Hacker Motivation
Lesson 3
The Attacker’s Process
• Passive Reconnaissance
• Active Reconnaissance (scanning)
• Exploiting the system
• Gain access
• Elevation of privileges
• Denial of Service
Uploading programs
Downloading data
Maintaining access (backdoors, trojans)
Covering the tracks
Some Definitions
• Information Security
• “the protection of information against
unauthorized disclosure, transfer, modification or
destruction whether accidental or intentional”
• Information Assurance
• “Information operations that protect and defend
information and information systems by ensuring
their availability, integrity, authentication,
confidentiality and non-repudiation.”
Hacker Definition
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as
opposed to most users, who prefer to learn only the minimum necessary.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just
theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'.
(Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
From: http://members.tripod.com/cory_hack/definition.htm
Hacker Definition (cont)
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around.
Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000
It is interesting to note that the previous slide’s first 7 definitions were taken from the Jargon File
but that the 8th, more “objectionable”, definition was omitted. This provides an insight in itself
as to how folks who “dabble” in this area like to see themselves.
Cracker Definition
cracker n.
One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of
hacker (q.v., sense 8). An earlier attempt to establish `worm' in this sense around 1981-82 on Usenet was largely
a failure.
Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking
rings. While it is expected that any real hacker will have done some playful cracking and knows many of the
basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate,
benign, practical reasons (for example, if it's necessary to get around some security in order to get some work
Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by
sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive groups that
have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe
themselves as hackers, most true hackers consider them a separate and lower form of life.
Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with
their computers than breaking into someone else's has to be pretty losing. Some other reasons crackers are
looked down on are discussed in the entries on cracking and phreaking. See also samurai, dark-side hacker, and
hacker ethic. For a portrait of the typical teenage cracker, see warez d00dz.
From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000
Cracking Definition
cracking n.
[very common] The act of breaking into a computer system; what a cracker does.
Contrary to widespread myth, this does not usually involve some mysterious
leap of hackerly brilliance, but rather persistence and the dogged repetition of a
handful of fairly well-known tricks that exploit common weaknesses in the
security of target systems. Accordingly, most crackers are only mediocre
From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000
The Difference between Hackers and
• A hacker is a person intensely interested in the arcane and recondite
workings of any computer operating system. Hackers are most often
programmers. As such, hackers obtain advanced knowledge of operating
systems and programming languages. They might discover holes within
systems and the reason for such holes. Hackers constantly seek further
knowledge, freely share what they have discovered, and never, ever
intentionally damage data.
• A cracker is one who breaks into or otherwise violates the system integrity
of remote machines with malicious intent. Having gained unauthorized
access, crackers destroy vital data, deny legitimate users service, or cause
problems for their targets. Crackers can easily be identified because their
actions are malicious.
• From Maximum Security, 3rd ed.
Phreaking Definition
phreaking /freek'ing/ n.
[from `phone phreak'] 1. The art and science of cracking the phone network (so as, for example, to
make free long-distance calls). 2. By extension, security-cracking in any other context (especially,
but not exclusively, on communications networks) (see cracking).
At one time phreaking was a semi-respectable activity among hackers; there was a gentleman's agreement
that phreaking as an intellectual game and a form of exploration was OK, but serious theft of services was
taboo. There was significant crossover between the hacker community and the hard-core phone phreaks
who ran semi-underground networks of their own through such media as the legendary "TAP Newsletter".
This ethos began to break down in the mid-1980s as wider dissemination of the techniques put them in the
hands of less responsible phreaks. Around the same time, changes in the phone network made old-style
technical ingenuity less effective as a way of hacking it, so phreaking came to depend more on overtly
criminal acts such as stealing phone-card numbers. The crimes and punishments of gangs like the
`414 group' turned that game very ugly. A few old-time hackers still phreak casually just to keep their
hand in, but most these days have hardly even heard of `blue boxes' or any of the other paraphernalia of
the great phreaks of yore.
From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000
Telecommunications Systems
Samurai Definition
samurai n.
A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers
pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an
electronic locksmith. In 1991, mainstream media reported the existence of a loose-knit culture of samurai
that meets electronically on BBS systems, mostly bright teenagers with personal micros; they have modeled
themselves explicitly on the historical samurai of Japan and on the "net cowboys" of William Gibson's
cyberpunk novels. Those interviewed claim to adhere to a rigid ethic of loyalty to their employers and to
disdain the vandalism and theft practiced by criminal crackers as beneath them and contrary to the hacker
ethic; some quote Miyamoto Musashi's "Book of Five Rings", a classic of historical samurai doctrine, in
support of these principles. See also sneaker, Stupids, social engineering, cracker, hacker ethic, and
dark-side hacker.
From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000
sneaker n.
An individual hired to break into places in order to test their security; analogous to tiger team.
Hacker Ethics
The Hacker's Code of Ethics
Unlike so many of the so called "hackers" today, the original hackers at places like MIT, Berkeley and
Stanford had a clear code of ethics. In 1984, Steven Levy published a book titled Hackers in which he
listed the ethical code of these first hackers. This is the Hacker's Ethic.
1.Access to computers-and anything which might teach one something about the way the world
works-should be unlimited and total.
2.All information should be free.
3.Mistrust authority-promote decentralization.
4.Hackers should be judged by their hacking, not by other criteria.
5.One can create art and beauty on a computer.
6.Computers can change one's life for the better.
Hacker Ethics (cont)
hacker ethic n. (from: JARGON FILE, VERSION 4.2.3, 23 NOV 2000)
1. The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their
expertise by writing open-source and facilitating access to information and to computing resources wherever possible.
2. The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft,
vandalism, or breach of confidentiality.
Both of these normative ethical principles are widely, but by no means universally, accepted among hackers. Most
hackers subscribe to the hacker ethic in sense 1, and many act on it by writing and giving away open-source software. A
few go further and assert that all information should be free and any proprietary control of it is bad; this is the philosophy
behind the GNU project.
Sense 2 is more controversial: some people consider the act of cracking itself to be unethical, like breaking and entering.
But the belief that `ethical' cracking excludes destruction at least moderates the behavior of people who see themselves
as `benign' crackers (see also samurai). On this view, it may be one of the highest forms of hackerly courtesy to (a) break
into a system, and then (b) explain to the sysop, preferably by email from a superuser account, exactly how it was done
and how the hole can be plugged -- acting as an unpaid (and unsolicited) tiger team.
The most reliable manifestation of either version of the hacker ethic is that almost all hackers are actively willing to share
technical tricks, software, and (where possible) computing resources with other hackers. Huge cooperative networks such
as Usenet, FidoNet and Internet (see Internet address) can function without central control because of this trait; they both
rely on and reinforce a sense of community that may be hackerdom's most valuable intangible asset.
Hacker Manifesto
Hacker Manifesto (cont)
Hacker Manifesto (full)
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after
Bank Tampering"... Damn kids. They're all alike. But did you, in your three- piece psychology and 1950's technobrain, ever take a look
behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a
hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us
bores me...Damn underachiever. They're all alike. I'm in high school. I've listened to teachers explain for the fifteenth time how to
reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're
all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's
because I screwed it up.Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like
teaching and think it shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to
a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the
day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've
never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again.
They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits
of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The
few that had something to teach found us willing pupils, but they are like drops of
water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing
without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you
call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious
bias... and you call us criminals. You build atomic bombs, you wage wars, you murder,
cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look
like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may
stop this individual, but you can't stop us all... after all, we're all alike.
-- The Mentor
Tools of the Trade
• The means by which a cracker or hacker might be
able to penetrate a computer or network.
• A number of elements
• Reconnaissance: information gathering using several
• Social Engineering
• Port Scanning
• Passive OS Identification (using default settings, banners …)
• Exploits – based on data gathered, determine if a known
exploit/vulnerability exists.
• Tools – there may be something already created
Who are your Enemies?
From: Real World Linux Security
Crackers (see previous definition)
Disgruntled current employees
Disgruntled former employees
Extremists (also called “hacktivists”)
Motivating Factors - 4 Domains
From Information Warfare and Security
• Play: hacking/cracking, phreaking
• crime: illegal acts in including intellectual property
crime and computer fraud and abuse
• but isn’t cracking a crime?
• individual rights: conflicts over free speech and
• national security: foreign intelligence operations,
war and military conflicts, terrorism, and operations
against a nation by nonstate players
Is Hacking Always a Crime?
• Recall discussion on hacking -vs- cracking
• White Hat hackers
• Black Hat hackers
Motivation -- Play
Motivation -- Play
• Recall the Hacker’s Manifesto
• Information Warfare and Security, by Denning,Pg 45-46
• Hacking was the ultimate cerebral buzz for me. I would come home from
another dull day at school, turn my computer on, and become a member of
the hacker elite. It was a whole different world where there were no
condescending adults and you were judged by your talent. I would first
check in to the private bulletin boards where other people who were like
me would hang out, see what the new was in the community, and trade
some info with people across the country. Then I would start actually
hacking. My brain would be going a million miles an hour and I’d
basically completely forget about my body as I would jump from one
computer to another trying to find a path into my target. It was the rush of
working on a puzzle coupled with the high discovery many magnitudes
intensified. To go along with the adrenaline rush was the illicit thrill of
doing something illegal. Every step I made could be the one that would
bring the authorities crashing down on me. I was on the edge of
technology and exploring past it, spelunking into electronic caves where I
wasn’t supposed to be.
Motivation -- Play
Bored at school
member of an elite group
thrill (adrenaline rush)
power + sense of control
Motivation -- Play
• Kuji:
• “It is all about control, really. I’m in my little room
with my little computer breaking into the biggest
computers in the world and suddenly I have more
control over this machine than them. That is where the
buzz comes from. Anyone who says they are a
reformed hacker is talking rubbish. If you are a hacker,
you are always a hacker. It’s a state of mind.”
• Makaveli
• “It’s power, dude. You know, power.”
Motivation -- Play
• Prof Nicholas Chantler of Queensland Univ.
• Survey of 164 hackers
• ages ranged from 11-46
– majority between 15 and 24
• only 5% female
• 3 main reasons for hacking were challenge, knowledge, pleasure
• next were recognition, excitement, friendship (24%)
• the rest said self-gratification, addiction, espionage, theft, profit,
vengeance, sabotage, freedom (27%)
Motivation -- Play
• Survey continued:
• 52% said they work in teams
• 39% said they belonged to hacking groups
• e.g. LOD, MOD, 414club, CdC, L0pht
• There are many BBoards, web sites, and hacker pubs
• 1997 NY Times article reported 440, 1900, 30
• Also several conferences
Motivation -- Play
• Hacking for a cause
• StRyKe (25 yr old hacker from U.K)
• “I do think of myself as ‘moral.’ The
traditional image of a hacker is no longer a
valid one. I don’t attack anyone who doesn’t
deserve it. We are talking about people who
deliberately harm minors.”
Motivation -- Play
• Has the culture evolved/changed/degenerated?
• Erik Bloodaxe (Chris Goggans)
• “I don’t like most of you people. . . . People might argue that the
community has “evolved” or “grown” somehow, but that is utter
crap. The community has degenerated. . . The act of intellectual
discovery that hacking once represented has now been replaced by
one of greed, self-aggrandization and misplaced post-adolescent
angst. . . . I’m not alone in my disgust. There are a bunch of us who
have reached the conclusion that the “scene” is not worth
supporting; that the cons are not worth attending; that the new influx
of would-be hackers is not worth mentoring. Maybe a lot of us have
just grown up.”
More than just child’s play
• Serious implications for
• public safety & Health
• Worcester Airport (jester)
• National Security
• Solar Sunrise
• National Infrastructure
• L0pht members testified in 1997 before Congress
and stated they could take down the Internet in 30
Motivation -- Crime
• Intellectual Property
• Piracy (losses exceed $20B, mostly external to US)
• Theft of trade secrets ($40-$250B)
• Biggest risk is insider
• Fraud
• telemarketing scams ($40B)
• identity theft and bank fraud (#’s fuzzy but includes credit
card theft)
• telecommunications ($5-$10B)
• Computer Fraud & Abuse
• Organized Crime
Motivation -- Crime
• What exactly is stolen?
• Nothing “physical” but damage still caused
• The argument, especially by phreakers, is
that there really wasn’t anything stolen
• How does computer Fraud and abuse
manifest itself?
• According to Denning, unauthorized access,
Motivation -- Individual Rights
• Rights to Privacy & Free speech
• Privacy, who “owns” the info about you?
• Conflicts between free speech and harmful or disturbing speech
• flaming -vs- defamation
• Conflicts over censorship
• some countries restrict satellite and Internet access for national interests
or religious reasons
• some restrict to protect groups such as children
• Conflicts over government surveillance
Motivation -- National Security
• Operations undertaken by states and by nonstate players against
• Foreign intelligence ops
Intelligence Priorities
U.S. 1995
1. The intel needs of the military
during operations
2. Political, economic, and military
intelligence about countries hostile
to the US and all-source info on
major political powers with
weapons of mass destruction hostile
to US
3. Intel about specific transnational
threats, such as weapons
proliferation, terrorism, drug
trafficking, organized crime, illicit
trade practices, and environmental
issues of great gravity
Japan Late 80’s
1. Info pertaining to access to
foreign sources of raw materials
2. Technological and scientific
developments in the US and
3. Political decision making in the
US and Europe, particularly as it
relates to trade, monetary, and
military policy in Asia
4. Internal political and military
developments in China, Korea,
and Russia
Motivation -- National Security
• Operations undertaken by states and by nonstate players against
• Foreign intelligence ops
• war and military ops
• PSYOPS, perception Management
• Can we have war without bombs (Cyberwar)?
• Critical Infrastructure -- what’s a valid target?
Motivation -- National Security
• Operations undertaken by states and by nonstate players against
• Foreign intelligence ops
• war and military ops
• Acts of terrorism
• Perception Management,
• Attack systems and web sites
• Attack computers that control things
• Netwars
• Low intensity conflicts by nonstate actors: example Zapatistas
Motivation -- National Security
• Zapatistas
• struggle against Mexican Government
• used Internet to “spread their word”
• One group of supporters in U.S. organized an attack
against the Mexican President Zedillo’s Web site
Common Vulnerabilities and
Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides
common names for publicly known information security vulnerabilities and exposures.
Using a common name makes it easier to share data across separate databases and
tools that until now were not easily integrated. This makes CVE the key to information
sharing. If a report from one of your security tools incorporates CVE names, you may
then quickly and accurately access fix information in one or more separate CVEcompatible databases to remediate the problem.
CVE is:
One name for one vulnerability or exposure
One standardized description for each vulnerability or exposure
A dictionary rather than a database
How disparate databases and tools can "speak"the same language
A basis for evaluation among tools and databases
Accessible for review or download from the Internet
Industry-endorsed via the CVE Editorial Board
The Vulnerability Life Cycle
•Mailing lists, Newsgroups, Hacker sites
Start Here
Response Incident
Detection Detection
•Vulnerability Assessment Tools
A Roadblock to Information Sharing:
Same Problem, Different Names
Organization Name
Network: HTTP ‘phf’ Attack
CGI phf program allows remote command
execution through shell metacharacters.
phf CGI allows remote command execution
PHF Attacks – Fun and games for the whole family
#107 – cgi-phf
#3200 – CERT:CA-96.06.cgi_example_code
WWW phf attack
in NCSA/Apache Example Code
#10004 - WWW phf check
Adding New Entries to CVE
Board member submits raw information to MITRE
Submissions are grouped, refined, and proposed back to the Board as
 Strong likelihood of becoming CVE-YYYY-NNNN
 Not a guarantee
 Delicate balance between timeliness and accuracy
Board reviews and votes on candidates
 Accept, modify, recast, reject, reviewing
If approved, the candidate becomes a CVE entry
Entry is included in a subsequent CVE version
 Published on CVE web site
Entries may later be modified or removed
Stages of Security Information in
•Raw information
•Obtained from MITRE,
Board members, and
other data feeds
•Combined and refined
….. …..
•Placed in clusters
•Proposed to Editorial Board
•Accepted or rejected
•Backmap tells submitters what
candidates were assigned to
their submissions
•Added to CVE list
•Submissions, candidates
removed from the “pool”
•Published in an official CVE

IS4453 Information Assurance and Security