Bernadette Schell and Clemens Martin
More Than 875 hacker terms ~ fully, clearly, and concisely defined
WE DEFINE YOUR WORLD
 |
| Webster's New World® Hacker Dictionary |
Bernadette H. Schell is dean of the Faculty of Business and Information Technology at Ontario’s only laptop university, the University of Ontario Institute of Technology in Oshawa, Ontario, Canada.
Dr. Schell is the 2000 recipient of the University Research Excellence Award from Laurentian University, where she was previously director of the School of Commerce and Administration in Sudbury, Ontario, Canada. Dr. Schell has written numerous journal articles on industrial psychology and cybercrime topics. She has written four books with Quorum Books in Westport, Connecticut, on such topics as organizational and personal stress, corporate leader stress and emotional dysfunction, stalking, and computer hackers. She has also published two books on cybercrime and the impact of
the Internet on society with ABC-CLIO in Santa Barbara, California.
Clemens Martin is the previous director of IT programs at the Faculty of Business and Information Technology at the University of Ontario Institute of Technology, where he is jointly appointed to the Faculty of Engineering and Applied Science. Before joining this university, Dr. Martin was partner and managing director of an information technology consulting company and Internet Service Provider, based in Neuss, Germany. He was responsible for various security and consulting projects, including the implementation of Java-based health care cards for Taiwanese citizens. Dr. Martin currently holds
a Bell University Labs (BUL) research grant in IT Security. He is the coauthor with Dr. Schell of the cybercrime book published by ABC-CLIO in Santa Barbara, California.
Preface
This book attempts to take a novel approach to the presentation and understanding of a controversial
topic in modern-day society: hacking versus cracking. The perception of this bi-modal activity is as
controversial as the process itself—with many in society confusing the positive attributes of hackers
with the criminal activities of crackers.This dictionary tries to balance the two sides of the equation:
the White Hat or the positive side of hacking with the Black Hat or the negative side of cracking.
This dictionary is written for general readers, students who want to learn about hackers and crackers,
and business leaders who want to become more knowledgeable about the IT security field to keep
their enterprises financially stable and to be proactive against intrusive cyber-attackers.
For those wanting to learn beyond our entries (which have been grouped into general terms, legal
terms, legal cases, and person), we have provided further readings under each entry and at the end of
the dictionary.The entries have been compiled by two experts in the field of information technology
security and hacker profiling. Hundreds of entries have been included to provide explanations and
descriptions of key information technology security concepts, organizations, case studies, laws, theories,
and tools. These entries describe hacktivist, creative hacker, and criminal cracker activities
associated with a wide range of cyber exploits.
Although we acknowledge that we cannot include every item of significance to the topics of hacking
and cracking in a one-volume reference book on this intriguing topic, we have attempted to be
as comprehensive as possible, given space limitations.Though we have focused on the past 35 years in
particular, we note that the foundations of hacking and cracking existed at the commencement of
computer innovations in the earlier parts of the previous century.
Readers will note that much of the anxiety surrounding a cyber Apocalypse in the present began
prior to the terrorist events involving the World Trade Center and the Pentagon on September 11,
2001, and continue to be exacerbated by terrorist events in Afghanistan, Iraq, and elsewhere.The result
of our efforts to understand such anxiety is a volume that covers hacking, cracking, world events, and
political and legal movements from the 1960s, in particular, to the present.
Entries are presented in alphabetical order, with subjects listed under the most common or popular
name. For example, there is an entry for phreaker Edward Cummings under his better-known moniker,
Bernie S. Moreover, we should point out that some crackers were minors when they were charged and
convicted of cracking crimes, and are therefore known to the world only by their monikers. One of the
most famous of these in recent years was a teenaged Canadian by the name of Mafiaboy.
Many narratives in this dictionary explain not only the entry term itself but also its significance in the
hacking or cracking field. Because information is constantly changing in the Information Technology
(IT) field, as are the exploits used by crackers for taking advantage of “the weakest links in the system,”
we acknowledge that readers who want to stay abreast of the latest findings in IT security must continually
read about new computer viruses, worms, and blended threats, as well as their developers’
motivations.Although we have attempted to present up-to-date entries in this volume,we admit that the
news events associated with hacking and cracking—as well as terrorism and cyberterrorism—are as
rapidly changing as the weather.
For our readers’ convenience, we have cross-referenced in bold type related entries.We have also
focused on a chronology of key hacking and cracking events and protagonists over the past 40-plus
years—particularly from the beginnings of the hacking exploits at MIT in the 1960s through the present.
We conclude the dictionary with a useful resource guide of books,Websites, and movies related
to hacking and cracking.
We thank Carolyn Meinel for writing Appendix A of this book, “How Do Hackers Break into
Computers?”
Introduction
Hacker. Now here is an interesting word. Originally the term in Yiddish meant “inept furniture
maker.”Today, the term has many different meanings, both good and bad. On the good side, the hacker
is a creative individual who knows the details of computer systems and how to stretch their capabilities
to deliver speedy solutions to seemingly complex information demands. On the bad side, the
hacker—more appropriately termed a cracker—is a malicious meddler in computer systems who is
out to deface, replace, or delete data for personal gain, to sabotage a system, to get revenge, or to bring
down the economic and social well-being of a nation by attacking its highly networked critical infrastructures.
There may even be severe injuries or deaths associated with such an attack—a scenario that
has been coined a “cyber Apocalypse.”
To counter the adverse effects of cracking, the White Hats (or good hackers) have been busy over
the past four decades designing software tools for detecting intruders in computer systems as well as
designing various perimeter defenses for keeping cybercriminals at bay.Also, various governments have
passed laws aimed at curbing cybercrimes. Since the September 11, 2001, terrorist air attacks on the
World Trade Center and the Pentagon in the United States, governments around the world have pulled
together in an attempt to draft cyberlaws that would be in effect across national as well as cyber borders
and to share critical intelligence to keep their homelands secure.
Just as nations have colorful histories and characters, so does the field of hacking. Contrary to the
present-day controversies surrounding hackers, the beginnings of the field, as it were, began as an intellectual
exercise. Back in the Prehistory era before computers were ever built in the early 1800s, Charles
Babbage and Ada Byron conceived of and published papers on an Analytical Engine that could compose
complex music and produce graphics and be used for a variety of scientific and practical uses.
Their visions became what are now known as computers and software programs.
In the early 1900s, what we now think of as a computer was becoming a reality. For example, John
Mauchly, a physics professor at Ursinus College, was the co-inventor with Presper Eckert of the first
electronic computer in 1935, known as the ENIAC or Electrical Numerical Integrator and Calculator.
In 1948, Kay McNulty Mauchly Antonelli married John Mauchly, and two years later the couple and
Presper Eckert started their own company.The team of three worked on the development of a new,
faster computer called the Univac, or Universal Automatic Computer. One of the terrific aspects of
the Univac was that it used magnetic tape storage to replace awkward and clumsy punched data cards
and printers. At this time, the computer industry was only four years old.
Then came the 1960s, the time during which most experts feel that the concept of creative hacking
truly took hold. During this time, the infamous MIT computer geeks (all males) conducted their hacking
exploits. Computers then were not wireless or portable handhelds but were heavy mainframes locked
away in temperature-controlled, glassed-in lairs.These slow-moving, very expensive hunks of metal were
affectionately known as PDPs.The computer geeks at MIT created what they called “hacks” or “programming
shortcuts” to enable them to complete their computing tasks more quickly, and it is said that
their shortcuts often were more elegant than the original program. Some members of this group formed
the initial core of MIT’s Artificial Intelligence (AI) Lab, a global leader in Artificial Intelligence research.
These creative individuals eventually became known (in a positive sense) as “hackers.”
By 1968, Intel was started by Andy Grove, Gordon Moore, and Robert Noyce. In 1969,ARPANET
(Advanced Research Projects Agency Network) was begun.ARPANET was the initial cross-continent,
high-speed network built by the U.S. Defense Department as a computer communications experiment.
By linking hundreds of universities, defense contractors, and research laboratories,ARPANET allowed
researchers around the globe to exchange information with impressive speed.1 This capability of working
collaboratively advanced the field of Information Technology and was the beginnings of what is now
the Internet.
In hackerdom history, the 1970s decade is affectionately known as the Elder Days. Back then, many
of the hackers (as with the hippies of that era) had shoulder-length hair and wore blue jeans.And while
the Beatles were making it to the top of music charts with their creative songs, hackers were busy with
their high-tech inventions. At the start of this decade, only an estimated 100,000 computers were in use.
By the mid-1970s, Bill Gates started the Microsoft Corporation, and Intel’s chairman, Gordon
Moore, publicly revealed his infamous prediction that the number of transistors on a microchip would
double every year and a half.This prediction has since become known as Moore’s Law.
As for other creative outputs of the 1970s, one of the most frequently mentioned is a new programming
language called “C.” As was UNIX in the operating system world, C was designed to be
pleasant, nonconstraining, and flexible.Though for years operating systems had been written in tight
assembler language to extract the highest efficiency from their host machines, hackers Ken Thompson
and Dennis Ritchie were among the innovators who determined that both compiler technology and
computer hardware had advanced to the point that an entire operating system could be written in C.
By the late 1970s, the whole environment had successfully been ported to several machines of different
types, and the ramifications were huge. If UNIX could present the same capabilities on
computers of varying types, it could also act as a common software environment for them all. Users
would not have to pay for new software designs every time a machine became obsolete. Rather, users
could tote software “toolkits” between different machines.
The primary advantage to both C and UNIX was that they were user-friendly.They were based on
the KISS, or Keep It Simple, Stupid, model.Thus, a programmer could hold the complete logical structure
of C in his or her head without too much hassle. No cumbersome manual was needed.
The darker side of hacking also evolved during the Elder Days. Phreaker John Draper wound up in
prison for using a cereal box whistle to get free long-distance telephone calls, and counterculture
Yippie guru Abbie Hoffman started The Youth International Party Line newsletter, a vehicle for letting
others know the trade secrets of getting free telephone calls. Hoffman’s publishing partner Al Bell
amended the name of the newsletter to TAP, meaning Technical Assistance Program.The pair argued
that phreaking was not a crime. It did not cause harm to anybody, for telephone calls emanated from
an unlimited reservoir.
The benefits to society and to cybercriminals continued with more advances in Information
Technology in the 1980s.This decade became known as the Golden Age, in part because many of the
high-tech entrepreneurs became some of the world’s richest people. For example, in 1982, a group of
talented UNIX hackers from Stanford University and Berkeley founded Sun Microsystems
Incorporated on the assumption that UNIX running on relatively low-cost hardware would prove to
be a highly positive combination for a broad range of applications. These visionaries were right.
Although still priced beyond most individuals’ budgets, the Sun Microsystem networks increasingly
replaced older computer systems such as the VAX and other time-sharing systems in corporations and
in universities across North America. Also, in 1984 a small group of scientists at Stanford University
started Cisco Systems, Inc., a company that today remains committed to developing Internet Protoco
(IP)–based networking technologies, particularly in the core areas of routing and switches.
The 1980s also had their darker moments. Clouds began to settle over the MIT Artificial
Intelligence (AI) Lab. Not only was the PDP technology in the AI Lab aging, but the Lab itself split
into factions by some initial attempts to commercialize Artificial Intelligence. In the end, some of the
AI Lab’s most talented White Hats were attracted to high-salary jobs at commercial startup companies.
In 1983, the movie War Games was produced to expose to the public the hidden faces of Black Hat
hackers in general and the media-exposed faces of the 414-gang, a cracker gang, in particular. Ronald
Mark Austin and his 414-gang from Milwaukee started cracking remote computers as early as 1980.
In 1983, after they entered a New York cancer hospital’s computer system without authorization, the
gang accidentally erased the contents of a certain hospital file as they were removing traces of their
intrusion into the system. As a result of this exploit, that New York hospital and other industry and
government agencies began to fear that confidential or top-secret files could be at risk of erasure or
alteration. After the 414-gang became famous, hackers developed a penchant for putting numbers
before or after their proper names, or for using a completely new moniker or “handle” (such as
“Mafiaboy”).
Besides movies about the dark side of hacking in the 1980s, the U.S. and the U.K. governments
passed laws to curb cracking activities. For example, in Britain, the Forgery and Counterfeiting Act of
1981 was passed to help authorities convict criminals involved in these activities, and in the United
States in 1986, Congress approved the Computer Fraud and Abuse Act to curb such criminal acts.
Some of the world’s most famous crackers stole media headlines during 1988. It was then that Kevin
Poulsen took over all the telephone lines going into Los Angeles radio station KIIS-FM, making sure
that he would be the 102nd caller for a contest and the winner of a Porsche 944 S2. Also, on
November 3, 1988, Robert Morris Jr. became known to the world when as a graduate student at
Cornell University, he accidentally unleashed an Internet worm that he had developed. The worm,
later known as “the Morris worm,” infected and subsequently crashed thousands of computers. Finally,
in 1988, cracker Kevin Mitnick secretly monitored the email of both MCI and DEC security officials.
For these exploits, he was convicted of causing damage to computers and of software theft and was
sentenced to one year in prison—a cracking-followed-by-prison story for Mitnick that was to repeat
over the next few years.
The years from 1990 through 2000 are known as the Great Hacker Wars and Hacker Activism Era
because during this time, cyberwars became a media story spinner. For example, the early 1990s
brought in the “Hacker War” between two hacker clubhouses in the United States—the Legion of
Doom (LoD) and the Masters of Deception (MoD). LoD was founded by Lex Luthor in 1984; MoD
was founded by Phiber Optik. Named after a Saturday morning cartoon, LoD was known for attracting
the best hackers in existence until one of the club’s brightest members, Phiber Optik (a.k.a. Mark
Abene) feuded with Legion of Doomer Erik Bloodaxe. After the battle, Phiber Optik was removed
from the club. He and his talented clan then formed their own rival club, MoD. LoD and MoD
engaged in online warfare for almost two years.They jammed telephone lines, monitored telephone
lines and telephone calls, and trespassed into each others’ computers.
Then the U.S. federal agents moved in. Phiber Optik got a one-year jail sentence for his exploits.
After his release from federal prison, hundreds of individuals attended a “welcome home” party in his
honor at an elite Manhattan club, and a popular magazine labeled Phiber Optik “one of the city’s 100
smartest people.”2
Political activism—such as that seen on U.S. big-city streets pushing for civil rights for minorities
and equal rights for women during the 1960s and 1970s—moved to the computer screen in the 1990s.
For example, in 1994 and 1995, White Hat hacktivists—the combining of hacking and activism—
squashed the Clipper proposal, one that would have put strong encryption (the process of scrambling
data into something that is seemingly unintelligible) under United States government control.
By 1995, many “golden” achievements were under way. In 1995, the CyberAngels, the world’s oldest
and largest online safety organization,was founded. Its mission was and continues to be the tracking
of cyberstalkers, cyberharassers, and cyberpornographers. Also, the Apache Software Foundation, a
nonprofit corporation, evolved after the Apache Group convened in 1995. The Apache Software
Foundation eventually developed the now-popular Apache HTTP Server, which runs on virtually all
major operating systems.
Also in 1995, the SATAN (Security Administrator Tool for Analyzing Networks) was released on
the Internet by Dan Farmer and Wietse Venema, an action that caused a major uproar about security
auditing tools being made public. In this same year, Sun Microsystems launched the popular programming
language Java, created by James Gosling, and the first online bookstore, Amazon.com, was
launched by Jeffrey Bezos.Tatu Ylonen released the first SSH (Secure SHell) login program, a protocol
for secure remote logins and other secure network services over a network deemed to be
nonsecure. Finally, in 1995, the Microsoft Corporation released Windows 95. It sold more than a million
copies in fewer than five days.
By the year 2000, society was becoming more fearful of the dark side of hacking. For example, in
February 2000, John Serabian, the CIA’s information issue manager, said in written testimony to the
United States Joint Economic Committee that the CIA was detecting with increasing frequency the
appearance of government-sponsored cyberwarfare programs in other countries. Moreover, on May
23, 2000, Dr. Dorothy Denning, a cybercrime expert who at the time was at Georgetown University,
gave testimony before the United States Special Oversight Panel on Terrorism. She said that cyberspace
was constantly under assault, making it a fertile place for cyber attacks against targeted individuals,
companies, and governments—a point repeated often by White Hat hackers over the past 20 years. She
warned that unless critical computer systems were secured, conducting a computer operation that physically
harms individuals or societies may become as easy in the not-too-distant-future as penetrating a
Website is today.
During 2000, the high-profile case of a Canadian cracker with the moniker Mafiaboy (his identity
was not disclosed because he was only 15 years old at the time) raised concerns in North America and
elsewhere about Internet security following a series of Denial of Service (DoS) attacks on several highprofile
Websites, including Amazon.com, eBay, and Yahoo!. On January 18, 2001, Mafiaboy pleaded
guilty to charges that he cracked into Internet servers and used them as starting points for launching
DoS attacks. In September 2001, he was sentenced to eight months in a detention center for minors
and was fined $250 Canadian.
The year 2001 and beyond has become known as an era marked by fears of an Apocalypse—
brought about by terrorists in the actual world in combination with cyberterrorists in cyberspace. In
just five years, citizens at home and at work have become bombarded by cyber worms and cyber
viruses that have cute names such as the Love Bug, Melissa, and Slammer but that have caused billions
of dollars in lost productivity and damage to computer networks worldwide. Even worse,many experts
fear that the evolution of devastating viruses and worms is occurring at such a rapid rate that the
potential for a cyber Apocalypse could occur any time now.
In an attempt to halt cybercriminals, the U.S. government and other governments around the globe
have passed legislation that is tougher and more controversial than ever before. For example, in the spring
of 2002, U.S. Representatives Saxby Chambliss, R-GA, and Jane Harman, D-CA, introduced the
Homeland Security Information Sharing Act to provide for the sharing of security information by U.S.
Federal intelligence and law enforcement parties with state and local law enforcement agents.This Act,
requiring the President to direct coordination among the various intelligence agencies, was sent to the
Senate Committee on Intelligence and to the Committee on the Judiciary on April 25, 2002. On May
6, 2002, it was sent to the Subcommittee on Crime,Terrorism, and Homeland Security, and on June 13,
2002, it was reported with an amendment by the House Judiciary. It lapsed without passage.
Moreover, on July 10 and 11, 2002, a United States Bill on Homeland Security was introduced by
Representative Richard Armey, R-TX, to the Standing Committees in the House. It was heavily
amended by the Committee on Homeland Security on July 24, 2002, and was passed by the House
on July 26, 2002.The bill was received in the Senate on November 19, 2002 and passed by the Senate
on November 25, 2002. The Homeland Security Act of 2002 was signed by the President of the
United States as Public Law 107-296. It was meant to establish the Department of Homeland Security,
and Section 225 was known as the Cyber Security Enhancement Act of 2002.
On January 24, 2003, President George W. Bush swore in Tom Ridge as the first Secretary of the
Department of Homeland Security, and one month later, a storm was brewing over the proposed
Domestic Security Enhancement Act of 2003, also known as Patriot Act II.William Safire, a journalist
with The New York Times, described the first draft of the Patriot II’s powers by suggesting that the
U.S. President was exercising dictatorial control. Then, on February 7, 2003, the storm intensified
when the Center for Public Integrity, a public-interest think-tank in Washington, D.C., disclosed the
entire content of the Act. The classified document allegedly had been given to the Center by someone
in the federal government.3 The Act ultimately did not become law.
Governments and legal analysts were not the only ones motivated by cyber fears in the early 2000s.
In August 2003, three crippling worms and viruses caused considerable cyber damage and increased the
stress levels of business leaders and citizens alike about a possible “cyber Apocalypse.”The Blaster worm
surfaced on August 11, 2003, exploiting security holes found in Microsoft Windows XP. Only a few days
later, on August 18, the Welchia worm appeared on the scene, targeting active computers. It went to
Microsoft’s Website, downloaded a program that fixes the Windows holes (known as a “do-gooder”), and
then deleted itself.The most damaging of the three cyber pests was the email-borne SoBigF virus, the
fifth variant of a “bug” that initially invaded computers in January 2003 and resurfaced with a vengeance
also on August 18, 2003.The damages for lost production and economic losses caused by these worms
and viruses were reportedly in excess of $2 billion for just an eight-day period.
About this time, John McAfee, the developer of the McAfee anti-virus software company, claimed
that there were more than 58,000 virus threats, and the anti-virus software company Symantec further
estimated that 10 to 15 new viruses are discovered daily.
By November 5, 2003, the media reported that a cracker had broken into one of the computers on
which the sources of the Linux operating systems are stored and from which they are distributed
worldwide. One day later, Microsoft Corporation took the unusual step of creating a $5 million fund
to track down crackers targeting Microsoft’s Windows operating systems. That fund included a
$500,000 reward for information that would lead to an arrest of the crackers who designed and
unleashed the Blaster and SoBigF. This Wild West–like bounty underscored the perceived threat posed
by viruses and worms in an interlinked world, as well as the problems associated with finding their creators.
However, some cynical security critics said that the reward had more to do with Microsoft’s
public relations than with crime and punishment.
By the end of 2003, the Computer Security Institute/FBI survey on computer crime, enlisting the
responses of 530 computer security professionals in U.S. corporations, universities, government agencies,
and financial and medical institutions, revealed that more than half of the respondents said that
their organizations had experienced some kind of unauthorized computer use or intrusion during the
previous 12 months. An overwhelming 99 percent of the companies whose security practitioners
responded to the survey thought that they had adequate protection against cyber intruders because
their systems had anti-virus software, firewalls, access controls, and other security measures. As in previous
years, theft of proprietary information was reported to have caused the greatest financial losses.4
Also at the end of 2003, a survey released by Deloitte & Touche LLP indicated that chief operating
officers (COOs) of companies around the world were more nervous about terrorist attacks adversely
impacting on business than were their American peers.The economist Carl Steidtmann, for example,
suggested that U.S. executives might be less concerned and more complacent about terrorist and
cyberterrorist attacks because they felt that their country had taken more overt steps to combat terrorism,
such as introducing the Homeland Security Act of 2002.
Besides intrusions and terrorism, spam was a major topic for action in November 2003.The United
States Federal Trade Commission (FTC) had earlier set up a national spam database and encouraged
people to forward to them all the email spam they received.The FTC noted that in 2002, informants
had reported more than 17 million complaints about spam messages to the federal agents for investigation,
and the FTC said that it received nearly 110,000 complaints daily. To control spam, on
November 25, 2003, the United States Senate passed the CAN-SPAM Act of 2003, also known as the
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003. It was to regulate
interstate commerce in the United States by imposing limitations and penalties on the distributors of
spam (that is, the transmission of unsolicited email through the Internet). Penalties included fines as
high as $1 million and imprisonment for not more than five years for those found guilty of infringing
the Act.The Act took effect on January 1, 2004.
Moreover, on April 8, 2005, a landmark legal case concluded that involved spammer Jeremy Jaynes
of Raleigh, North Carolina. This spammer—who went by the name “Gaven Stubberfield” and was
described by prosecutors as being among the top 10 spammers in the world—was sentenced to nine
years in U.S. prison.This case is considered to be important because it was the United States’ first successful
felony prosecution for transmitting spam over the Internet.A Virginia jury sentenced Jaynes for
transmitting 10 million emails a day using 16 high-speed lines. Jaynes allegedly earned as much as
$750,000 a month on this spamming operation. The sentence has been postponed while the case is
being appealed.5
In closing, little doubt exists that the cyber challenges facing governments, industry, universities,
medical institutions, and individuals are enormous. Because cybercrime appears in many guises, is multifaceted,
and involves jurisdictions around the world, there is no single solution to the problem.This
book was written to detail the many cyber challenges that security professionals, businesses, governments,
individuals, and legal experts face and to present some useful answers for staying a few steps
ahead of the “dark side”—those in the cracking and cyberterrorist communities.
maker.”Today, the term has many different meanings, both good and bad. On the good side, the hacker
is a creative individual who knows the details of computer systems and how to stretch their capabilities
to deliver speedy solutions to seemingly complex information demands. On the bad side, the
hacker—more appropriately termed a cracker—is a malicious meddler in computer systems who is
out to deface, replace, or delete data for personal gain, to sabotage a system, to get revenge, or to bring
down the economic and social well-being of a nation by attacking its highly networked critical infrastructures.
There may even be severe injuries or deaths associated with such an attack—a scenario that
has been coined a “cyber Apocalypse.”
To counter the adverse effects of cracking, the White Hats (or good hackers) have been busy over
the past four decades designing software tools for detecting intruders in computer systems as well as
designing various perimeter defenses for keeping cybercriminals at bay.Also, various governments have
passed laws aimed at curbing cybercrimes. Since the September 11, 2001, terrorist air attacks on the
World Trade Center and the Pentagon in the United States, governments around the world have pulled
together in an attempt to draft cyberlaws that would be in effect across national as well as cyber borders
and to share critical intelligence to keep their homelands secure.
Just as nations have colorful histories and characters, so does the field of hacking. Contrary to the
present-day controversies surrounding hackers, the beginnings of the field, as it were, began as an intellectual
exercise. Back in the Prehistory era before computers were ever built in the early 1800s, Charles
Babbage and Ada Byron conceived of and published papers on an Analytical Engine that could compose
complex music and produce graphics and be used for a variety of scientific and practical uses.
Their visions became what are now known as computers and software programs.
In the early 1900s, what we now think of as a computer was becoming a reality. For example, John
Mauchly, a physics professor at Ursinus College, was the co-inventor with Presper Eckert of the first
electronic computer in 1935, known as the ENIAC or Electrical Numerical Integrator and Calculator.
In 1948, Kay McNulty Mauchly Antonelli married John Mauchly, and two years later the couple and
Presper Eckert started their own company.The team of three worked on the development of a new,
faster computer called the Univac, or Universal Automatic Computer. One of the terrific aspects of
the Univac was that it used magnetic tape storage to replace awkward and clumsy punched data cards
and printers. At this time, the computer industry was only four years old.
Then came the 1960s, the time during which most experts feel that the concept of creative hacking
truly took hold. During this time, the infamous MIT computer geeks (all males) conducted their hacking
exploits. Computers then were not wireless or portable handhelds but were heavy mainframes locked
away in temperature-controlled, glassed-in lairs.These slow-moving, very expensive hunks of metal were
affectionately known as PDPs.The computer geeks at MIT created what they called “hacks” or “programming
shortcuts” to enable them to complete their computing tasks more quickly, and it is said that
their shortcuts often were more elegant than the original program. Some members of this group formed
the initial core of MIT’s Artificial Intelligence (AI) Lab, a global leader in Artificial Intelligence research.
These creative individuals eventually became known (in a positive sense) as “hackers.”
By 1968, Intel was started by Andy Grove, Gordon Moore, and Robert Noyce. In 1969,ARPANET
(Advanced Research Projects Agency Network) was begun.ARPANET was the initial cross-continent,
high-speed network built by the U.S. Defense Department as a computer communications experiment.
By linking hundreds of universities, defense contractors, and research laboratories,ARPANET allowed
researchers around the globe to exchange information with impressive speed.1 This capability of working
collaboratively advanced the field of Information Technology and was the beginnings of what is now
the Internet.
In hackerdom history, the 1970s decade is affectionately known as the Elder Days. Back then, many
of the hackers (as with the hippies of that era) had shoulder-length hair and wore blue jeans.And while
the Beatles were making it to the top of music charts with their creative songs, hackers were busy with
their high-tech inventions. At the start of this decade, only an estimated 100,000 computers were in use.
By the mid-1970s, Bill Gates started the Microsoft Corporation, and Intel’s chairman, Gordon
Moore, publicly revealed his infamous prediction that the number of transistors on a microchip would
double every year and a half.This prediction has since become known as Moore’s Law.
As for other creative outputs of the 1970s, one of the most frequently mentioned is a new programming
language called “C.” As was UNIX in the operating system world, C was designed to be
pleasant, nonconstraining, and flexible.Though for years operating systems had been written in tight
assembler language to extract the highest efficiency from their host machines, hackers Ken Thompson
and Dennis Ritchie were among the innovators who determined that both compiler technology and
computer hardware had advanced to the point that an entire operating system could be written in C.
By the late 1970s, the whole environment had successfully been ported to several machines of different
types, and the ramifications were huge. If UNIX could present the same capabilities on
computers of varying types, it could also act as a common software environment for them all. Users
would not have to pay for new software designs every time a machine became obsolete. Rather, users
could tote software “toolkits” between different machines.
The primary advantage to both C and UNIX was that they were user-friendly.They were based on
the KISS, or Keep It Simple, Stupid, model.Thus, a programmer could hold the complete logical structure
of C in his or her head without too much hassle. No cumbersome manual was needed.
The darker side of hacking also evolved during the Elder Days. Phreaker John Draper wound up in
prison for using a cereal box whistle to get free long-distance telephone calls, and counterculture
Yippie guru Abbie Hoffman started The Youth International Party Line newsletter, a vehicle for letting
others know the trade secrets of getting free telephone calls. Hoffman’s publishing partner Al Bell
amended the name of the newsletter to TAP, meaning Technical Assistance Program.The pair argued
that phreaking was not a crime. It did not cause harm to anybody, for telephone calls emanated from
an unlimited reservoir.
The benefits to society and to cybercriminals continued with more advances in Information
Technology in the 1980s.This decade became known as the Golden Age, in part because many of the
high-tech entrepreneurs became some of the world’s richest people. For example, in 1982, a group of
talented UNIX hackers from Stanford University and Berkeley founded Sun Microsystems
Incorporated on the assumption that UNIX running on relatively low-cost hardware would prove to
be a highly positive combination for a broad range of applications. These visionaries were right.
Although still priced beyond most individuals’ budgets, the Sun Microsystem networks increasingly
replaced older computer systems such as the VAX and other time-sharing systems in corporations and
in universities across North America. Also, in 1984 a small group of scientists at Stanford University
started Cisco Systems, Inc., a company that today remains committed to developing Internet Protoco
(IP)–based networking technologies, particularly in the core areas of routing and switches.
The 1980s also had their darker moments. Clouds began to settle over the MIT Artificial
Intelligence (AI) Lab. Not only was the PDP technology in the AI Lab aging, but the Lab itself split
into factions by some initial attempts to commercialize Artificial Intelligence. In the end, some of the
AI Lab’s most talented White Hats were attracted to high-salary jobs at commercial startup companies.
In 1983, the movie War Games was produced to expose to the public the hidden faces of Black Hat
hackers in general and the media-exposed faces of the 414-gang, a cracker gang, in particular. Ronald
Mark Austin and his 414-gang from Milwaukee started cracking remote computers as early as 1980.
In 1983, after they entered a New York cancer hospital’s computer system without authorization, the
gang accidentally erased the contents of a certain hospital file as they were removing traces of their
intrusion into the system. As a result of this exploit, that New York hospital and other industry and
government agencies began to fear that confidential or top-secret files could be at risk of erasure or
alteration. After the 414-gang became famous, hackers developed a penchant for putting numbers
before or after their proper names, or for using a completely new moniker or “handle” (such as
“Mafiaboy”).
Besides movies about the dark side of hacking in the 1980s, the U.S. and the U.K. governments
passed laws to curb cracking activities. For example, in Britain, the Forgery and Counterfeiting Act of
1981 was passed to help authorities convict criminals involved in these activities, and in the United
States in 1986, Congress approved the Computer Fraud and Abuse Act to curb such criminal acts.
Some of the world’s most famous crackers stole media headlines during 1988. It was then that Kevin
Poulsen took over all the telephone lines going into Los Angeles radio station KIIS-FM, making sure
that he would be the 102nd caller for a contest and the winner of a Porsche 944 S2. Also, on
November 3, 1988, Robert Morris Jr. became known to the world when as a graduate student at
Cornell University, he accidentally unleashed an Internet worm that he had developed. The worm,
later known as “the Morris worm,” infected and subsequently crashed thousands of computers. Finally,
in 1988, cracker Kevin Mitnick secretly monitored the email of both MCI and DEC security officials.
For these exploits, he was convicted of causing damage to computers and of software theft and was
sentenced to one year in prison—a cracking-followed-by-prison story for Mitnick that was to repeat
over the next few years.
The years from 1990 through 2000 are known as the Great Hacker Wars and Hacker Activism Era
because during this time, cyberwars became a media story spinner. For example, the early 1990s
brought in the “Hacker War” between two hacker clubhouses in the United States—the Legion of
Doom (LoD) and the Masters of Deception (MoD). LoD was founded by Lex Luthor in 1984; MoD
was founded by Phiber Optik. Named after a Saturday morning cartoon, LoD was known for attracting
the best hackers in existence until one of the club’s brightest members, Phiber Optik (a.k.a. Mark
Abene) feuded with Legion of Doomer Erik Bloodaxe. After the battle, Phiber Optik was removed
from the club. He and his talented clan then formed their own rival club, MoD. LoD and MoD
engaged in online warfare for almost two years.They jammed telephone lines, monitored telephone
lines and telephone calls, and trespassed into each others’ computers.
Then the U.S. federal agents moved in. Phiber Optik got a one-year jail sentence for his exploits.
After his release from federal prison, hundreds of individuals attended a “welcome home” party in his
honor at an elite Manhattan club, and a popular magazine labeled Phiber Optik “one of the city’s 100
smartest people.”2
Political activism—such as that seen on U.S. big-city streets pushing for civil rights for minorities
and equal rights for women during the 1960s and 1970s—moved to the computer screen in the 1990s.
For example, in 1994 and 1995, White Hat hacktivists—the combining of hacking and activism—
squashed the Clipper proposal, one that would have put strong encryption (the process of scrambling
data into something that is seemingly unintelligible) under United States government control.
By 1995, many “golden” achievements were under way. In 1995, the CyberAngels, the world’s oldest
and largest online safety organization,was founded. Its mission was and continues to be the tracking
of cyberstalkers, cyberharassers, and cyberpornographers. Also, the Apache Software Foundation, a
nonprofit corporation, evolved after the Apache Group convened in 1995. The Apache Software
Foundation eventually developed the now-popular Apache HTTP Server, which runs on virtually all
major operating systems.
Also in 1995, the SATAN (Security Administrator Tool for Analyzing Networks) was released on
the Internet by Dan Farmer and Wietse Venema, an action that caused a major uproar about security
auditing tools being made public. In this same year, Sun Microsystems launched the popular programming
language Java, created by James Gosling, and the first online bookstore, Amazon.com, was
launched by Jeffrey Bezos.Tatu Ylonen released the first SSH (Secure SHell) login program, a protocol
for secure remote logins and other secure network services over a network deemed to be
nonsecure. Finally, in 1995, the Microsoft Corporation released Windows 95. It sold more than a million
copies in fewer than five days.
By the year 2000, society was becoming more fearful of the dark side of hacking. For example, in
February 2000, John Serabian, the CIA’s information issue manager, said in written testimony to the
United States Joint Economic Committee that the CIA was detecting with increasing frequency the
appearance of government-sponsored cyberwarfare programs in other countries. Moreover, on May
23, 2000, Dr. Dorothy Denning, a cybercrime expert who at the time was at Georgetown University,
gave testimony before the United States Special Oversight Panel on Terrorism. She said that cyberspace
was constantly under assault, making it a fertile place for cyber attacks against targeted individuals,
companies, and governments—a point repeated often by White Hat hackers over the past 20 years. She
warned that unless critical computer systems were secured, conducting a computer operation that physically
harms individuals or societies may become as easy in the not-too-distant-future as penetrating a
Website is today.
During 2000, the high-profile case of a Canadian cracker with the moniker Mafiaboy (his identity
was not disclosed because he was only 15 years old at the time) raised concerns in North America and
elsewhere about Internet security following a series of Denial of Service (DoS) attacks on several highprofile
Websites, including Amazon.com, eBay, and Yahoo!. On January 18, 2001, Mafiaboy pleaded
guilty to charges that he cracked into Internet servers and used them as starting points for launching
DoS attacks. In September 2001, he was sentenced to eight months in a detention center for minors
and was fined $250 Canadian.
The year 2001 and beyond has become known as an era marked by fears of an Apocalypse—
brought about by terrorists in the actual world in combination with cyberterrorists in cyberspace. In
just five years, citizens at home and at work have become bombarded by cyber worms and cyber
viruses that have cute names such as the Love Bug, Melissa, and Slammer but that have caused billions
of dollars in lost productivity and damage to computer networks worldwide. Even worse,many experts
fear that the evolution of devastating viruses and worms is occurring at such a rapid rate that the
potential for a cyber Apocalypse could occur any time now.
In an attempt to halt cybercriminals, the U.S. government and other governments around the globe
have passed legislation that is tougher and more controversial than ever before. For example, in the spring
of 2002, U.S. Representatives Saxby Chambliss, R-GA, and Jane Harman, D-CA, introduced the
Homeland Security Information Sharing Act to provide for the sharing of security information by U.S.
Federal intelligence and law enforcement parties with state and local law enforcement agents.This Act,
requiring the President to direct coordination among the various intelligence agencies, was sent to the
Senate Committee on Intelligence and to the Committee on the Judiciary on April 25, 2002. On May
6, 2002, it was sent to the Subcommittee on Crime,Terrorism, and Homeland Security, and on June 13,
2002, it was reported with an amendment by the House Judiciary. It lapsed without passage.
Moreover, on July 10 and 11, 2002, a United States Bill on Homeland Security was introduced by
Representative Richard Armey, R-TX, to the Standing Committees in the House. It was heavily
amended by the Committee on Homeland Security on July 24, 2002, and was passed by the House
on July 26, 2002.The bill was received in the Senate on November 19, 2002 and passed by the Senate
on November 25, 2002. The Homeland Security Act of 2002 was signed by the President of the
United States as Public Law 107-296. It was meant to establish the Department of Homeland Security,
and Section 225 was known as the Cyber Security Enhancement Act of 2002.
On January 24, 2003, President George W. Bush swore in Tom Ridge as the first Secretary of the
Department of Homeland Security, and one month later, a storm was brewing over the proposed
Domestic Security Enhancement Act of 2003, also known as Patriot Act II.William Safire, a journalist
with The New York Times, described the first draft of the Patriot II’s powers by suggesting that the
U.S. President was exercising dictatorial control. Then, on February 7, 2003, the storm intensified
when the Center for Public Integrity, a public-interest think-tank in Washington, D.C., disclosed the
entire content of the Act. The classified document allegedly had been given to the Center by someone
in the federal government.3 The Act ultimately did not become law.
Governments and legal analysts were not the only ones motivated by cyber fears in the early 2000s.
In August 2003, three crippling worms and viruses caused considerable cyber damage and increased the
stress levels of business leaders and citizens alike about a possible “cyber Apocalypse.”The Blaster worm
surfaced on August 11, 2003, exploiting security holes found in Microsoft Windows XP. Only a few days
later, on August 18, the Welchia worm appeared on the scene, targeting active computers. It went to
Microsoft’s Website, downloaded a program that fixes the Windows holes (known as a “do-gooder”), and
then deleted itself.The most damaging of the three cyber pests was the email-borne SoBigF virus, the
fifth variant of a “bug” that initially invaded computers in January 2003 and resurfaced with a vengeance
also on August 18, 2003.The damages for lost production and economic losses caused by these worms
and viruses were reportedly in excess of $2 billion for just an eight-day period.
About this time, John McAfee, the developer of the McAfee anti-virus software company, claimed
that there were more than 58,000 virus threats, and the anti-virus software company Symantec further
estimated that 10 to 15 new viruses are discovered daily.
By November 5, 2003, the media reported that a cracker had broken into one of the computers on
which the sources of the Linux operating systems are stored and from which they are distributed
worldwide. One day later, Microsoft Corporation took the unusual step of creating a $5 million fund
to track down crackers targeting Microsoft’s Windows operating systems. That fund included a
$500,000 reward for information that would lead to an arrest of the crackers who designed and
unleashed the Blaster and SoBigF. This Wild West–like bounty underscored the perceived threat posed
by viruses and worms in an interlinked world, as well as the problems associated with finding their creators.
However, some cynical security critics said that the reward had more to do with Microsoft’s
public relations than with crime and punishment.
By the end of 2003, the Computer Security Institute/FBI survey on computer crime, enlisting the
responses of 530 computer security professionals in U.S. corporations, universities, government agencies,
and financial and medical institutions, revealed that more than half of the respondents said that
their organizations had experienced some kind of unauthorized computer use or intrusion during the
previous 12 months. An overwhelming 99 percent of the companies whose security practitioners
responded to the survey thought that they had adequate protection against cyber intruders because
their systems had anti-virus software, firewalls, access controls, and other security measures. As in previous
years, theft of proprietary information was reported to have caused the greatest financial losses.4
Also at the end of 2003, a survey released by Deloitte & Touche LLP indicated that chief operating
officers (COOs) of companies around the world were more nervous about terrorist attacks adversely
impacting on business than were their American peers.The economist Carl Steidtmann, for example,
suggested that U.S. executives might be less concerned and more complacent about terrorist and
cyberterrorist attacks because they felt that their country had taken more overt steps to combat terrorism,
such as introducing the Homeland Security Act of 2002.
Besides intrusions and terrorism, spam was a major topic for action in November 2003.The United
States Federal Trade Commission (FTC) had earlier set up a national spam database and encouraged
people to forward to them all the email spam they received.The FTC noted that in 2002, informants
had reported more than 17 million complaints about spam messages to the federal agents for investigation,
and the FTC said that it received nearly 110,000 complaints daily. To control spam, on
November 25, 2003, the United States Senate passed the CAN-SPAM Act of 2003, also known as the
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003. It was to regulate
interstate commerce in the United States by imposing limitations and penalties on the distributors of
spam (that is, the transmission of unsolicited email through the Internet). Penalties included fines as
high as $1 million and imprisonment for not more than five years for those found guilty of infringing
the Act.The Act took effect on January 1, 2004.
Moreover, on April 8, 2005, a landmark legal case concluded that involved spammer Jeremy Jaynes
of Raleigh, North Carolina. This spammer—who went by the name “Gaven Stubberfield” and was
described by prosecutors as being among the top 10 spammers in the world—was sentenced to nine
years in U.S. prison.This case is considered to be important because it was the United States’ first successful
felony prosecution for transmitting spam over the Internet.A Virginia jury sentenced Jaynes for
transmitting 10 million emails a day using 16 high-speed lines. Jaynes allegedly earned as much as
$750,000 a month on this spamming operation. The sentence has been postponed while the case is
being appealed.5
In closing, little doubt exists that the cyber challenges facing governments, industry, universities,
medical institutions, and individuals are enormous. Because cybercrime appears in many guises, is multifaceted,
and involves jurisdictions around the world, there is no single solution to the problem.This
book was written to detail the many cyber challenges that security professionals, businesses, governments,
individuals, and legal experts face and to present some useful answers for staying a few steps
ahead of the “dark side”—those in the cracking and cyberterrorist communities.
Table of Contents
Preface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
Acknowledgments
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Hacker Dictionary A–Z
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Appendix A: How Do Hackers Break into Computers? by Carolyn Meinel
. . . . . . . . . . . . . . . . . . . . . . . 365
Appendix B: Resource Guide
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
Pages
| 419 p |
File Size
|
5,045 KB |
File Type
|
PDF format |
ISBN-13
ISBN-10 | 978-0-470-04752-1 0-470-04752-6 |
Copyright
| 2006 by Bernadette Schell and Clemens Martin |
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
