Hacking, cracking and the wild, wild web

Is it time to get tougher on hackers, whatever their motivations? Philippe Huguen/AFP

PRIVACY – Who are hackers and what do they want from you?

Pop culture would have us believe they live in dank basements, wear black leather from head to toe and have pseudonyms such as Warlock or Neo.

Hacking and film have long gone hand in hand. Pre-internet we had the appropriately-named Gene Hackman in The Conversation, a 1974 movie focusing on the violation of people’s privacy.

Post-internet, the names trip easily off the tongue: The Matrix; The Score; Swordfish; GoldenEye; Tron; Hackers – each one revisits the theme of hacking, reworks it, reinforces the same key imagery.

Perhaps the film that most inspired the modern hacker genre was WarGames, the 1983 film in which a teenage hacker, played by a dew-faced Matthew Broderick, inadvertently leads the world to the brink of nuclear war.

A real-life echo of this comes in the shape of Gary McKinnon, the Scottish systems administrator who faces charges of hacking into 97 US military and NASA computers over a 13-month period between 2001 and 2002.

And then of course there’s Julian Assange, the WikiLeaks founder, who has graduated from one-time teenage hacker to (notorious) world celebrity.

Who’s hacking who?

Governments, private companies and criminal organisations are all involved in hacking to some extent and for different reasons.

Certain newspapers, as we’ve learned recently, are not immune to the charms of listening in to the private affairs of others.

The wild, wild web

In terms of corruptibility, the digital network we now take for granted is like the American Wild West of the 1860s.

It was designed to facilitate information flow over digital links and the idea that these links could be used for illicit activities may not even have crossed the minds of the engineers who built it.

In some ways, the current system is extremely hacker-friendly, and there would need to be a major infrastructure rebuild before hacking could be stamped out.

Colour-coded hacking

Broadly speaking, hackers fall into three camps:

1) White hackers

A so-called “white-hat” will inform an organisation if a security weakness is found in that organisation’s systems.

Organisations such as the Australian Computer Emergency Response Team (AusCERT) fill a white hat role in the hacker world. In one sense, they perform a defensive role: they are the good-guys of the hacking world.

2) Grey hackers

These are less clear-cut than the above (hence the fact they occupy something of a “grey” area in the hacking world).

Often, they act on the spur of the moment. Depending on the situation, they might exploit or warn an organisation if a weakness is found in their system. Are they our friends or enemies? That just depends.

3) Black hackers

These will act to exploit any weakness in a network or an organisation’s systems for gain. This could mean collecting and selling intellectual property or personal information.

It could also mean infecting an organisation’s systems with a malicious virus. Black hackers may be individuals, organisations or governments.

And then there’s something quite different, known as:

Crackers

For many, hacking is about learning new skills to gain a better understanding of how the digital network operates. Hacking, to crackers, is a hobby, a chance to be part of a group activity.

Will they graduate one day to black leather pants and dank basements? It’s perfectly possible.

Sadly, for every “good” hacker there are countless others who act from less than noble motives, and follow well-worn paths to reach their goals.

Hack attacks

The most common types of these are:

1) Distributed Denial of Service or DDoS

Simply put, this involves hackers overloading a site’s server with too many requests. There’s nothing particularly sophisticated about this type of attack, but it’s one of the most effective if executed on a large scale.

2) Website hacking

This involves hackers bypassing the security parameters of a website, gaining access to its administrator panel, then adding or removing information (e.g. adding a page that carries a personal message from the hacker, or adding sexually explicit images on a site’s landing pages).

Viruses are, in their own way, a form of hacking.

Stuxnet

A particularly frightening example of these types of attacks was last year’s “Stuxnet” attacks.

This highly sophisticated computer worm infection infiltrated systems in Iranian nuclear plants, halting scheduled operations between June and September.

Which, in some way, brings us back to WarGames and, in my mind at least, the Wild West.

In the Wild West, destruction caused by outlaws, over many years, led to the introduction of new laws, and the end of a free-for-all mentality to shared and relied-upon resources.

Has the time now arrived to impose tougher laws on hacking?

 

Read more on this topic:

Location, location: who’s watching you (and why)?