<< BACK TO SUMMARY

Hacking

Hacking is defined in Webster's College Dictionary as "highly skilled computer enthusiast or computer programmer who attempts to gain unauthorized access to files to various systems."

Hackers hack computer systems for a variety of reasons including entertainment, political beliefs, desire for information, the thrill of gaining privileged access, or simply to gain status in the hacker community.

If you have a computer connected to a network or the Internet, you are vulnerable to being hacked and should know the basics about the subject. If you are a net admin responsible for a corporate network, you absolutely need to become something of an expert in order to protect the company's assets. According to a study posted at isc.incident.org, the majority of reported security attacks are to corporate networks with an Internet connection but also with firewalls, anti-virus and intrusion detection systems in place. Of course, many security breaches come from inside the company too, but these are less often reported.

That same study reported that the degree of technical knowledge of the intruder has been decreasing, but the level of complexity of the attacks has increased. To explain this apparent contradiction we need to examine the hacker culture. At the top tier, the very 'elite' of the hacking community are skilled programmers who discover security vulnerabilities and write code to exploit those vulnerabilities. This code, called exploit code, usually takes the form of scripts, which are short programs that run inside of other programs. For whatever malicious or misguided reasons, they then post these exploit codes on the Internet.

On the second tier we have hackers with less skill but still able to understand the security holes and sometimes do a little scripting of their own. At the bottom we have the majority of hackers who may only know enough to download a script and run it, hoping to get a 'bite' somewhere. This last group is called 'script kiddies', and they are the scourge of the Internet. While the exploit codes continue to become more sophisticated, they also become more widespread and easier to use, and now even school-age children can become 'script-kiddy' hackers.

The hacking process itself is actually quite simple. First it is necessary to identify a system, typically by pinging to locate an active IP address. The next step is to find an open port. Both of these functions are incorporated in downloadable 'sniffer' programs that do ping sweeping and port scanning. Last, the hacker selects and runs a exploit code that can take advantage of the discovered open port. The port itself may provide a back door into the system, or it may just highlight that the machine is running a particular application with a known vulnerability. Either way, the goal of most scripts is to put the hacker onto the command line with administrator privileges. From there, just about anything is possible.

Many hacks are just random attacks by young punks seeing what they can get away with. More serious is a focused attack, where someone is determined to break into a specific computer for a specific reason. That reason is almost always to either cause damage or gain illegal access to information such as trade secrets or credit card numbers.

The two biggest security threats are application flaws and software vendor vulnerabilities. There have been known application flaws identified on numerous systems. One example is the SQL query positioning that can be remotely installed and executed from a browser. This vulnerability was detected through common thread syntax of an SQL server. Vendor vulnerability are flaws within the software application itself like the Unicode vulnerability with Microsoft's IIS that allowed hackers to get out of the web directory and pretty much do anything with the server. Similarly with Linux/Unix web servers running the web software Apache, there was a similar vulnerability, which was chunked encoding that gave hackers root access.

Now, what to do about it? One thing in our favor is that about 99% of security attacks exploit known weaknesses, and there are patches or other handlings for just about all of them. If the script kiddies know about a vulnerability, we can know it too and do something about it first. Although a firewall is necessary, it isn't going to do it all for us, and there is just no shortcut for rolling up the sleeves and staying on top of each potential problem. Not just once either, because every day seems to bring news of new security holes.

Since these vulnerabilities affect specific pieces of software, the creators of the software are usually good sources for warnings and patches affecting their own programs. There are also many independent web sites that provide information about specific vulnerabilities as well as security issues in general. In addition to the site mentioned earlier, you can check out:

http://packetstormsecurity.net
http://www.foundstone.com
http://www.securityfocus.com

There are also a number of others that you can easily locate with your favorite search engine. Then too, it's important in a company of any size to have an effective security plan in place. The users need to know and follow that plan, and to be generally aware of the security issues. The network administrator can't do it all by himself or herself.

Let's face it, hacking is prevalent and not going away anytime soon. Just like oil changes come with car ownership, security updates are a necessary part of networked computing. Welcome to life in the 21st Century.