How Hacking Can Be Helpful - Essay Example

? How Hacking Can be Helpful Introduction Majority believes that hacking is an unfair activity that primarily intends to intrude into someone’s privacy. However, a hacker is someone with advanced computing skills. Admittedly, many people negatively use hacking techniques to break into the computer systems and the privacy of others without the parties’ knowledge. With the growing security threats to computer networks today, the concept of ethical hacking is gaining widespread popularity. Although same hacking techniques are used to break into the security under ethical hacking too, prior permission is taken under this approach. In addition, ethical hackers do not delete files, disclose the information to public, or ruin the network once they manage to break into the security. Today corporations widely hire ethical hackers or white hat hackers to check if their security systems are strong enough to prevent strong malicious attacks. Hacking contests like Pwn2Own are organized to identify unknown vulnerabilities in computer networks and security system. It is interesting to note that leading social networks like Facebook and Twitter and search engines like Google and Yahoo offer millions of dollars to hackers who can successfully break into their security. Still some companies are overconfident about the security systems they maintain without knowing the modern tricks in computer hacking. Today it is not necessary for one to sit the whole day at computer to break into the security of an organization because there have been many simple techniques in use. Although the concept of ethical hacking can be helpful for companies to improve their security levels, today hacking techniques are widely used for supporting illegal purposes like credit card fraud and information theft. This paper will describe how hacking can be helpful for companies to improve their operational efficiency. History of hacking The known history of hacking could be dated back to 1870s, when several teenagers cracked the United States’ brand new phone system, and since then the practice of hacking has been very widely reported around the globe. As Trigaux reports, in 1903 Nevil Maskelyne, a magician and inventor, interrupted a public demonstration of a secure wireless telegraphy technology by John Ambrose Fleming by sending inappropriate Morse code messages with the help of the auditorium’s projector (“A history of hacking”). In 1930s a major hacking event happened when Polish cryptologists Marian Rejewski, Henryk Zygalski, and Jerzy Rozycki hacked the Enigma machine code. In 1960s, university facilities like MIT’s artificial intelligence lab became a hot target for hackers. In 1965, William D. Mathew detected a vulnerability in a Multics CTSS running on an IBM 7094 and he found that this weakness causes to disclose the password file’s contents; and as a result of this flaw, any user logging into this system could see the system CTSS password file’s contents (Baker, “14 Years of SQL Injection..”). During this period, the term ‘hacker’ was used in a positive sense to represent a person with advanced computing skills who could alter computer programs beyond what they were actually designed to perform. Hacking activities became more common with the beginning of 1970s. In early 1970s, an individual named John Draper made a free long distance call by blowing a precise tone into a telephone that commands the system to clear a line (“A history of hacking”). Draper was repeatedly arrested throughout the1970s for telephone tampering. During the same period, the Yippie social movement made arrangements like Technical Assistance Program to back up phone hackers’ efforts to make free long distance calls. Later in this decade, two members from the Homebrew Computer Club of California began making devices called ‘blue boxes’, which were used to intrude into the phone system. The two members earned the handle ‘Berkeley Blue’ (Steve Jobs) and ‘Oak Toebark’ (Steve Wozniak) were the persons who later became popular as the founders of the Apple Computers. In early 1980s, FBI busted the 414s when they were accused of breaking into the 60 computer systems at various institutions ranging from Los Alamos National Laboratory to Memorial Sloan-Kettering Cancer Center. Following this computer attack, the US House of Representatives conducted studies on computer security and passed some important laws. The Comprehensive Crime Control Act was formed to address computer and credit card fraud particularly. During this period, two hacker groups namely Legion of Doom (United States) and the Chaos Computer Club (Germany) were formed also the 2600: The Hacker Quarterly was founded to provide some tips on phone and computer hacking. The Computer Fraud and Abuse Act passed in late 1980s gave more power to Federal authorities. In order to deal with the increasing computer network attacks, the US defense departments formed Pittsburgh based Computer Emergency Response Team. In 1998, a 25 year old hacker Kevin Mitnick gained unauthorized access to the e-mail of MCI and Digital Equipment security officials and later he was found guilty of damaging computer networks and stealing software; he was consequently sentenced to one year imprisonment (“A Very Short History Of Global Hacking..”). In the same year, the first National Bank of Chicago became the victim of a $70 million computer theft. In early 1990s a, special team of Secret Service agents named Operation Sundevil was formed to deal with computer, telephone, and credit card fraud. The Operation Sundevil conducted a raid in 12 major cities of the United States including Miami. During this period, high security organizations like Griffith Air Force Base, NASA, Korean Atomic Research Institute were targeted by hackers. In late 1990s, the US government was struck again when a group of hackers ruined federal websites including US Air Force, US Department of Justice, CIA, and NASA. According to a report by the General Accounting Office, the Defense Department’s computer networks experienced 250,000 attacks in 1995 alone. In 1996, a Canadian hacker group called Brotherhood intruded into the website of the Canadian Broadcasting Corporation and posted a message: ‘The media are liars’. In the next year, the US based internet search engine Yahoo was threatened that a logic bomb in the Yahoo users’ PCs would go off unless Kevin Mitnick was released from the prison. While analyzing the hacking history throughout 1980s and 1990s, it is identified that hacking activities by teenagers posed the greatest threats to computer networks. By the turn of the 21st century, the concept of hacking was entirely changed and there were many professional and organized hacking groups who could break into computer networks for money. Over the last decade, search engine giants like Google and Yahoo were hit by computer hackers several times. Today the concept of ‘ethical hacking’ has been developed to assist corporations and other organizations to run their operations more securely and efficiently. How hacking can be helpful? Although computer hacking is widely known to be a process cracking computer security, damaging computer networks, and stealing confidential information, today computer hacking has a lot of positive sides including industry level applications. The hacking activities aimed at identifying the pitfalls in an organization’s computer security and strengthening its computer network is termed as ethical hacking. As Hassan describes, the practice of breaking security is done in ethical hacking as well as unethical hacking; but the major point of difference is that permission is taken before breaking any security feature in case of ethical hacking (9). Today many companies like to test the security level of their network or application before sending it to their customers. Ethical hacking cannot be considered as an offense because checking security does not mean to do any harm to computer networks. More precisely, ethical hacking breaks the security only by strictly adhering to the current laws in practice. Today some companies sign agreements with hacking professionals for ethical hacking. Another feature of this type of hacking is that a report is submitted once the security systems are tested with hacking practices. Nobody was able to hack Google Chrome successfully until recently. The company offered huge cash prizes for those who break into Chrome successfully. However, recently a group of French hackers were able to do it successfully at the Pwn2Own hacking competition 2012 (Martindale). Pwn2Own is a computer hacking contest where contestants are challenged to hack widely used software, systems, and mobile devices with previously unknown vulnerabilities. This contest is of great help for companies to identify security vulnerabilities in their networks or technology. The concept of ethical hacking is helpful for banks because a security failure in their system would result in the loss of huge amounts of money. Furthermore, clients need to be convinced that their banker has strong security systems to secure credit card transactions and other monetary transactions. Therefore, leading banks spend a significant percent of their revenues to hire popular hacking groups and to test their security systems. Today’s business organizations deal with huge volume of business transactions everyday, and they need to store different kinds of sensitive customer information such as bank account details and credit card number. Therefore, even a minute flaw in the security systems would cause the company to lose its sensitive data/information, and such a situation may result in negative reputation or even a business collapse. An article titled ‘How Apple and Amazon security flaws led to my epic hacking’ by Mat Honan explains how someone can gain unauthorized access into another person’s Google, Twitter, or other personal accounts including bank account using simple personal details of the victim. Here, the victim was hacked easily in a few minutes just because he neglected to secure his g-mail account using the two-factor authentication. As a result of this negligence, it was easy for the hacker to find the victim’s recovery email. Using this information, the hacker could understand the four digit number of the user’s credit card. To worsen the situation, the user had linked his different main accounts to one another. Hence, it was very easy for the hacker to intrude into all accounts of the victim using only a few details about him. It is clear that the hacker would not have gained access to the user’s account if the user had used two-factor authentication for his Gmail account. From this incident, the victim could also understand that a recovery email address should be used only for recovery purposes without being linked to other core services. Another key point noted is that the hacker does not necessarily need to use terminal and detect the IP address to obtain all the personal information about the user. Like the case of Honan, many people and companies are often unaware of their security pitfalls, which would make things easy for an experienced hacker. Therefore, the practice of hacking can be beneficial for companies to identify where they stand in terms of computer/network security. Recently I got the opportunity to talk to a former Webster student who is currently working in a high security company that helps companies to protect themselves from being hacked. He explained one of his personal experiences that a client of him was overconfident that his firm’s system could not be hacked, and the owner challenged him to break the security mechanisms if possible. After taking this assignment, the person went to the parking lot along with his friend and connected another Wi-Fi and placed it under the couch so that it would not be easily noticeable. He set a similar name for the connection. Without recognizing the source of this Wi-Fi connection, all the staff and clients of the firm started to use this connection because it was faster and much better. Then the CEO arranged a meeting of the company employees and asked them whether they had recognized a new Wi-Fi connection. They replied yes and added that the IT department had set it for them. Then the one who set this Wi-Fi point asked them to bring someone from the IT department and confirm the matter. When the employees did it, the IT manager stated that the IT department had not set it up and he thought that this new Wi-Fi connection was allowed by the CEO. In short, no one was suspicious about the presence of the new Wi-Fi connection in the company including the IT department which was supposed to secure the firm’s computer system. As the firm’s IT department failed to discover it, the firm’s official information as well as clients’ personal information were uncovered. This experience greatly demonstrates how simple it is to break into the security system of a whole company. Majority of the people and companies misbelieve that a hacker is someone who is on their computer all the day cracking codes. In fact, hacking is not much difficult in modern days because people are figuring out simple ways to intrude into the computer system of others. Even companies which have highly paid security system in operations may be prone to some or other form of hacking threat. Under such a circumstance, the concept of ethical hacking is extremely helpful to point out security flaws in the system and thereby improve the security level. Hackers can be commonly divided into three groups including white hats, black hats, and grey hats. As Graves states, white hat hackers are ethical hackers and they use their advanced computing skill for defensive purposes whereas black hat hackers are malicious hackers and use their hacking skill for illegal or destructive purposes. Grey hat hackers may work defensively or offensively as the situation requires (6-7). As stated already, ethical hackers belong to the white hat category and use their expertise to identify weaknesses and to implement countermeasures. Ethical hackers work to enlighten business owners and other top level management officials that no technology is 100% safe and hence there should be effective monitoring mechanisms to limit the consequences of security pitfalls. Computer experts indicate that hacking is an effective tactic to regain lost passwords and other data and hence to recover valuable information. According to Beaver, it is identified that ethical hacking is helpful to develop cheaper ways of building security. The author adds that it would also assist the organization to recognize how security systems can improve productivity if they are implemented properly (p.na). Negative sides of hacking Although hacking can be used for a wide range of good purposes, most of today’s hackers wear a black or grey hat. Today the tool of hacking is increasingly used to intrude into the privacy of others by stealing credit card information, bank details, and other confidential information and damaging computer networks. As a result of these illegal practices, a notable percent of people engaging in debit/credit card transactions online are vulnerable to hacking threat. Today hackers use a number of tricks such as phishing, vishing, and smishing to steal the credit card details of individuals. People who are less aware of the rules of online credit card transactions are most likely to become the victims of credit card fraud. Although the cyber laws are very strict and companies have taken great efforts to secure online money transactions, hackers still pose potential threats to online buyers/sellers. Similarly, many hackers are targeting the websites and servers of reputed companies, government institutions, and other strategic organizations. Most of these attacks are launched by teenagers and other individuals who are excitedly interested in hacking activities. They think that hacking is a better way to prove their computer expertise. Admittedly, hackers are being treated as heroes and this ballooned heroism or unwanted worship greatly encourages hackers to vehemently try to crack popular computer networks. In addition, there are illegal hacking groups who break into the security systems of companies for money. Today competitors or other enemies may hire hackers to intrude into the networks of firms in order to damage their data irrecoverably. Here, hacking is done for unethical practices and hence it is illegal in nature. A major demerit of unethical hacking is that it increases the security spending of companies notably. It is clear that today companies are forced to spend huge amounts on security system installations, system monitoring and maintenance, and hiring of white hat hackers so as to fight the threat of malicious attacks. Sometimes network attacks by black hat hackers may cause the company to lose valuable information/data, money, and ultimately business reputation. For instance, CitiGroup lost $2.7 million and AT&T lost $2 million in 2011 as a result of severe hacking attacks whereas the Sony lost $170 million when hackers broke into their PlayStation system same year. Victims of hacking attacks need to raise huge amounts of money to compensate customers’ losses and to deal with lawsuits (Frost & Sullivan ). Evidences suggest that a strong hacking attack can alter or delete important files such as customer details or order information. Undoubtedly, a leak of confidential customer information or other business information would negatively impact the firm’s stature, and its clients may not like to remain with the firm any longer. Sometimes hackers steal information from the servers of government institutions like FBI, NASA, or Interpol and post the stolen information online. Probably such a practice will adversely affect diplomatic relations between countries or it may raise potential challenges to a nation’s security. Decreased privacy is identified to be a potential demerit of unethical hacking. Conclusion From the above discussion, it is clear that the practice of hacking can help companies identify vulnerabilities in their security systems or computer networks and thereby improve security levels. While analyzing the history of hacking, it seems that even highly secured websites of organizations like NASA, FBI, and Interpol have been hit by malicious hacking attacks at several points of time. Today people engage in unethical hacking activities to demonstrate their programming skills or to earn money. It is identified that ethical hacking can assist companies to trim down costs associated with system maintenance, customer reimbursements, and lawsuits to a great extent. Hackers can play a significant role in helping the company to identify how an effectively implemented security system can improve overall organizational productivity. In addition, this practice will help to recover lost information and passwords, and hence avoids permanent data loss. In short, the practice of hacking can serve individuals and organizations in several ways if it is used ethically. Works Cited “A Very Short History Of Global Hacking From Cap'n Crunch to Kazakhstan”. CSO Online. Web 30 Nov 2013 Beaver, Kevin. Hacking For Dummies. US: John Wiley & Sons, 2013. Print. Baker, Alex. “14 Years of SQL Injection and still the most dangerous vulnerability”. mavituna security, 22 Aug 2013. Web 30 Nov 2013 Frost & Sullivan. The Importance Of Ethical Hacking Emerging Threats Emphasise: The Need For Holistic Assessments. Web. 30 Nov 2013. Graves, Kimberly. Official Certified Ethical Hacker. US: John Wiley & Sons, 2007. Print. Hassan, Ashikali M. Hacking An Introduction. Ahmedabad: Computer World. Google Books. Honan, Mat. “How Apple and Amazon Security Flaws Led to My Epic Hacking”. WIRED, 2012. Web 30 Nov 2013. Martindale, Jon. “Google Chrome hacked first in Pwn2Own competition”. IT Portal, 09 Mar 2012. Web 30 Nov 2013. Trigaux, Robert. “A history of hacking”. St. Petersburg Times, web. 30 Nov 2013. Read More