be dialled free of charge. Typically, these numbers contain the sequence 800 in the code. These numbers are commonly used by companies to provide complementary services, and by governments to provide information and support.
• ⁶ Users of the iPhone in the United States actually make their contracts with AT&T Wireless. However, the alliance to develop and market the iPhone was between Apple Inc. and Cingular, a US mobile network provider who bought AT&T Wireless in February, 2004. (CNN Money news report).
• ⁷ A homebrew club is a term used in the United States to describe a club for computer hobbyists. The name homebrew is taken from the name of the most famous computer club in the US, the Homebrew Computer Club, where such people as Steve Jobbs and Steve Wozniak (co-founders of Apple Inc.) were members.
• ⁸ The opposite of engineering. Reverse Engineering is the process of examining a finished software or hardware product and taking it apart in order to find out it was originally constructed.

External links

• www.old-computers.com - The Old Computer Museum (history of most computers manufactured from 1951-1995)
• Viruses & Risks Symantec Corporation