Print
Discuss
Send to friend
RSS feeds
Can you remember your last hacking experience? Perhaps it was carving a pathway through the Amazonian rain forest during your gap-year trek? Or was it a Sunday morning spent wrestling with the shears in an effort to make your garden-privet resemble a cockerel?
If you were teenager Raphael Gray, then your last hacking endeavour was certainly memorable. Why? Because it resulted in American FBI agents rapping on the door of his home in deepest Wales, one frosty morn in March. The young fool's crime was to hijack the details of some 23,000 credit cards from the databases of numerous online retailers using nothing more than a basic home computer and a modem.
Gray considered himself a "saint of e-commerce" whose mission was to expose online security holes, but the media were quick to label him a hacker - and it stuck.
In fact, 'hacking' used to mean something altogether more innocent and the word was originally used to describe people holed up in dingy sheds and garages, tinkering with all things electronic. By the early 1980s, though, the media began to misuse the term to describe any form of illicit online activity.
In reality, headline-grabbing online anarchists like Gray much prefer to be called 'crackers'; the notion being that they crack open computerised security systems for the sake of it rather than to try to learn something from the experience.
Regardless of the terminology, the upshot is the same; time and time again, computer system administrators are forced into embarrassing admissions of online invasions. Sometimes the results are little more than an annoyance - a company website defaced with a rude image or Bill Gates' direct number published on Microsoft's homepage for all to see; but sometimes, as in Gray's case, the consequences are potentially much more serious.
As a direct result of the Welsh teenager's hack attacks, one company was forced out of business and numerous financial institutions had to cancel and reissue their customers' credit cards at a cost of millions. The inconvenience caused to cardholders affected by Gray's deeds is impossible to quantify.
The science
Dedicated hackers have plenty of technical tricks up their sleeves but all hinge on the same premise: if a computer system exhibits a weakness, then it can be exploited. The 'science' of cracking, therefore, is homing in on the vulnerable parts of a computer setup.
The handiest tool in a hacker's kitbag is 'ping'. This sends an electronic "Are you there?" request to a website and the server hosting it responds with its IP address in acknowledgement. Using ping on www.computeractive.co.uk, for instance, will return 212.161.108.135 - the public face of our publishing company's internet server. While the server is protected against hack attacks by a firewall, the information it holds (magazine websites, in the main) is free for all to see.
Hackers use IP addresses as a starting point. By fiddling with the figures, it's usually possible to locate other computers that are connected to the server but not intended for public view - 'backroom' servers or office desktop computers. Should one of these present the hacker with a password-protection request, then the cracking game can begin.
The basics
While hacking undoubtedly requires commitment, it couldn't honestly be described as difficult. At the simplest level, it's the equivalent of wandering along a street of parked cars and trying the door of each as you pass - you're looking for the one nincompoop who forgot to lock up. When it comes to computers, there are any number of doors waiting to be tested.
An unsophisticated chancer might attempt to break into a computer system by simply guessing someone's log-in details (you'd be surprised how many people use 'password' as their password), but committed crackers use software to help them along.
Password-cracking programs try to gain unauthorised access to computer systems using a simple brute-force technique. Widely available to download from the internet, these mini-applications draw on massive dictionaries as they cycle through repeated login attempts. Indeed, the only effort required on the part of would-be hackers is to point the cracking tool at a password-protected site or computer before leaving it to get on with the job.
Why you need to know about it
Okay, you're not responsible for the Pentagon and the most sensitive document stored on your computer contains nothing more incriminating than this year's Christmas card list; so should you be concerned about hackers?
Consider this: earlier this year, a Computeractive reader sent us information that enabled us to view the credit card numbers and personal details of 13,000 customers of an online music and video retailer. Fortunately, we're not crackers and we immediately informed the company concerned of the security hole. Even so, we were still shocked by the ease with which such information could be extracted.
The point is that it's not so much information you wish to keep private, as that which you no longer control. An online transaction involving your credit card details might be as secure as Fort Knox, but if the retailer leaves the safe keys by the front door, then it won't be long before someone takes advantage.
JARGONBUSTER
Firewall: A system that prevents unauthorised access to a computer over a network, such as the internet. Firewalls can be either hardware or software - businesses tend to use the former; home users the latter.
IP address: The unique numeric address of a computer on the internet. Your computer's IP address is similar to your own phone number in its function.
Server: A shared computer that is accessed by other computers. The internet consists of tens of thousands of servers on which web pages are stored.
See also:
All Hacking and Cyber-crime
del.icio.us
Digg this
reddit!
