Phillip J. Brinkert
English 12 Period 3
22 May 2009
Computer Hacking and Security
Computer hacking costs businesses billions of dollars worth of damages each year, so businesses are more than happy to take someone in to help secure their systems and networks (Allardyce). Computer Security is important because if security measures are not taken any hacker can get into personal information. If hackers get into a system, what they get can be damaging. If they get a hold of information that is important they will use it to their advantage. Such information by include bank statements or credit card numbers. Computer hacking and security go hand and hand because without hackers there would be no need for security; if it were not for the hackers searching for flaws and weaknesses in a system there would have no need to take security measures to keep our information safe.
Many of the hackers that are known of today are the ones that go into systems for personal gain or to destroy information. These hackers are sometimes refereed to as black hats. But, there are also hackers that work for companies and businesses to help secure them from the malicious acts of the black hats; these are called ethical hackers or white hats. The classes will help get businesses and companies some hackers on their side of the firewall (Allardyce).
There are college level classes to teach the ethics of hacking and persuade the hackers to use the skills they learn for the sake of keeping people’s information secure. The ethics of hacking will be taught to the students before they are trained in that actual process of hacking into secured networks (Allardyce). The courses will give the students hands-on experience and they will work with instructors as well as peers that they can share information and techniques with (Slania). The classes will teach the students about sophisticated networks with high end security, how to hack into them, and how to think like a hacker (Allardyce). While the students are learning about hacking they will be watched by instructors to see if the students are not doing anything illegally or looking for hidden information.
There are also courses in the United States that offer the same program, in ethical hacking, to set a plethora of white hats out to help companies and businesses protect themselves from the hackers that want to cause harm or steal information (Allardyce). Classes for hacking have a relatively low cost as compared to consulting services; hacking classes can cost $2000 to $8000 whereas consulting services can cost up to $10,000 to $100,000 (Slania). So it is actually cheaper to get the training to be a computer hacker than it is to be a security consultant which may get more ethical hackers out in the field. The word hacker had not always stood for something to be feared or to need to be protected against. When personal computers were new and not many people owned one a hacker was said to be a “person who enjoys learning the details of computer systems and how to stretch their capabilities.” Or “One who programs enthusiastically or who enjoys programming rather than just theorizing.” Back in the day being a hacker was to be something to be thought of highly (Palmer).
Today’s meaning of computer hacking can be explained as getting access to a computer system or network without authorization (“Update: Computer Hacking.”). Hackers were thought of highly before people were going into the systems of their employers, and changing the permissions of their account, or the parameters of which their desktop computer could run programs such as games (Palmer). In the 80’s hackers would get into groups in order to share information and new techniques for hacking systems and information such as passwords or credit card numbers would be shared (“Update: Computer Hacking.”). There were many ways that were found to make free phone calls in the 70’s (“Update: Computer Hacking.”). A whistle that could be found in a captain crunch box was used to produce a 2600Hz tone into the phone, enabling them to make long-distance calls for free (“Update: Computer Hacking.”). The black hats were becoming more popular during the 1970’s; the first most popular hacking was done with telephones (“Update: Computer Hacking.”). This was the first major form of hacking that was costing companies a lot of money.
Being a white hat or ethical hacker is much harder than being a black hat due to the fact that white hats are out numbered by the black hats (Palmer). This makes the ethical hacker’s job much harder because they are out numbered. This means that each hacker will likely have different techniques, and the white hat will have to think of every possible way to protect the system and network form anything a hacker may try (Palmer). Ethical hacking is based on the premise that it takes a hacker to stop a hacker (Palmer). Instead of stealing information or deleting files, the white hats will inform the owner of the network or system administrator of the weakness and tell them how to fix it (“Update: Computer Hacking.”). The companies will hire them to work for the company and then they can attempt to hack into their own systems and if they are successful they will tell the company what they found and then patch the vulnerabilities (Palmer). As computer systems and networks become more advanced, the risk becomes greater of being able to be hacked (Gerbrache and Mort). With more sophistication in computer and networking systems come more holes in the security systems and more ways for a hacker to get in.
The ethical hackers in a company must be completely trustworthy for if they were to leak information about that company, it may attract many other hackers that would like to cause harm (Palmer). The skills of ethical hackers are generally strong with computer networks and programming, and have been in the computer field for a number of years (Palmer). Also, they have a good understanding of how the security of a system is kept and know how the operating systems and hardware work not only individually but as a whole (Palmer). But, with the changing hardware and security systems, they too are required to learn how the new components function with the systems (Palmer). Because of this, white hats also need to have more perseverance than the next person. This gives them the ability to work more intensely on a system and for a longer period of time (Palmer). The ethical hacker’s job is much harder than that of the common hacker due to the amount of different software focused on breaking into a secure system. There are also things a hacker can do to make their job easier, such as sending out viruses and worms that can open ports and allow the hacker easier access to the computer system (“Update: Computer Hacking.”). There is other software that can infect your system such as a key logger. A key logger will keep track of the keys hit and make finding user names and passwords much easier.
The most popular form of hacking is social hacking. Social hacking is when information is directly obtained from people that have it. This is done by acting like a person that may normally need that information. Social Hackers (also called Social engineers) will call a business looking for some one that will want to be helpful; they will then seek out information that they can use to their advantage and against the business or company (Bruce). It is possible to spoof caller-ids, there is an example of Mitnick calling a woman’s phone and when she looked at the caller id it showed the name and the number of the man next to her (Bruce). This will make the ability to socially hack and seem as though your someone else even easier (Bruce). The best defense against social hacking is employee training. Training employees to ask for names and job status also who may need the information being asked for can greatly reduce the amount of information given out to that wrong people.
Just about anyone with a computer can hack into a computer system (Farnsworth). A high school drop out the age of 32, working as a busboy was arrested for hacking the stock accounts and banks of Ted Turner, Steven Spielberg, and Oprah Winfrey (Farnsworth). The man used the computers at the public library as he didn’t have one of his own (Farnsworth). programming languages are not required to be known, all that is needed any more is the ability to click a mouse (Farnsworth). Now that nearly anyone can hack the risk for any company or people’s personal informational is at risk more so than before.
For the people that have no idea what they are doing or where to start there are books for the not so tech savvy. Anyone can go to their local book store in search of a book that show hacking techniques and may even come with an instructional CD-ROM to further explain what the person is searching for (Farnsworth). The books are claimed to be written to help protect a system, but go about doing so in such a way that it shows the techniques in hacking to the reader (Farnsworth). Essentially these books are showing the reader not only how to protect them self, but also how to hack. There are many sites that people may stumble upon that give a lot of information and software downloads that can aid in the process of breaking into a network (Farnsworth). The reasons for hacking a network or business can be more personal now that special skills for hacking are not needed (Farnsworth). If some one is fired or laid off they can seek revenge of that company and delete information or bring down the network.
Some of the best computer hackers can crack a password and hack into an account profile in less than 30 seconds (Allardyce). When a person starts hacking they do it for the “thrill and challenge”; they will generally start to try to get something of value out of who ever they may be hacking (Bruce). When a hacker tries to gain unauthorized access to a network, they are generally in a remote place connecting through the Internet (“Update: Computer Hacking.”). The reason for the recent uplift in computer hacking is the popularity and accessibility of the Internet; the Internet gives the ability to more easily access and manipulate systems and networks from around the world (“Update: Computer Hacking.”). A well known hacker named Kevin Mitnick was arrested for stealing over 20,000 credit card numbers and was imprisoned for 4year (“Update: Computer Hacking.”). Upgrading security will be much more cost effective than cleaning up the mess a hacker can leave behind. In the case of Tj Maxx, there were many credit card numbers and other valuable information that had been stolen and cost them about $250 million, far more the cost of the security upgrade (“Update: Computer Hacking.”). It is encouraged to keep security updated and strong so that later events of hacking maybe avoided.
There is also much controversy over the hacking laws. An argument over the laws on computer hacking has been raised; should the laws be stricter to keep hackers at bay or shall it be allowed (“Update: Computer Hacking.”)? But on the other hand, if hacking is stopped there will be less need for security for there will be no hackers but if its allowed to continue the white hats can keep helping to improve the security of networks and systems of businesses and companies, even the public people’s networks (“Update: Computer Hacking.”). New techniques for hacking are always being discovered, this keeps the security experts having to always learn new ways to defend the computer network; for this many experts project that the problem we have with hackers will not decrease with time (“Update: Computer Hacking.”).
Operating system updates are important because they update the security of the system and can cover holes that may let hackers in. Some people argue that “hackers are needed to expose flaws in systems,” in a way this is true but if it were not for the hackers, we would not need to protect our systems or seek out the flaws in them (Bruce). Any small company or businesses that have computers that are connected to the outside need to have good security (Bruce). The best way to keep a system secure against a virus attack is to have good anti-virus software and to keep software up to date (Palmer). A strong password should contain at lease 8 characters, upper and lower case letters, symbols, and numbers. This will reduce the chance of software or a person will be able to guess a password. Businesses can greatly reduce the chances of getting a virus and or being hacked by getting operating system patches and keeping anti-virus software current (Bruce). When securing a company its important to find every flaw another person may find, Bruce said “Being a hacker is easier than securing a company, because a hacker only has to find one hole,” (Bruce).
Since 1986 when one of the first viruses were written on the IBM computer, there has been a variety of viruses written to do a number of different things (Gerbrache and Mort). There is software that can make malicious software files with no knowledge required. This means literally any one can do it (Farnsworth). Software that guesses passwords can be found on the internet. It has a list of popular passwords and it will just go down the list until access is granted (Farnsworth). With Construction kits anyone can make a virus in a very short amount of time and with very little knowledge of how it works (Gerbrache and Mort).
Malicious software also called “Malware” is designed to do things to a system that is not wanted (Gerbrache and Mort). There are many different types of malware, such as a trojan horse, worm, rootkit, or a virus (Gerbrache and Mort). Malware can perform tasks that are preset by the creator to do something like display annoying error messages to reformatting the hard drive. Some viruses are written to harm a system; others are made for personal gain such as stealing information and automatically sending it over the internet, to deleting information (Gerbrache and Mort). When a good amount of malware is on the system, you may notice the system be bogged down; this is due to the software collecting data and sending it out constantly.
A trojan horse is a virus that is made to disguise it self as another seemingly harmless piece of software. Then when a file is downloaded and executed the Trojan hidden in the file will be released into the system to do what ever it was made to do (Gerbrache and Mort). A “Trojan Mule” is a program that when run will display a fake windows log-in screen, and it will wait for a user to enter in the user name and password. The program will then record and save this information (Gerbrache and Mort). A worm is different than a virus in the aspect that it does not need a program to attach itself to; worms will make copies to themselves and go through the network looking for other Computer systems to infect (Gerbrache and Mort). After it finds other computers over the network it will spread to them and damage the system in the same way it did the first. Worms are dangerous because if one person downloads a worm, it will go on to spread throughout the network. RootKits are used to give a specific person full control of your pc with administrative control from a remote site (“No Starch Press…”). Rootkits will evade detection by hiding the running files and processes in the task manager window (“No Starch Press…”). This is very bad because the person that had control can look at any file or in any folder with administrator privileges.
A virus can do many things to a system such as deleting files, or it could even corrupt a hard drive (Gerbrache and Mort). A virus can keep the system from operating correctly, without authorization of course (Gerbrache and Mort). Each time a computer is turned on it goes through a system in which it follows steps to get the system stated (Gerbrache and Mort). First the system will run POST (Power on Self Test); this test will test if the system had all the basic parts to perform (Gerbrache and Mort). Next the computer looks to a source of media in which the operating system is written on (generally the c: drive) and reads the first sector known as the Master Boot Sector (Gerbrache and Mort). At this point it is possible that a virus had been written to the MBS and is read and run into memory (Gerbrache and Mort). Once the virus is active it can seek out other sectors of the hard drive and load any other sectors it may need to run (Gerbrache and Mort). Techniques in keeping a virus hidden, Polymorphism was used to encrypt a virus so that when scanned or looked at it appeared as though it were a group of random bits of information, rather than looking like program code but anti-virus utilities are now able to decrypt these files and scan them normally (Gerbrache and Mort).
Another way to keep a virus hidden is to use “Stealth” a virus can easily be detected when the file grows in size after being activated (Gerbrache and Mort). When a file is infected the virus will take the file’s original size and subtract the size of the virus file, and the end result will be the infected file with the same file size (Gerbrache and Mort). If the real-time scanner identifies suspicious activities, it will halt the system and send an alert to the user of what has been detected (Gerbrache and Mort).
If it were not for the hackers searching for flaws and weaknesses in a system, no one would need to have to take security measures to keep our information safe. This is why security and computer hacking go hand and hand. Without the hackers there would be no need for security. When keeping system security up to date is important in keeping a system from being intruded or infected with malware. It is likely that hacking will never be fully stopped and that it will continue far into the future. Hacking has over all improved the way people think about computer and network security and has improved the quality of the security in hardware and software. Network and computer security is important to keep advancing in and there will never be a decline for the need of secure networks. If advances in security are stopped then the hackers will find ways through what we have now and it will not be long before many computer systems are compromised to the hackers.
Allardyce, Jason. “Students to learn art of computer hacking.” Sunday Times, 18 June. 2006. Newspaper Source. EBSCOhost. Elmhurst High School. 30 Apr. 2009 <http://www.inspire.net>.
Bruce, Allison. “Ex-Hacker Gives Computer Security Advice.” Ventura County Star (CA) 15 Mar. 2005. TOPICsearch. EBSCOhost. Elmhurst High School. 5 May. 2009 <http://www.inspire.net>.
Farnsworth, Chris. “Malicious Hacking into Companies Can Be Done By Just About Anyone.” Orange County Register, The (Santa Ana, CA) 11 Apr. 2001 Newspaper Source. EBSCOhost. Elmhurst High School. 30 Apr. 2009 <http://www.inspire.net>.
Gerbrache, David and Mort, Stuart “Malicious Software and Hacking.” Information Systems Security 6.3. Corporate ResourceNet. EBSCOhost. Elmhurst High School. 5 May. 2009 <http://www.inspire.net>.
“No Starch Press Releases Designing BSD Rootkits: An Introduction to Kernel Hacking.” M2PressWIRE 12 Apr. 2007. Newspaper Source. EBSCOhost. Elmhurst High School. 30 Apr. 2009 <http://www.inspire.net>.
Palmer, C. C. “Ethical hacking.” IBM Systems Journal 40.3 (2001). MasterFILE Premier. EBSCOhost. Elmhurst High School. 5 May. 2009 <http://www.inspire.net>.
Slania, John T. “Courses Teach Lessons in Hacking.” Crain’s Chicago Business 26.17 (28 Apr. 2003). Corporate ResourceNet. EBSCOhost. Elmhurst High School. 5 May. 2009 <http://www.inspire.net>.
“Update: Computer Hacking.” Issues & Controversies On File 6 June 2008. Issues & Controversies. Facts On File News Services. Elmhurst High School. 30 Apr. 2009 <http://www.2facts.com>.