Let’s talk about Hacking
These days everyone is talking about Hacking and Hackers so I thought maybe it would be best if I write about it in detail, soon I will cover up all the related topics in upcoming articles.
It is important to lay the groundwork for a proper introduction to computer hacking by first discussing some commonly used terms and to clear up any ambiguities with regard to their meanings. Computer professionals and serious hobbyists tend to use a lot of jargon that has evolved over the years in what had traditionally been a very closed and exclusive clique. It isn’t always clear what certain terms mean without an understanding of the context in which they developed. Although by no means a complete lexicon, this article introduces some of the basic language used among hackers and computer security professionals. Other terms will appear in later articles within the appropriate topics, None of these definitions are in any way “official”, but rather represent an understanding of their common usage.
Hacking & Hackers
The word hacking normally conjures images of a lone cyber-criminal, hunched over a computer and transferring money at will from an unsuspecting bank, or downloading sensitive documents with ease from a government database. In modern English, the term hacking can take on several different meanings depending on the context. As a matter of general use, the word typically refers to the act of exploiting computer
security vulnerabilities to gain unauthorized access to a system.
However, with the emergence of cybersecurity as a major industry, computer hacking is no longer exclusively a criminal activity and is often performed by certified professionals who have been specifically requested to assess a computer system’s vulnerabilities (see the next section on “white hat”, “black hat”, and “gray hat” hacking) by testing various methods of penetration. Furthermore, hacking for the purposes of national security has also become a sanctioned (whether acknowledged or not) activity by many nation-states. Therefore, a broader understanding of the term should acknowledge that hacking is often authorized, even if the intruder in question is subverting the normal process of accessing the system.
Even broader use of the word hacking involves the modification, unconventional use, or subversive access
These articles will concentrate on the concept of hacking that is specifically concerned with the activity of gaining access to software, computer systems, or networks through unintended means. This includes the simplest forms of social engineering used to determine passwords up to the use of sophisticated hardware and software for advanced penetration.
The “Hats” of Hacking
Classic Hollywood scenes of the Old American West often featured cartoonish depictions of gun slinging adversaries – usually a sheriff or marshal against a dastardly bandit or a band of miscreants. It was common to distinguish the “good guys” from the “bad guys” by the color of their cowboy hats. The brave and pure protagonist usually wore a white hat, where the villain wore a
A black hat hacker (or cracker) is one who is unambiguously attempting to subvert the security of a computer system (or closed-source software code) or information network knowingly against the will of its owner. The goal of the black hat hacker is to gain unauthorized access to the system, either to obtain or destroy information, cause a disruption in operation, deny access to legitimate users, or to seize control of the system for their own purposes. Some hackers will seize, or threaten to seize, control of a system – or prevent access by others – and blackmail the owner into paying a ransom before relinquishing control.
A hacker is considered a black hat even if they have what they themselves would describe as noble intentions. In other words, even hackers who are hacking for social or political purposes are black hats because they intend to exploit any vulnerabilities they discover. Similarly, entities from adversarial nation-states that are hacking for the purposes of warfare can be considered black hats regardless of their justifications or the international status of their nation.
Because there are so many creative and unanticipated ways to access computers and networks, often the only way to discover exploitable weaknesses is to attempt to hack one’s own system before someone with malicious intentions does so first and causes irreparable damage. A white hat hacker has been specifically authorized by the owner or custodian of a target system to discover and test its vulnerabilities. This is known as penetration testing. The white hat hacker uses the same tools and procedures as a black hat hacker and often has equal knowledge and skills. In fact, it is not uncommon for a former black hat to find legitimate employment as a white hat because black hats typically have a great deal of practical experience with system penetration. Government agencies and corporations have been known to employ formerly prosecuted computer criminals to test vital systems.