History Hacking & Cracking
With Hacking is not meant cracking or phishing. Though in this chapter the editor will mention or describe crackers and phreakers or other cybercultural occurrences connected with this subject.
Definition (If there is a proper definition at all)
Though we often associate Hacking with criminal activities. Hacking does not always mean breaking into computers.
There are different definitions:
- A person who practice hacking is called a hacker.
- Hacking can be just to find out how it works without criminal intent.
- Hacking can be simply to crack a code
- A hacker can be breaking into a computer that’s yours, often not wanted, and now prohibited by law.
Originally Hacking had nothing to do with breaking into one another’s computers. It was primarily tinkering away with hardware to make things work. And this strain of hackers are still out there in multitude!
Hacking can also be done to perform reverse engineering of software whereof the source code is lost. Mostly done with legacy or so called “Ben Hur” (old) systems
Hacking also can be cracking a code (Enigma code during WWII, modern spies deciphering secret messages, or just for the fun of the intellectual challenge!)
But, for the general public at least, in the last few decades tinkering away with hardware became equivalent to: gain unauthorized access to a computer. This is how the press and official and may be not so official bodies wants us to believe.
…Or cracking the security coding of satellite TV or copy protection of data media like dongles, CD’s, floppies, DVD’s etc. This is often called cracking and the person doing that is mostly called a cracker. Mostly activities in that aspect are illegal.
Any more definitions, oh yes. Hacking or Cracking is merely a human trait that is triggered and inherent to our being: our unbridled curiosity. Hide something and you’re bound to find someone that wants to find out. Make some complicated machinery or other gadget and someone will find a way to reverse engineer it. Nothing malicious too that. But it is the use you make of your gained knowledge that makes it sometimes illegal.
Government and their enforcement, hackers, companies, security organizations, highly skilled (software) engineers
As authorities and contra’s see it
Now, there are always two sides of the story
As hackers see it
Both of these opinions are widely accepted , but by no means universally, among all parties involved. Most hackers subscribe to the hacker ethic, and many act on it by writing and giving away free software. A few go further and assert that *all* information should be free and *any* proprietary control of it is bad. By the way in some respects this philosophy is also part of the philosophy behind the GNU project.
Here is another view:
Crackers (hackers), whom are mostly depicted as criminals by official bodies, have less problems with ethical considerations. They often operate on the edge of the law or beyond. In their view the law is but a contemporary set of unwieldy rules not intended for hackers or crackers and reflected upon as a nuisance for the free creative mind.
Some people consider the act of cracking itself to be unethical, like breaking and entering. But the belief that ‘ethical’ cracking excludes destruction at least moderates the behavior of people who see themselves as ‘benign’ crackers. On this view, it may be one of the highest forms of hackerly courtesy to:
- Break into a system,
- and then explain to the sysop, preferably by e-mail from a superuser account, exactly how it was done and how the hole can be plugged — acting as an unpaid (and unsolicited) “tiger” team.
The most reliable manifestation of either version of the hacker ethic is that almost all hackers are actively willing to share technical tricks, knowledge, software, and (where possible) computing resources with other hackers. And to remind you: huge cooperative networks such as Usenet, FidoNet and Internet can function without central control because of this trait. They both rely on and reinforce a sense of community that may be hackerdom’s most valuable asset.
Hacking a computer system
A few requisites
Surprisingly enough there is no distinct profile of a hacker. He or she comes from all creeds and breeds, old or young. Some see it as a sport: ‘the tinkerers’. Others just want to get to the goodies, some are spies, some are just out to destroy the system, some are even anarchists, and some are pacifists trying to save the world and not to forget some are professionals unveiling the weaknesses of a particular system. They are rich, poor, wealthy, upper or lower class, blue color or white color, smart or just lucky. Hark! Computing does not make a difference.
But, when they are pursuing it, they all WILL find a way to gain access into company, government or other computer systems.
Since not all humans are evenly smart and intelligent there are various types of hackers and methods to gain access to computers.
What would you need and need to know whilst to be or becoming a hacker that wants to hack a computer:
- You need to create your own special password crack program, dial in simulators, firewall penetrators, worm “alike” assault mechanisms, listeners, decoding or decrypting engines,
- Need good practical knowledge of C, machine language and at least some Awk or Sed, VI when going for the big irons,
- Know how to handle Artificial Intelligence,
- How knowbots and search agents work and be able to create one,
- Need a good knowledge on TCP/IP mechanisms and other stuff comprising network protocols,
- How to get into PBX or other phone switch components,
- Would need to gain knowledge about the computersystem that wants to be hacked,
- Good to excellent knowledge about the operating system you are likely to encounter,
- Have knowledge about network layouts and system architecture of the system to be hacked,
- Need to understand the security measures in various breeds of security levels,
- How to make use of backdoors,
- Have a good grasp of likely and possible flaws or leaks in firewalls, routers and access server software,
- Must know how to cover their traces (e.g. by masking their presence on the net or computer’s logfiles),
- Be VERY VERY secretive and know when to go for cover,
- Time must be abundant,
- the list goes on and on…
Now you should understand why companies want to hire a caught hacker: he or she knows it all!
Also you will understand that to be or become a fairly successful computer hacker you have to be a knowledgeable, intelligent and persistent entity. When you never want to be caught you have to be crazy and genius at the same time. And you will never read this page on hacking.
But to get there means doing it. And how to achieve a hack depends on the complexity of the system, the level of security, the intelligence of the hacker and above all its persistence. And a combination of all of the above.
Generalizing there are three large contingents of hackers.
The hardworking, knowledgeable and intelligent one
- These persons are the most secretive and intelligent persons and hacking is not a hobby but a convocation
- They design their own software, borrowing means to give away your identity
- Build sometimes there own hardware that switch between PBX’s with difficult to trace marks
- Know their way around in networks and play with it as if it are toys
- Are mostly not a member of any group
- They know very well how to hide what they have done
- Are never heard of or they get arrested and convicted under false pretense as to cover the real reason, but would be waited for at the prisons gate by representatives of the same company they hacked
- Or just rot away in a prison or psychiatric institution and only come out when old and useless or crazy as a door
- Have a bit of luck not being caught
The hardworking persisting one
- These types use a mixture of tools, either made by group members or designed by themselves
- There is fair knowledge about operating systems and computing networks
- Most of the time this type of hacker is member of a hacker’s group or so you want organization
- Some are working with temporary loose clusters of individuals acting together for a hack
- There are inner circle ‘manuals’
- Use information via the Internet of other channels, not much pure individual work is done
- Have a lot of luck not being caught
The easy ones
- Use somebody else’s dictionary or programs to generate passwords
- Use a list of often used usernames (e.g. admin)
- Have a list of easy to hack systems
- Have a hacker’s “cookbook” to gain access (tips and tricks)
- Don’t bother about leaving traces
- Be member of a hacker’s ring and exchange information freely
- Have all the world’s luck of not being caught
Actually to make a hack the need for hardware or software is modest. All you need is a connection to the Internet, or have a modem of various types (synchronous, asynchronous) or a connection via cable or an existing network. Plenty of time and some intelligence and luck. And to no much surprise you will be in business before you know it.
This all sounds very optimistic, but be aware that:
IT IS WAR OUT THERE !
As soon as you enter the arena the cyber-war is going to be between the guardians and you. So don’t tell us you weren’t warned! There are only a very few success stories. And of course economic interest grow larger by the day, companies will try to protect their products more and more aggressive, especially the music industry.
The latter years of the 1990’s various government bodies established what has become known as cyber cops.
The FBI, KGB, CIA, MI5, Interpol, United Nations, various secret services of all governments, anarchistic movements, terrorists fractions, police organizations all have their special cyber forces.
Most governments are overreacting in their law making attempts to secure the networks and attached computers. Mainly because of ‘what you don’t know you fight’. But also: what might be expected of a politician that heard the term hacking for the first time when attending a meeting on that subject to pass a law. Just imagine, by the time the law is passed the technology has again leaped forward to make the law redundant by the time it gets approved. Or what becomes more and more the reality producers of audio visual products try to clamp down on relatively innocent attempts to circumvent copy protection schemes, some are not so innocent agreed. But again the industry is overreacting as was the case in the late 1980’s. Millions of dollars were spent in protecting software but by the time the software reached the market hackers broke the code. The difference now is that the industry is trying to stamp down on the creators of anti copy protection software like dropping an atomic bomb on an anthill.
But protection schemes and the technology behind it becomes much more complicated every day. It is therefore no wonder that corporations and other agencies turn to specialized persons or businesses that specialize in that type of security. From the end of the 20th century that industry is booming: cyber security. There is little to tell about these companies of organizations. For obvious reasons: there is little known. History has just begun.
Less than two years after Alexander’s Graham Bell’s telephone system went into operation a group of unauthorized teenagers were thrown off the network.
Early mainframes at MIT were used by ‘original’ hackers to develop skills and explore the potential of computing. ‘Hacker’ was, at that time a complimentary term for users with exceptional knowledge of computing
picture: John Draper
|Before the widespread use of computers and the Internet, ‘phreakers’ used the more prevalent playground of telephone networks. John Draper, a.k.a. Cap’n Crunch, finds a toy-whistle allows callers to circumvent billing systems for long distance calls|
‘Freedom of Information contra security by obscurity’
Two homebrew computer club members Steve jobs and Steve Wozniak launch so called blue boxes which can be used to hack into phone systems.
First arrest of hackers as FBI clamps down on 414 group after it hacked in to the Los Alamo research center
The movie war games is released, shaping public perception of hackers and glamorizing the hacker
Plovernet BBS (Bulletin Board System) was a powerful East Coast pirate board that operated in both New York and Florida.
Owned and operated by teenage hacker ‘Quasi Moto’, Plovernet attracted five hundred eager users. The actual Legion of Doom bulletin board was quite ahead of its time. It was one of the first “Invitation-only” hacking based BBSes; it was the first BBS with security that caused the system to remain idle until a primary password was entered; and it was the first hacking BBS to deal with many subjects in close detail, such as trashing and social engineering. This BBS was so heavily trafficked, that a major long distance company began blocking all calls to its number (516-935-2481).(7) Eric Corley (‘Emmanuel Goldstein’) was one-time co-sysop of Plovernet, along with ‘Lex Luthor’, who will found the phreaker/hacker group, Legion of Doom.
|Quarterly publication 2600 (named after the frequency of John Draper’s whistle) is founded, providing a platform for hackers and phreakers (phone hackers)|
Two hacker groups form this year:
The Legion of Doom in the United States founded by the hacker .a.k.a. Lex Luthor to educate new generations of hackers.
And the Chaos Computer Club in Germany.
In one of the first arrests of hackers, the FBI busts the Milwaukee-based 414s (named after the local area code) after members are accused of 60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory.
Comprehensive Crime Control Act gives Secret Service jurisdiction over credit card and computer fraud.
January; Legion of Doom/H member Loyd Blankenship (‘The Mentor’) is arrested. He publishes a now-famous treatise that comes to be known as the Hacker’s Manifesto.
|The following was written shortly after my arrest…/The Conscience of a Hacker//
Written on January 8, 1986
Another one got caught today, it’s all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…
Damn kids. They’re all alike.
But did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world…
Mine is a world that begins with school… I’m smarter than most of the other kids, this crap they teach us bores me…
Damn underachiever. They’re all alike.
I’m in junior high or high school. I’ve listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn’t show my work. I did it in my head…”
Damn kid. Probably copied it. They’re all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it’s because I screwed it up. Not because it doesn’t like me…
Damn kid. All he does is play games. They’re all alike.
And then it happened… a door opened to a world… rushing through the phone line like heroin through an addict’s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought… a board is found. “This is it… this is where I belong…”
I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all…
Damn kid. Tying up the phone line again. They’re all alike…
You bet your ass we’re all alike… we’ve been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.
source: http://www.phrack.org/show.php?p=7&a=3 Phrack Inc. Volume One, Issue 7, Phile 3 of 10
Seventeen year old Herbert Zinn is arrested in September after hacking AT&T’s system for months. Experts say he was close to crashing the entire US phone network.
First known MS-DOS virus ‘Brain’ is created. Investigators believe it is written by two brothers in Pakistan. It infected the boot sector of floppy disks
Robart Morris crashes some 6000 computers across the ARPANET with his worm which he claimed is accidentally released.
CERT (Computer Emergency Response Team) is founded in response.
First anti virus software released by a code writer in Indonesia
First known case of cyber espionage in Germany (west) allegedly the CHAOS computer club is involved.
Mentor releases the hacker manifesto Conscience of a hacker, which ends with the intriguing line: “You may stop the individual, but you can’t stop us all.”
Freedom on the Internet advocacy group Electronic Frontier is launched
Sophisticated virus types such as polymorphic viruses ( which modifies themselves when they spread) and multipartite viruses (infecting multiple locations in the machine) appear.
First National Citybank of Chicago is relieved of 70 million US$ in the first acknowledged major computer bank hack.
Hacker Dark Dante, Kevin Lee Poulsen, is arrested after a 17-month search. He got hold of military secrets.
Mitnick and Shimomura lock horns
The first Def Con hacking conference takes place in Las Vegas. The event was supposed to be a one-off-knees-up to bid good-bye to BBS’s (outdated by the web), but was so popular it became an annual event.
Hackers hit US federal web sites, including the CIA, Department of Justice, NASA and the Air Force. This isn’t popular with US officials. ;=)
Vladimir Levin, the legendary head of a Russian hacking ring, is believed to have masterminded a $10 million virtual holdup of Citybank. He is arrested in London a year later and extradited to the USA.
US defense department suffers a quarter of a million hacks in one year.
Mitnick is arrested on suspicion of stealing 20,000 credit card numbers. He pleads guilty a year later.
The movie Hackers hits cinema screens, sparking more misconceptions about hackers’ activities.
Network Associates runs an anti-hacker advert during the Superbowl in the US. In it, two Soviet missile technicians blow up the world, unsure whether the orders came from Moscow or hackers.
Hackers claim to have cracked a military satellite system and threaten to sell secrets to terrorists
NIPC (National Infrastructure Protection Center) launched with multi million dollar funding.
Hacking group LOpht tell congress it could shut down the Internet in half an hour and calls for greater security.
Massive year for Microsoft patches as hackers exploit Windows 1998 vulnerabilities. Birth of mainstream anti-hacking software.
Denial of Service attacks cripple the net’s biggest names.
Jon Johansen (Norway) co-authored with two other programmers who remained anonymous, a program called DeCSS and published it on the Internet.
The program decrypted DVD’s so that DVD’s could be run on a computer too. On Jan 23 he got arrested on the charge of hacking on to other’s computers: by creating a program that enables people to watch (legally bought) DVD’s on their own computers in stead of a stand alone DVD player. This time the case was not won by the Motion Picture Association because the E.U. law they were banking on was not yet implemented. A few years later in 2005 Jon Johanson will be acquitted by the justice department because European law explicitly allows reverse engineering when needed for interoperatibility.
XP – ‘the safest windows yet’ – is cracked before launch
Benni Baermann posts his “eight thesis on liberation” on 27th of December. A statement that can be interpreted as opposition against commercial software and pro sharing of knowledge. All in the thru hackers philosophy.
Microsoft Bill Gates launches Trustworthy computing. It soon appeared the the security leaks were as numerous as in all other Microsoft software.
ISP CloudNine was literally hacked to death because of massive DOS attacks. The company could no longer serve its customers and closed down its network. Customers are transferred to other ISP’S and the company goes broke.
The CCC (Chaos computer club) from Hamburg began around 1989 as a loose organization of hackers with modems.
They proved how good they were so people would be interested. They took over app. 75,000 US$ from the Hamburg’s national savings bank but then they gave it all back the next day.
The Chaos Computer Club is also associated with cracking computer systems on assignment for the Russians.
Quoting from their website:
Based in Lubbock, Texas, the CULT OF THE DEAD COW (cDc) is the most-accomplished and longest-running group in the computer underground. Founded in 1984 and widely considered to be the most elite people to ever walk the face of the earth, this think tank has been referred to as both “a bunch of sickos” (Geraldo Rivera) and “the sexiest group of computer hackers there ever was” (Jane Pratt, _Sassy_ and _Jane_ magazines). The cDc is a leading developer of Internet privacy and security tools, which are all free to the public. In addition, the cDc created the first electronic publication, which is still going strong.
The Legion of Doom (LOD) was an influential hacker group from the 1980s and 1990s.
It released the LOD Technical Journals. The Legion of Doom was founded by the hacker Lex Luthor to educate new generations of hackers on the Internet. The Legion of Doom split into two factions after Phiber Optik (a new member of LOD) was thrown out because of a feud with Erik Bloodaxe. Phiber Optik joined another group, the Masters of Deception as did some other former LOD members who opposed Erik Bloodaxe. The division of these two rival hacker factions led to the Great Hacker War, where both groups competed for prestige in the hacker community by gaining access to computer and telephone networks. The Legion of Doom disbanded in the early 1990s after Operation Sundevil and Operation Redux began the era of US Secret Service crackdowns on hacker groups.
The group’s wide ranging activities included diversion of telephone networks, copying proprietary information from companies and distributing hacking tutorials.
The group of individuals who made up the original Legion of Doom were: Lex Luthor, Karl Marx, Mark Tabas, Agrajag the Prolonged, King Blotto, Blue Archer, EBA, The Dragyn, Unknown Soldier
New Hack City
Restricted Data Transmissions (RDT)
the Hasty Pastry
the Masters of Deception (MOD)
the USENIX Association
the Walnut Factory