6 Categories of Hackers and What They Want

Last time, I went over the three types of hackers out there.  To give you a stronger foundation from which to build your defense in this digital world, I’ve broken down the category of hacker once more into the various types underneath the hats.  In order to defend against impending subterfuge, it is important to know who may be targeting you or your company.

Hooray for White Hats: A look at two who changed the world

In the world of hacking there is good and evil, much like in any other world I suppose. However, like in the Transformers movies, there are two divided teams that clearly play on opposite sides of the fence. A black hat hacker, as you know, is someone who uses his or her “powers” for evil doings. On the other hand there is a type of computer genius that uses his or her powers to do good in this world: the white hat hacker.

3 Different Hacker Types

You’ve been watching and reading the news right?  All of those data breaches that have made headlines; it’s a crazy, risky, digital world that we live in.  The digital world is one where knowledge and information equates to power, or scientias est potestas as the old Latin phrase goes. Sure, these digital attacks sometimes surround money, or politics, but it is the knowledge these hackers possess and gain from their subterfuge that grants them so much influence.  To be a substantial Hacker Attacker, you need knowledge of your own.  Here, I will give you the building blocks to form your own power base to better protect yourself against the biggest aggressors of the digital age. 

Hood or Hacker: The Robin Hood Story

“He stole from the rich to give to the poor.” We know the line well, the quintessential line that describes the legend of the famed or infamous (depending on which side you were on), Robin Hood. Robin Hood is a mystery to us all, and there are many versions of the Sherwood Forrest living outlaw. Some say he was an aristocrat turned peoples hero; others say he was an outlawed Yeoman that made a living off of stealing from the rich, led a faithful following of other outlaws, and married the beautiful Maid Marian. It is legends like these that we want to believe are real, that somehow Robin Hood actually existed, and those in corrupted power exposed. The truth is, we don’t always know the full story behind the legend or have all the facts. It is, after all, only legend.

By now, I am sure you know where I am going with this. I am not here to condone breaking the law, but I am here to pose to you that we must look at the facts.

Hackers: Experts in Their Field

When you think of someone being an expert in their field, commonly you think of someone with a Dr. in front of their name. However, with a hacker it is a little different, there is no real way to add the abbreviation to the beginning or end of their name. Plus, having the term “professional hacker” attached to your name may be cool to some, but like being a “professional hit man” it may not land you that corner office with a view of the bay.

However, a professional hacker is a highly skilled individual that knows their way in and out of a software, network, or database. These men and women have a skill set that allows them find holes in a system, but that is where the road can fork between a white hat and a black hat hacker. How will they use their skills and the information they have gathered?

Why Did the Hacker Cross the Road?

The age old question of “why did the chicken cross the road?” This random question has been asked time and time again by many people. This question really has less to do with chickens, it’s more of a question of why do hackers do what they do?

It depends on which type of hacker you look at really.

Hackers Gonna Hack

Whether a white hat hacker or a black hat hacker, “hackers gonna hack.” Now not all “hackers” are out for personal gain for to wreak havoc, but I do submit that whether white or black, they are addicted to hacking.

Benjamin Franklin: Hacker

This morning I was sent a link to a Ted Talk featuring Catherine Bracy, Why Good Hackers Make Good Citizens. A good friend thought I would be interested in this video since I write for this blog and they were right! In my life I like to look at the big picture and see what is beyond the painting or lyrics, what is the meaning of the words or imagery? It helps keep my mind open and fresh as an intellectual.

This Ted Talk was right up my alley and took a different approach to the term “hacker” and opened my eyes to a new term: “civic hacker.” A civic hacker is someone who sees a problem and wants to figure out a solution to make it better, improve a way of life or make a change for the greater good of society.  

She calls out Benjamin Franklin as a civic hacker, he invented so many things that we use everyday, however he invented something that is life saving and yet not something that immediately comes to mind when you think of the only non-president to grace a US currency note. He invented the first volunteer fire department. He recognized that Philadelphia’s fire department was struggling to put out fires in a timely manner, which was very troubling to him and he looked at the situation and thought there was room for improvement.

In 1733 he addressed this problem and a new concept to the city in the newspaper the Pennsylvania Gazette.

"Soon after it [a fire] is seen and cry'd out, the Place is crowded by active Men of different Ages, Professions and Titles who, as of one Mind and Rank, apply themselves with all Vigilance and Resolution, according to their Abilities, to the hard Work of conquering the increasing fire."

This action of civic hacking took a concept that existed and through innovation, improved on it to the point that it ended up revolutionizing the way we fight fires in America today. Growing up in a small town, we did not have a full time fire department; we had a volunteer fire department made up of men and women from all walks of life that would go into action when called upon.

The theory that Bracy presented of a hacker simply being someone who simply looks at something and makes improvements, it raised a question in my mind, who else could be considered a hacker? Henry Ford, Nikola Tesla, John D. Rockefeller, Andrew Carnegie, and so many leaders of industry took a concept and improved it to make a better system. What do all of these men have in common beyond implementing improvements? They were all around before the internet and computers were ever conceived.

Current day civic hackers

The civic hacker, in modern times, can actually be seen all around us. For example authentication companies that provide two-factor authentication solutions to protect not only the company’s information and assets, but their customer’s personal information as well. Companies like PortalGuard and others understand the importance providing a secure way to login and protect information from getting into the wrong hands. Although two-factor authentication is not the end-all-be-all answer for protecting data from the black hat hackers of the world, it is a secure step in the right direction. 

Benjamin Franklin was a hacker, who knew?

The Hackers Cookbook

The title suggests that this posting may have some delicious recipes that hackers might enjoy, but I am thinking more like the classic book The Anarchist Cookbook, by Steven Schragis. However, I will provide you with a link with directions on how to be a white hat hacker!

A little history lesson: The Anarchist Cookbook

“The Anarchist Cookbook, first published in 1971, is a book that contains instructions for the manufacture of explosives, rudimentary telecommunications phreaking devices, and other items. The book also includes instructions for home manufacturing of illicit drugs, including LSD. It was written by William Powell at the apex of the counterculture era in order to protest against United States involvement in the Vietnam War.” -Wikipedia

For those of you who were not around when this book was published, this book caused a lot of controversy when it was published and of course grabbed the attention of the Feds at the FBI. One FBI memo called the book “one of the crudest, low-brow, paranoiac writing efforts ever attempted.”

The lack of a Hackers Cookbook

When considering that The Anarchist Cookbook was written as a proverbial middle finger to the government and an exercise in freedom of speech, how has there not been a similar book written about hacking? Hackers are known to rage against the machine and expose the corruption in either a corporation or government, wait didn’t Ralph Nader do a similar type of thing? More on Ralph ahead.

What I see the hackers cook book containing is not just tips on how to crack into a network or take down a website, but how to successfully protest and plan a movement that can make a statement. Because at the end of the day, isn’t that what hacking is all about? Beyond those who hack for either personal gain or to support an organization, we forget that even these brilliant computer geniuses serve a purpose. They can keep the checks and balances of society online.

The Ralph Nader Effect

Ralph Nader, beyond having a few unsuccessful Presidential runs over the years, started life as a protector of the people. Not in the sense of a member of a police department or military movement, he was interested in exposing safety problems that affect the average Joe. In 1965, he claimed that many US made automobiles were simply not safe and even published a book Unsafe at Any Speed. The internet was not around back then, but I am willing to bet he would have taken his research online if he had the opportunity. Specifically, Nader took aim at the Chevrolet Corvair, a rear engine compact car that had been involved in many accidents that resulted in lawsuits against Chevy’s parent company General Motors.

In typical corporate fashion, GM took to the streets and tried to discredit the claims and even went as far as to hire prostitutes to try and trap him into compromising positions, look it up on Wikipedia, it is interesting stuff. Nonetheless they could not stop him, and his efforts made the government take notice and instate a new division of government: the National Highway Traffic Safety Administration.

Making the Connection

Nader was an activist, plain and simple. Many did not agree with his stance at the time, but like Schragis, he took his view of corruption and put his ideas out there, publishing them to make a difference. Even though The Anarchist Cookbook took a totally different angle of protest, are these two authors any different than White Hat and Black Hat hackers?

Nader being a White Hat hacker in the sense that he took his opinions of corruptions and wanted to put them to work in a positive light by publishing a book that spawned the development of a consumer safety organization, Schragis being a Black Hat of sorts by compiling a book of instructions to overthrow harm and cause chaos.

Perhaps I am far off here, what are your thoughts?

Oh yeah, here is the white hat instructions I promised you!  

Happy Holidays!  

How to Be a Hacker and Not Get Caught!

Now you may think that this is going to be a step-by-step guide with tips on how to skate the long arm of the law… eh, not so much. While researching to write this article, I Googled “How to be a hacker” of course and there were so many sites out there with step-by-step guides, even a wikiHow page with suggestions. Side note on this wikiHow page, there was a very interesting ad placed in the middle of this posting; “Ready to be a Pastor?” (See below)

 It seems that either the advertising traffic director has a sense of humor or it is the internet’s way of telling me “don’t do it!”

As mentioned before, the internet is littered with tons of websites that give you the direction you need to be a hacker, and a few of the steps are no brainers. Step one: get a good computer. Step two: learn how to write code. Step three: think like a hacker. Step four: learn to hate authority. Step five: join a hacktivist group. Step six: be smart and don’t get caught.

There you go, that is how you become a hacker.

I found it very funny that most of the sites came with a disclaimer, “Hacking is a serious crime and can result in major penalties, even jail time.” This disclaimer reminded me of the old disclaimers at the beginning of the classic MTV show Beavis and Butthead. (see below)

It is amusing to me that there are websites out there that give directions to do anything malicious like how to build a bomb. Can someone please tell me how this is helpful to the society? Outside of knowing how to take down an enemy James Bond style, I do not see the point in these sites and moreover how these sites exist. I am not suggesting that we censor the internet, but something’s should just not be easily available to consume on the internet.  

To quote Snoop Doggy Dog, “Back to the lecture at hand.”

Learning how to become a hacker and not get caught is much like learning how to become a bank robber and not get caught. Looking at any successful criminal from history, most show power in numbers is a good thing, so that is something to consider. Let’s look at Bonnie and Clyde, according to Wikipedia these outlaws were suspects in 12 successful bank robberies between 1931-1934, several small store robberies, and the slaying of at least nine police officers. Granted they were brought down in a shootout with the police, They had a very successful run as criminals and people are still talking about them 80 plus years later.

What we can learn from stories like this is, it is very likely that criminals end up getting caught one way or another. Even the infamous Boston Irish Mobster James “Whitey” Bulger, who was on the run for nearly 20 years and was living under a complete alias on the other side of the country, was caught and brought to justice. Some reports even suggest that Whitey was an FBI informant that helped bring down the Italian Mob in Boston while he knowingly was running amuck of the City’s South Shore.

My suggestion… don’t become a hacker. If you are interested in coding and are a problem solver, put those interests to good use, take some classes at your local college or community college, and build a name for yourself in a positive light. Become a hacker attacker, instead of joining the dark hackers of the world.

Crackers and Cheese: Hacker or Cracker

Crackers and cheese

What do you think of when I say these two words? Perhaps you go into panic because you realize that your identity at this very moment could be stolen without ever receiving notice, or perhaps your stomach started growling thinking about that light cracker with your favorite cheese. Both of these thoughts are accurate of only one word I have posed to you. According to “Hacker vs. Cracker” on techrepublic.com, Chad Perrin’s believes that you must differentiate clearly between the word Hacker and Cracker. So let’s take a look at these two words and what they really mean.

Hacker

The word hacker does not mean what the general public and journalists use it as today. Instead, the word hacker started out as a complimentary term used at MIT, meaning to understand fully the technology and taking that technology beyond its limits. Yet, somehow this term has taken on a derogatory meaning, and many believe it is unsalvageable. Perrin believes that it can and should be redeemed. “I believe it's still useful to differentiate between hackers and security crackers, though, and that terms like "malicious security cracker" are sufficiently evocative and clear that their use actually helps make communication more effective than the common journalistic misuse of ‘hacker.’” So what is the alternative? Well, Perrin believes that “cracker” is the correct term.

Cracker

According to Perrin, the term for someone who “someone whose purpose is to circumvent or break security measures,” in other words a “security cracker.” This term would give clarity to the difference between someone who is a technological data genius, and someone who is out to brake and overthrow sensitive data. Perrin goes on to say that when talking “about malicious security crackers, I use the term ‘malicious security cracker’ -- and in an article that talks about hackers in the classic sense of the term, I try to differentiate clearly between these two uses of the term ‘hacker.’”

Hacker and cracker

Both groups of men are technology geniuses, and both have a desire to expand the boundaries of technology. Yet, there must be a distinct difference between the one that does it for the sole understanding of the internal workings of computer networks and one that is simply there to destroy, leaving a considerable amount of damage and stolen data. Perrin urges us to know the differences between these two words and use them correctly as well.

What do you think? Do you believe that the classic use of the term hacker is dead and we should accept that? Or is there a need to differentiate between “hacker” and “cracker?”

And for those of your who thought this was going expound on the backstory of the classic cheese and crackers snack. I have included a short snippet into how cheese and crackers came to be.

History of crackers and cheese

The history of how this staple snack/appetizer combo came into existence is a fascinating one. In order to understand completely, we must go back in history. Before the 1800s, bread and cheese with ale was known as the staple “plowman’s lunch,” but bread does not keep for very long. To make this combo preserve better for ocean journeys and explorations, hardtack was born. Made of flour and water, hardtack was a hard, thick, square biscuit. Not the most desirable of lunches, but it served its purpose with cheese throughout the Civil War and to many that explored the unsettled regions of our country. It wasn’t until 1801 that crackers as we know them today were created and according to bostonglobe.com, “a retired sea captain-turned-baker named Josiah Bent of Milton . . . started rolling the dough much thinner than hardtack, and by the 1840s and ’50s, bakers were adding shortening and yeast, which lightened the texture and quickly made them popular.” From the poor man’s dessert during the depression to the closer of an elaborate meal for the most privileged, cheese and crackers has been a staple item since its infancy.

http://www.bostonglobe.com/ideas/2014/09/13/cheese-and-crackers-meal-for-ages/av1K91Kxd8dbUPKBzRcItM/story.html
http://www.bostonglobe.com/ideas/2014/09/13/cheese-and-crackers-meal-for-ages/av1K91Kxd8dbUPKBzRcItM/story.html

5 Ways to Combat a Hacker Attack

Security crackers are an inevitable part of the cyber world. Whether we like it or not, security crackers will crack. Although we cannot stop these people from trying, we can however provide you with some tools and tips to help combat security crackers.

#1 Password Power:

Password power is a crucial first step to preventing security crackers from stealing your information. A combination of letters, numbers, and symbols is needed to reduce the chances of your password being stolen. In addition to this, the use of a password manager has also been proven to be helpful. This will generate random passwords, and also warn you when you are using the same password on multiple sites.  This way, if a security cracker were to guess your password, they would only gain access to that one account, not your entire life.

#2 Password Lock all Devices:

This is one of the initial steps to protect against security crackers.  Most of us own a tablet, computer, or smartphone.  These electronic devices house a lot of personal information.  These devices need to be locked, as they are key to your identity.  Even the simplest task of accessing one’s contacts can lead to a possible phishing attack against you and your friends.

#3 Two-Factor Authentication (2FA):

Initializing a two-factor authentication system is a good idea to protect against a security cracker. PortalGuard, a five layer user authentication solution-set, offers contextual authentication that creates transparent barriers to prevent unauthorized access and confirms user identities by validating multiple aspects of each user. The transparent barriers can validate something the user knows, has, does, etc. By using these transparent barriers, the authorized user is now allowed in, but the unauthorized user is kept out.

#4 Use a Secure Internet Connection:

Security crackers love to gain access to personal accounts through rogue Wi-Fi access points. This means that all one’s computer traffic will go through these fake access points. To prevent this from occurring, take some time to make sure you are entering a secure connection. Your Wi-Fi network, wherever you are, must be locked with a long, secure password and have a good encryption standard such as WPA/WPA2. Here is a link that shows you how to secure your home Wi-Fi.

#5 Don’t Link Accounts:

In this day in age, it is very hard to keep accounts separated on the Internet.  For example, numerous apps force you to use your Facebook login credentials to gain access to their webpage’s. If possible, use a separate account for each application.  This will decrease the chance of a security cracker gaining access to your entire cyber profile.

Cyber crimes are real and can happen to anyone. Take the precautions now to prevent your family, your friends, and yourself from a possible cracker attack.

 http://thenextweb.com/apps/2013/10/06/10-of-the-best-multi-platform-password-managers-for-ios-android-and-the-desktop/

https://blog.malwarebytes.org/privacy-2/2013/04/safeguarding-your-online-accounts-against-hackers/

http://www.labnol.org/internet/secure-your-wireless-wifi-network/10549/

Would You Hire a Hacker?

 

This is a tricky question and is best answered with an “it depends.” Looking at the different perspectives on this can bring many questions to mind: Are they just here to gain knowledge for a competitor? Will they turn against my company and hack into our own system? Are they still hacking into other companies? Are they hacking while they are at work?

All of these questions and more are very valid points that should be considered when looking at candidates for a tech position within your company.

But that raises another question, how many “straight laced” employees are actually hackers in disguise?

The guy or girl in the next cubicle could be a serial hacker, working in the dead of the night stealing secrets, taking down company and government websites, or even worse. So you never know who you are dealing with these days. When watching the news, what is the one thing you hear over and over again about criminals that get caught; “He was just a regular guy. Kind of kept to himself, but was always friendly and even helped me with…” This image that a criminal, especially a cyber-criminal, like a hacker is hunkered down in a shack in the woods Unabomber style may be true for a small percentage of this subculture, but is unlikely for the masses.

Paranoid yet?

Let’s go back to the thesis and one theory; let’s say you are a technology firm, and you are looking to protect your proprietary project that will be ground breaking bringing your company to the next level. You are concerned about the security of your company and protecting the front door, so you deploy a solid two-factor authentication solution, secure the network with a strong firewall, and buy the best anti-malware software on the market. But the thought of someone hacking in and stealing your life’s work is still keeping you up at night.

So what do you do?

Hire a hacker to protect your castle. Crazy? Not so much. Who understands a hacker better than someone woven from the same wool; they speak the language, and can see holes within a security system better than most. Sometimes when you are so close to the trees it is hard to see the forest; there may be vulnerability right in front of your face that you have missed. That tree that is right in front of you is blocking you from seeing a backdoor entrance that a hacker can just walk right in and gain access to the whole company and suck it dry.

Like mentioned in a previous article, the FBI has been hiring criminals for years to catch other criminals and fight crime. Heck if they are doing it successfully, why not follow suit?

Keep your hacker happy, pay the hacker a very healthy salary, get them the most high-tech everything that they ask for, and let them do their job. You take care of them, and they will protect you; they will not bite the hand that feeds.

There are even companies, like Neighborhoodhacker.com that offer the services of hiring an ethical hacker to handle cleaning up after a hacker attack. Hackers are smart people who have a very select set of skills that can be used for good if channeled correctly.

Now the flip side of this question and the true catch 22 of the question. Say you do hire a hacker, get them set up in your company and they are still hacking on the side. Like a junkie trying to get clean they just cannot seem to break the ties and get the monkey off their back. They love the rush of breaking into a company and bringing them to their knees, a real evil dude.

They come into your company and protect your castle, but they are breaking into other castles while at home or even worse… while at work. They get caught, the FBI raids your company looking for all of the machines they were working on and confiscates it for evidence. What are you to do? You not only just lost your defense department, you also lost company hardware, and now have to testify in court. Wow, that escalated quickly!

Although the second scenario is less likely it could happen, unlikely but still a possibility. So would you roll the dice and hire a hacker?

 

Hacker Attacked: Behind the Bars

“In just one day in 2008, an American credit card processor was hacked in perhaps one of the most sophisticated and organized computer fraud attacks ever conducted,” according to a release published by the FBI.

Sentenced. Slammed. Served.

Back in 2008, RBS WorldPay, an electronic payment processing service had fallen victim to a data breach.  An unauthorized user gained access into the companies computer system and obtained personal information of 1.5 million gift card and payroll cardholders. This included names, addresses, dates of birth, and social security numbers. A critical amount of personal data was compromised.

These cyber criminals used highly sophisticated hacking techniques to compromise the data encryption that was used to protect customers against potential hackers. Officials were determined to sentence the leader of this cyber attack, and eventually did, 6 years later.

An Estonian man, Sergei Tsurikov, has been sentenced to 11 years in prison for the role he played in the 9.4 million dollar data breach. The FBI has detailed the hacker’s involvement in this breach in a press release they published.

“A leader of one of the most sophisticated cyber crime rings in the world has been brought to justice and sentenced,” said United States Attorney Sally Quillian Yates.

Thanks to the corporation of various law enforcement agencies worldwide, this prosecution was successful. The FBI informs the public that on top of the 11-year sentence that Tsurikov must complete, he must top it off with three years of supervised release, as well as pay out a restitution fee of $8.4 million.

Let this be a lesson that Security cracking does not pay always pay off . . . sometimes you get caught.

http://www.scmagazine.com/an-estonian-man-who-hacked-rbs-worldplay-received-11-years/article/379555/

http://www.scmagazine.com/an-estonian-man-who-hacked-rbs-worldplay-received-11-years/article/379555/

http://www.fbi.gov/atlanta/press-releases/2014/international-hacker-sentenced