6 Categories of Hackers and What They Want

Last time, I went over the three types of hackers out there.  To give you a stronger foundation from which to build your defense in this digital world, I’ve broken down the category of hacker once more into the various types underneath the hats.  In order to defend against impending subterfuge, it is important to know who may be targeting you or your company.

3 Different Hacker Types

You’ve been watching and reading the news right?  All of those data breaches that have made headlines; it’s a crazy, risky, digital world that we live in.  The digital world is one where knowledge and information equates to power, or scientias est potestas as the old Latin phrase goes. Sure, these digital attacks sometimes surround money, or politics, but it is the knowledge these hackers possess and gain from their subterfuge that grants them so much influence.  To be a substantial Hacker Attacker, you need knowledge of your own.  Here, I will give you the building blocks to form your own power base to better protect yourself against the biggest aggressors of the digital age. 

Did you know Sony Pictures was Hacked?

Unless you have been living under a rock for the past month, you know that Sony Pictures was hacked, not just a little . . . They were hacked a lot! Now as a movie goer, blogger, and hacking nut, I was not surprised that Sony got hacked. Companies get hacked all the time; heck, the US Government gets hacked a lot too. But the Sony hacking was much more than meets the eye.

How to Hack the Government!

What do you think of when you think of the government? Do you think of greed, corruption, and wasteful spending, or do you think of pride, liberty, and equality? Chances are if you think of the latter you may feel that hacking into the government would be fun and prove a point that they are not as powerful as they make themselves out to be. These feelings of distrust can be seen in the eyes of many hackers that make it a point to take down .gov websites.

Jeremy Hammond felt that way and wanted to take down those sites and all that were connected to the government.

Why Did the Hacker Cross the Road?

The age old question of “why did the chicken cross the road?” This random question has been asked time and time again by many people. This question really has less to do with chickens, it’s more of a question of why do hackers do what they do?

It depends on which type of hacker you look at really.

Hackers Gonna Hack

Whether a white hat hacker or a black hat hacker, “hackers gonna hack.” Now not all “hackers” are out for personal gain for to wreak havoc, but I do submit that whether white or black, they are addicted to hacking.

My Pain, Their Pleasure

Hack, after hack, after hack, after hack . . .

They seem to never end, and just when you think that the news has covered them all . . .BAM! Another organization is breached.

Many of us sit back and think “Oh, those BIG companies. They are the main target, the big game, and no security cracker would go for the little guy.” The truth is that many are susceptible to a breach, not just the big players. From websites to blogs, security crackers are willing to take down any website or blog. This concerns us at first but then we fall back into our daily routines and forget that there is more at stake here than an annoying virus. You could be a victim at this very moment . . .

Really? They are after my stuff?

They sure are. According to Nicole Perlroth, author of The New York Times blog, bits.com, the Verizon “report shows that no matter the size of the organization — large, small, government agencies, banks, restaurants, retailers — people are stealing data from a range of different organizations and it’s a problem everyone has to deal with.” This is a very serious truth that must be realized and dealt with.

Before you start thinking that these breaches only happen from the inside, let’s take a closer look. Perlroth states that the “14 percent of all data breaches were the work of insiders. Most were the work  of external actors who are often difficult to pinpoint because attackers often route their Web traffic through infected computers around the world,” and “30 percent of all attacks originated in China.”

But wait . . . let’s not stop here!

Lest you think all are password guessed or email based attacks, stopthehacker.com’s blog expounds the Ten Scariest Hacking Statistics:

• PlayStation Network: 77 million user accounts compromised
• Intellectual Property Stolen: $1 trillion dollars worth of intellectual property stolen
• Passwords: It takes only 10 minutes to crack a lowercase password that is 6 characters long
• Victims: 73 percent of Americans are victim to some type of cyber crime
• Time is Not on Your Side: 156 day lapse between the attack and detection
• Business is Booming: 90 per of all businesses were attacked
• Zombies Everywhere: bot net of 1.9 million zombie computers
• Infected Sites: every day 30,000 websites are infected with malware
• Vulnerable Sites: the average site has over 115 serious vulnerabilities
• Who are You: 27 million Americans have fallen victim to identity theft

Can I remind you that identity theft is a serious issue? The United States Department of Justice states, “A victim's losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.” There are other great resources on this site like What Should I Do to Avoid Becoming a Victim of Identity Theft? With identity theft there is no messing around. This is your identity, it is who you are, a record of your character. Don’t let someone without an identity take that away from you . . . ever!

I am not here to scare you into taking your blog or website off of the Internet, but rather, make you aware of the very real dangers that are out there waiting to make you one of the countless victims. Don’t let the security crackers and black hackers of the world take pleasure in your pain.

Do something about it!

Note: this is not an attack against those that are helping advance technology for the greater good.

http://bits.blogs.nytimes.com/2013/04/22/the-year-in-hacking-by-the-numbers/?_r=0

https://www.stopthehacker.com/2012/04/20/ten-scariest-hacking-statistics/

http://www.forbes.com/sites/jameslyne/2013/09/06/30000-web-sites-hacked-a-day-how-do-you-host-yours/

Benjamin Franklin: Hacker

This morning I was sent a link to a Ted Talk featuring Catherine Bracy, Why Good Hackers Make Good Citizens. A good friend thought I would be interested in this video since I write for this blog and they were right! In my life I like to look at the big picture and see what is beyond the painting or lyrics, what is the meaning of the words or imagery? It helps keep my mind open and fresh as an intellectual.

This Ted Talk was right up my alley and took a different approach to the term “hacker” and opened my eyes to a new term: “civic hacker.” A civic hacker is someone who sees a problem and wants to figure out a solution to make it better, improve a way of life or make a change for the greater good of society.  

She calls out Benjamin Franklin as a civic hacker, he invented so many things that we use everyday, however he invented something that is life saving and yet not something that immediately comes to mind when you think of the only non-president to grace a US currency note. He invented the first volunteer fire department. He recognized that Philadelphia’s fire department was struggling to put out fires in a timely manner, which was very troubling to him and he looked at the situation and thought there was room for improvement.

In 1733 he addressed this problem and a new concept to the city in the newspaper the Pennsylvania Gazette.

"Soon after it [a fire] is seen and cry'd out, the Place is crowded by active Men of different Ages, Professions and Titles who, as of one Mind and Rank, apply themselves with all Vigilance and Resolution, according to their Abilities, to the hard Work of conquering the increasing fire."

This action of civic hacking took a concept that existed and through innovation, improved on it to the point that it ended up revolutionizing the way we fight fires in America today. Growing up in a small town, we did not have a full time fire department; we had a volunteer fire department made up of men and women from all walks of life that would go into action when called upon.

The theory that Bracy presented of a hacker simply being someone who simply looks at something and makes improvements, it raised a question in my mind, who else could be considered a hacker? Henry Ford, Nikola Tesla, John D. Rockefeller, Andrew Carnegie, and so many leaders of industry took a concept and improved it to make a better system. What do all of these men have in common beyond implementing improvements? They were all around before the internet and computers were ever conceived.

Current day civic hackers

The civic hacker, in modern times, can actually be seen all around us. For example authentication companies that provide two-factor authentication solutions to protect not only the company’s information and assets, but their customer’s personal information as well. Companies like PortalGuard and others understand the importance providing a secure way to login and protect information from getting into the wrong hands. Although two-factor authentication is not the end-all-be-all answer for protecting data from the black hat hackers of the world, it is a secure step in the right direction. 

Benjamin Franklin was a hacker, who knew?

Book Review - Hacking: The Art of Exploitation

The general public today would not think of hacking (that is the black hat hacking or better called security crackers) as an art form. I would submit that it is an ingenious art form, an art form that requires expertise, crafting, and practice. Like painters or musicians, you have those that dabble in the art form, not ever really perfecting it. Then you have those that push the boundaries, opening up a whole new appreciation or even genre. In my research of hackers and crackers, I came across Jon Erickson’s book, Hacking: The Art of Exploitation and found a master of  in the art of exploitation.

Author

With a formal education in computer science, Jon Erickson has been programming and hacking since he was 5 and speaks around the world on computer security regularly. He wrote the book Hacking: The Art of Exploitation in 2003, and it was revised in 2008 in a second edition. Erickson is currently working in Northern California as a computer security specialist and vulnerability researcher.

The book

This book received 4 stars on Amazon and 4.1 stars on gooreads.com.

Both easy to read and clear on explaining how computer hacking works, Hacking: The Art of Exploitation at the very least will give you a great respect for those that understand the inner workings of technology. The 2^nd edition opens up with a clear statement against illegal hacking. Erickson stresses following the law, and he does not condone hacking that is used in the end for wrong reasons.

The book encourages you to be creative, think outside the box, and use the knowledge of hacking to protect your own personal computer against network attacks. This is not a book on how to run existing exploits, but rather, gives you an understanding on how these exploits work. The book is intended to give you the foundation needed to really push the envelope and advance technology by finding the weaknesses within the technology and encouraging you to be creative. The book will give you an understanding of network communications, machine architecture, programming, and hacking techniques.

A closer look

• Program computers using C, assembly language, and shell scripts
• Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
• Outsmart common security measures like nonexecutable stacks and intrusion detection systems
• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
• Redirect network traffic, conceal open ports, and hijack TCP connections
• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

List taken from amazon.com

http://books.google.com/books/about/Hacking.html?id=0FW3DMNhl1EC

http://www.goodreads.com/book/show/61619.Hacking

http://en.wikipedia.org/wiki/Hacking:_The_Art_of_Exploitation

The Hackers Cookbook

The title suggests that this posting may have some delicious recipes that hackers might enjoy, but I am thinking more like the classic book The Anarchist Cookbook, by Steven Schragis. However, I will provide you with a link with directions on how to be a white hat hacker!

A little history lesson: The Anarchist Cookbook

“The Anarchist Cookbook, first published in 1971, is a book that contains instructions for the manufacture of explosives, rudimentary telecommunications phreaking devices, and other items. The book also includes instructions for home manufacturing of illicit drugs, including LSD. It was written by William Powell at the apex of the counterculture era in order to protest against United States involvement in the Vietnam War.” -Wikipedia

For those of you who were not around when this book was published, this book caused a lot of controversy when it was published and of course grabbed the attention of the Feds at the FBI. One FBI memo called the book “one of the crudest, low-brow, paranoiac writing efforts ever attempted.”

The lack of a Hackers Cookbook

When considering that The Anarchist Cookbook was written as a proverbial middle finger to the government and an exercise in freedom of speech, how has there not been a similar book written about hacking? Hackers are known to rage against the machine and expose the corruption in either a corporation or government, wait didn’t Ralph Nader do a similar type of thing? More on Ralph ahead.

What I see the hackers cook book containing is not just tips on how to crack into a network or take down a website, but how to successfully protest and plan a movement that can make a statement. Because at the end of the day, isn’t that what hacking is all about? Beyond those who hack for either personal gain or to support an organization, we forget that even these brilliant computer geniuses serve a purpose. They can keep the checks and balances of society online.

The Ralph Nader Effect

Ralph Nader, beyond having a few unsuccessful Presidential runs over the years, started life as a protector of the people. Not in the sense of a member of a police department or military movement, he was interested in exposing safety problems that affect the average Joe. In 1965, he claimed that many US made automobiles were simply not safe and even published a book Unsafe at Any Speed. The internet was not around back then, but I am willing to bet he would have taken his research online if he had the opportunity. Specifically, Nader took aim at the Chevrolet Corvair, a rear engine compact car that had been involved in many accidents that resulted in lawsuits against Chevy’s parent company General Motors.

In typical corporate fashion, GM took to the streets and tried to discredit the claims and even went as far as to hire prostitutes to try and trap him into compromising positions, look it up on Wikipedia, it is interesting stuff. Nonetheless they could not stop him, and his efforts made the government take notice and instate a new division of government: the National Highway Traffic Safety Administration.

Making the Connection

Nader was an activist, plain and simple. Many did not agree with his stance at the time, but like Schragis, he took his view of corruption and put his ideas out there, publishing them to make a difference. Even though The Anarchist Cookbook took a totally different angle of protest, are these two authors any different than White Hat and Black Hat hackers?

Nader being a White Hat hacker in the sense that he took his opinions of corruptions and wanted to put them to work in a positive light by publishing a book that spawned the development of a consumer safety organization, Schragis being a Black Hat of sorts by compiling a book of instructions to overthrow harm and cause chaos.

Perhaps I am far off here, what are your thoughts?

Oh yeah, here is the white hat instructions I promised you!  

Happy Holidays!  

How to Be a Hacker and Not Get Caught!

Now you may think that this is going to be a step-by-step guide with tips on how to skate the long arm of the law… eh, not so much. While researching to write this article, I Googled “How to be a hacker” of course and there were so many sites out there with step-by-step guides, even a wikiHow page with suggestions. Side note on this wikiHow page, there was a very interesting ad placed in the middle of this posting; “Ready to be a Pastor?” (See below)

 It seems that either the advertising traffic director has a sense of humor or it is the internet’s way of telling me “don’t do it!”

As mentioned before, the internet is littered with tons of websites that give you the direction you need to be a hacker, and a few of the steps are no brainers. Step one: get a good computer. Step two: learn how to write code. Step three: think like a hacker. Step four: learn to hate authority. Step five: join a hacktivist group. Step six: be smart and don’t get caught.

There you go, that is how you become a hacker.

I found it very funny that most of the sites came with a disclaimer, “Hacking is a serious crime and can result in major penalties, even jail time.” This disclaimer reminded me of the old disclaimers at the beginning of the classic MTV show Beavis and Butthead. (see below)

It is amusing to me that there are websites out there that give directions to do anything malicious like how to build a bomb. Can someone please tell me how this is helpful to the society? Outside of knowing how to take down an enemy James Bond style, I do not see the point in these sites and moreover how these sites exist. I am not suggesting that we censor the internet, but something’s should just not be easily available to consume on the internet.  

To quote Snoop Doggy Dog, “Back to the lecture at hand.”

Learning how to become a hacker and not get caught is much like learning how to become a bank robber and not get caught. Looking at any successful criminal from history, most show power in numbers is a good thing, so that is something to consider. Let’s look at Bonnie and Clyde, according to Wikipedia these outlaws were suspects in 12 successful bank robberies between 1931-1934, several small store robberies, and the slaying of at least nine police officers. Granted they were brought down in a shootout with the police, They had a very successful run as criminals and people are still talking about them 80 plus years later.

What we can learn from stories like this is, it is very likely that criminals end up getting caught one way or another. Even the infamous Boston Irish Mobster James “Whitey” Bulger, who was on the run for nearly 20 years and was living under a complete alias on the other side of the country, was caught and brought to justice. Some reports even suggest that Whitey was an FBI informant that helped bring down the Italian Mob in Boston while he knowingly was running amuck of the City’s South Shore.

My suggestion… don’t become a hacker. If you are interested in coding and are a problem solver, put those interests to good use, take some classes at your local college or community college, and build a name for yourself in a positive light. Become a hacker attacker, instead of joining the dark hackers of the world.

5 Ways to Combat a Hacker Attack

Security crackers are an inevitable part of the cyber world. Whether we like it or not, security crackers will crack. Although we cannot stop these people from trying, we can however provide you with some tools and tips to help combat security crackers.

#1 Password Power:

Password power is a crucial first step to preventing security crackers from stealing your information. A combination of letters, numbers, and symbols is needed to reduce the chances of your password being stolen. In addition to this, the use of a password manager has also been proven to be helpful. This will generate random passwords, and also warn you when you are using the same password on multiple sites.  This way, if a security cracker were to guess your password, they would only gain access to that one account, not your entire life.

#2 Password Lock all Devices:

This is one of the initial steps to protect against security crackers.  Most of us own a tablet, computer, or smartphone.  These electronic devices house a lot of personal information.  These devices need to be locked, as they are key to your identity.  Even the simplest task of accessing one’s contacts can lead to a possible phishing attack against you and your friends.

#3 Two-Factor Authentication (2FA):

Initializing a two-factor authentication system is a good idea to protect against a security cracker. PortalGuard, a five layer user authentication solution-set, offers contextual authentication that creates transparent barriers to prevent unauthorized access and confirms user identities by validating multiple aspects of each user. The transparent barriers can validate something the user knows, has, does, etc. By using these transparent barriers, the authorized user is now allowed in, but the unauthorized user is kept out.

#4 Use a Secure Internet Connection:

Security crackers love to gain access to personal accounts through rogue Wi-Fi access points. This means that all one’s computer traffic will go through these fake access points. To prevent this from occurring, take some time to make sure you are entering a secure connection. Your Wi-Fi network, wherever you are, must be locked with a long, secure password and have a good encryption standard such as WPA/WPA2. Here is a link that shows you how to secure your home Wi-Fi.

#5 Don’t Link Accounts:

In this day in age, it is very hard to keep accounts separated on the Internet.  For example, numerous apps force you to use your Facebook login credentials to gain access to their webpage’s. If possible, use a separate account for each application.  This will decrease the chance of a security cracker gaining access to your entire cyber profile.

Cyber crimes are real and can happen to anyone. Take the precautions now to prevent your family, your friends, and yourself from a possible cracker attack.

 http://thenextweb.com/apps/2013/10/06/10-of-the-best-multi-platform-password-managers-for-ios-android-and-the-desktop/

https://blog.malwarebytes.org/privacy-2/2013/04/safeguarding-your-online-accounts-against-hackers/

http://www.labnol.org/internet/secure-your-wireless-wifi-network/10549/