How has Hacking and the Motivation of Attackers Evolved - Research Paper Example

HOW HAS HACKING AND THE MOTIVATION OF ATTACKERS EVOLVED? By of the of the of the School 25 November, 2014 Contents Contents 1 Bidgoli, H., 2006.Handbook of Information Security, Information Warfare, Social, Legal, and Informational Issues; and Security Foundations. Hoboken, N.J: John Wiley & Sons. 14 Nick Moffitts $7 History of Unix. n.d. [Online] Available at: http://people.virginia.edu/~rtg2t/spring2002/unix.html[Accessed 24 November 2014] 15 Samuel, A.W., 2004. Hacktivism and the Future of Political Participation. [online] Available at: http://www.alexandrasamuel.com/dissertation/pdfs/Samuel-Hacktivism-entire.pdf[Accessed 24 November 2014] 16 1. Introduction Hacking is more than a century old to date. The term hacking became widespread after mid 20th century with the evolution of the computing environment. The period saw great development in mainframe computers and numerous technology based companies had invested for development of computer languages. Programmers saw opportunities for training and supporting computer programming projects, which provided an easy access for codes modification. However, as early as 1870s, misdirection of telephone calls and eavesdropping of conversations was established by the employees working in Bells Telephone Company. Earlier well known, MIT students became experts in hacking operations since their access to and study of computing after 1960s. In the modern world, with the widespread knowledge of computing and programming, hackers have increased; both ethical and criminal hackers who have distinguished motives. The Asian community today produces majority of computer hackers, and comprises the major drivers in technology evolution across the world. Literally, hackers are taken to be technically proficient people in specific areas. Palmer describes the original definition of a hacker as “a person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary” (2001, p. 769). However, besides expert enthusiasts, the term also refers to malicious meddlers into computers or systems for criminal objectives like theft of confidential information. Hacking today constitutes one of the greatest cybercrimes across the world, and has profound effects on the society, individuals, organizations and governments at large. Though still used to develop solutions to existing problems, some hackers have embraced the skills to challenge systems/developers, for fame, intentional damage and theft among others. Gone are the times when hacking was considered benign; computer systems or networks today are built to withstand hacking and the risks attackers pose. 2. Evolution of Hacking 2.1 Hacking during Bell’s telephone company operations Graham Bell’s invention of the telephone came at a time western nations sought to improve communication. The telephone technology that later employed switchboards in its communication exchange provided several opportunities for hacking and unethical conducts. Privacy was affected when the employed switchboard operators by telephone companies began to regularly invade, by deliberately misdirecting or blocking telephone lines and eventually crafting their acts to eavesdropping on people’s conversation to retain quite sensitive information (Elon University, N.d). Though the term hacking was not yet into use, the loose back ends of the telephone system provided opportunities for such intrusion from which learning and curious switchboard operators used to intentionally intercept and interfere into unsuspecting customers’ conversations. 2.2 Acceptance of hacking in 1960s The period recorded first advancement of computer technologies. IBM, MIT labs and AT&T Bell laboratories led to the establishment of large electronic data processing systems. Within two decades from 1950s, these labs contained most of the developed mainframe computers in an evolving world. Something most upcoming computing scientists could not easily comprehend in operating the computer and how to advance the redundant features like speed of the system. Initially, MIT students had been studying and exploring aging phone switching networks. The interest in computational environments had developed among MIT students concerned with machines and systems that controlled the train tracks. The Tech Model Railroad Club (TMRC) of MIT raised the first known legendary hackers. Beside the telephone, the railroad system was another kind of switching network, where TMRC students spent hours working on the complicated wiring of the switches to control the sections of tracks each train would use in the huge model of train layout. The Club had acquired a temporary space at an MIT building previously used for radar development in WWWII, but their programming was limited to manual wire alteration or operator’s real time control of switches to improve trains’ speed or tracks operation than designed. With the technology advancement, MIT had installed mainframe computers in a newly set artificial intelligence lab. Realizing the technology and their quest for automated machines to improve the railroad layout, most were drawn to MIT AI lab. Curious to know what more the computers would do, the first group of hackers emerged with a desire to explore the limits of technology, which resulted in discovery of unthinkable tasks of the computer, like playing chess and computer interactivity (Brunvand, 1996). The machines were known to be cumbersome and even very slow in yielding results compared to modern computers. Though emerged proficient calculating machines of the day, the clever engineers sought to improve the machines. According to Leeson and Coyne, the ‘hacks’ which are “the system shortcuts that make performing certain operations easier and faster” were the results of MIT hacking activities (2005, p.512). At this period hacking activities aimed to improve computing systems and push technology to greater lengths. 2.3 Hacks in AT&T Bell Labs The Bell lab had been working in a joint venture with MIT and GE in Multics project to create a second generation time sharing system, when it pulled out to direct their efforts to other research. Two prominent figures in Bell Company that worked on the project were Ritchie Dennis and Ken Thompson who persisted on solving the time sharing problem, but using a different approach to that of Multics (Brown, n.d). Away from the complex Multics, they focused on simple coding and creation of UNIX file system. Development of UNIX is a popular and historical effect of the engineers’ hack in creation of a forerunner open source O.S (Leeson and Coyne, 2005). The openness is perceived from the encryption of passwords and omission of the records in the file system. Having established the weaknesses in Multics project that had failed, Ritchie and Ken with the help of other clever programmer focused on the simplicity of algorithms, designed and wrote open set of codes to run machines that came to be accepted as the standard language of computing. The hacking involved from the Bell labs managed to improve the software writing capability and improve existing systems, especially in interacting with human/operators. Bell Lab came to release a version on UNIX early in the 70s, but upon its use in consecutive years, other scientist employing hacking produced other better versions. After the Bell Labs version came BSD Unix versions from Sun Microsystems. Any capable engineers/programmers of thinking out of the box, who got hold of the version, could modify the software considering it was an open source code. In an enabled world of hackers, some of the improvements they made were incorporated by the Microsystems to contribute to successive releases of the software. A common effect of original hacking to date been its contribution to release of software versions and improve applications functionalities. The period of 70s saw high development of the programming languages in the Bell Labs. This was due to the variation with which the different PDPs (programmable data processor) came with that prevented written programs from running in multiple platforms. First were older languages like FORTRAN in MIT lab, then UNIX and C in the Bell labs. UNIX software was often hacked in research projects and development; CSRG managed to “hack virtual memory into it to make the Franz LISP system more useful,” facilitating advancement of networking and internet technology (virginia.edu, n.d). The access of the source code for various people to build upon and modify, later gave them opportunities to pursue their interests irrespective of whether harmful or beneficial. 2.4 Hacking during the 70s and 80s 1970s period emerged with new kind of hacking on electronic telephone switching network. With the prosperity of the phone networks, phone hackers sought to exploit its operational characteristics to make free long distance calls. Phone phreaking was a perfection of John Draper who developed an “electronic device that simulated a phone operator’s dialling console to replicate tone that by passed the normal switching mechanism” (Felder 2014). He had learnt the art of manipulating telephone network, but it introduced other engineers into exploring into remote systems to wiretap calls. For a person to trick a computers controlled phone network, it showed the existing vulnerabilities of such system and potential in innovative minds. However, it was this humble beginning from phone phreaking and exchange of information in homebrew computer club that led founders of Apple computers (Steve Jobs and Steve Wozniak) into computer design and invention. Hacking for the Apple founders led to improvement of computers design and functionality and contributed to the known minicomputers/PCs. It must be appreciated that till the time, most of the hacking was inclined on the hardware than software to aid in technology development. 2.5 Hacking from late 80s to the modern day Development of minicomputers and their purchase across the world right from the western nations have spread fast since the 80s. Machines that were previously a luxury could now be accessed at an affordable cost by home owners, most universities, institutions and later students for their various activities. Apple and IBM PC came into the market and with access to other digital electronics like modems, communication among computer users enhanced. The resources aided hacking activities, which facilitated tapping into remotely connected computer systems. It’s remembered for the freedom in technology it gave to the society and potential hackers to own their computers, to build codes for applications and modify the computing hardware, without previous restrictions they experienced. The growth of internet connections introduced “forms of hacking that involved finding and connecting to unsecured Wireless Access Points (WAPs)” (Clarke, Clawson and Cordell, 2003, p.4). Most users have since gone online, but hacking culture has also diverted into the online warfare. Hackers could easily get varying information from the internet, share hacking tips among themselves irrespective of each one’s intentions. Trespassing into private computers, intercepting calls, breaking down systems, accessing private database/files and retrieving of confidential data through coded executable files and viruses are common in the modern world. Hacking in the modern world exploits the application’s vulnerabilities such as unsecure computers and networks for specific reasons. Programmers’ design and code small pieces of programs as worms and viruses, which execute once the programs they are attached to run in a system. Instead, the hacker’s program tricks the main program to alter the intended purpose. Hacking extends to modern computer operated gadgets like smart phones and even systems running control machines in industries. Most modern hackers are affiliated with open source code and learning to invent or introduce their modifications. 3. How the motivation of attackers evolved 3.1 Beginning from intellectual pursuit From the first encounter of the engineering students from MIT and AT&T labs in the 60s and 70s, it was quite evident their drive towards hacking was deeply entrenched in academia. It was characterized by benign activities, where students first spent time learning how computers and telephone systems worked and later modify them to improve the technology. The pursuit for knowledge to discover things unknown before, push technology ahead and customize existing technology for specific purpose served as the motives of most traditional hackers, an aspect that has persisted over decades (washington.edu, 2006). Critically evaluating them, it appeared as a way of toying around with technology hardware, but effectively resulted in better ways to use it. Out of their curiosity to understand technology, altering of wiring, breaking, sharing, modifying and replication of codes led to improvement of IT infrastructure. Led by traditional hackers like Wozniak, Jobs, Gates and Linus, the society today benefit from their earlier inventions and development in technology. 3.2 Need to improve security The concern for security and protection of automated electronic gadgets, computers and systems in the age of globalization is vital. Considering the increased cybercrimes leading into intrusion of privacy and compromise of corporations’ systems, from the ethical realm, some hackers seek to secure the digital world. They actively seek to discover the vulnerabilities of the systems/applications’ security, and working within the rules of hacker ethics either make the public aware or improve the security of the network, O.S, applications or computer systems (Fitch, 2003). As programmers they have to be adept people in manipulation and thorough penetration testers in the complex computing networks. Companies hire ethical hackers (normally termed as white hats for their intent) to probe their automated systems, expose their weaknesses, fix the problem and prevent opportunities which can be exploited through cybercrimes. Smith, Yurcik and Doss describe the ethical hacking behaviour of penetration tests “as covert testing in which the paid ethical hacker plays the role of hostile attacker, who try to compromise the system security,” but with an insurance of using a prudent method addressing its security (2002, p. 377). It’s today a profession in the ICT field and most ethical hackers earn decent salaries out of the skills. The previously rogue Kelvin Mitnick turned to be a prominent figure in the modern day ethical hacking; he not only owns security firm, but often hired by companies to hack into their computer systems and expose the vulnerabilities (holes). 3.3 Fame The desire for recognition in the world of technology evolution is a common motivation at least for the junior hackers breaking out. Just like a labour market some hackers feel the needs to prove their capability to the general public of what their skills can do. Through programming skills these hackers attempts to take down systems, break in very secure departments or access confidential data files among others, which upon success claim credit even if they acquire no financial gain. Their personal gain is to acquire the reputation in the hacking community; accept their contribution and recognize the impact the hacker creates. It’s a factor to fulfilling their psychological need and perhaps been enlisted in a hall of fame. Most former hackers known for their efforts have often been listed in website section earning them credit and fame for their work. You would agree with Bidgoli that the media has always given devoted attention to successful hacker celebrities and outsized computer/system attacks facilitating both hacking and cracking activities to be viable paths to fame (2006, p. 155). Jeffrey Lee parson was seven years ago jailed for 18 months for releasing a B variant blaster worm, but ultimately acquired his moment of fame and gained credit in the computer hacking community. 3.4 Financial gains Monetary gains have served as motivational factors for most hackers just like any employees in a company. One, computer access is globally spread, but employment remains quite a challenge in most countries. Hacking skills have hence for decades been exploited by professional and unethical hackers for profit making. As a trained hacker, it’s possible to acquire employment in corporations and small business and earn a decent living as long as they employ the IT infrastructure in their operations. Irrespective of ethical hackers or not their concern is financial value gained. However, majority of them do not operate under ethical rules, instead engage in criminal activities and hide the paths they use to fulfil the tasks intended to earn the profit. Apparently, cybercrimes has turned into multi billion business worldwide where malware use is reinforced as a criminal business model to intercept system and fraud cases to achieve financial gains (Chowdhary, 2012). Organizations, governments and businesses have lost millions of dollars through attack from criminal hackers. Online business and individual transactions have suffered the most from the attacks, where executable codes are used either to crack passwords, track transactions and transfer funds to anonymous accounts as instructed by the hackers’ programs. Numerous hackers have been arrested for their criminal hacking into credit cards, bank accounts and theft of money electronically. The famous Albert Gonzalez previously working as the U.S secret service informant to bust rogue hackers, had alongside been the mastermind of attacks on retail and banking network using an SQL injection attack and stole credit and debit card numbers from individuals for financial gains (Elderly, 2010). Some extensively move to hack bank’s websites, or if they get hold of an individual’s account use it to purchase items online. In cases of DDoS, where customers’ access to online services is denied, hackers design their codes, such that victims have to pay some charges, which are directed to specific accounts. At times the effect of paying the charges is a trap to enable them empty ones’ whole credit accounts. 3.5 Obtaining confidential information Other hackers prefer accessing confidential information from personal computers and online accounts. Other than bank information, hacking for insurance cover, medical information, learning institutions’ results and fees payment data are common. Companies like T-Mobile USA and ChoicePoint Inc were recently hacked and their clients’ personal information stolen (e.g. credit reports, social security number) (sjpd.org, n.d). Such information could be later used for identity theft or blackmailing individuals to solicit financial gains from them. Among them are the black hat hackers who develop code sniffers or phish for passwords to sensitive files and databases. Kelvin Mintnick once hacked into DEC’s company computer network and copied details for their millions worth software (Felder, 2014). In the modern online world, such motivated hackers strive to access users’ passwords and usernames, especially on various websites. 3.6 Political Activism and Revenge Some hackers use their skills to express themselves over issues. Just like disgruntled public individuals, hacktivists use technological platforms to air their views and push their agenda; its most often directed to corporations or governments for a pressing issue or politically intended message. Overwhelmed by hate or anger they engage into hacking to reach out to their targets in response; some preferring denial of service and web defacements attacks, or sending warning messages organization’s websites before shutting or corrupting their systems to promote their political beliefs (Samuel, 2004). They may prefer certain political orientations, criticize by humour and even sabotage target systems (cyber terrorism), but get to express themselves or support a policy. Appendix 1 CSRG - Computer Systems Research Group GE - General Electric DDoS – Distributed Denial of Service attacks MIT – Massachusetts Institute of technology UNIX – A multiuser computer O.S initially developed by AT &T, but with numerous versions from BSD licensing company. LISP System – LISP emerged from the word list processing, and it’s one of the oldest high level programming language used in AI research. AI- Artificial intelligence WWWII- World Wide War II IT- Information technology ICT- Information Communication and Technology SQL injection – A type of attack that uses SQL statements on data driven applications. Reference List Bidgoli, H., 2006.Handbook of Information Security, Information Warfare, Social, Legal, and Informational Issues; and Security Foundations. Hoboken, N.J: John Wiley & Sons. Brown, G. M., n.d. UNIX: An Oral History. [online] Available at: https://www.princeton.edu/~hos/frs122/unixhist/finalhis.htm [Accessed 24 November 2014] Brunvand, E., 1996.The Culture of the Programmer. [online] Available at: https://www.cs.utah.edu/~elb/folklore/afs-paper/node2.html [Accessed 24 November 2014] Chowdhary, S., 2012. Hackers Now Hack for Financial Gain not Fame. [online] Available at http://archive.financialexpress.com/news/hackers-now-hack-for-financial-gain-not-fame/1026842[Accessed 24 November 2014] Clarke, Z., Clawson, J. and Cordell, M., 2003. A Brief History of Hacking. [online] Available at: http://steel.lcc.gatech.edu/~mcordell/lcc6316/Hacker%20Group%20Project%20FINAL.pdf[Accessed 24 November 2014] Eldely, S. R., 2010. The Fast Time & Hard Fall of Green Hat Gang. [Online] Available at:http://www.sabrinaerdely.com/docs/HackersGoneWild.pdf[Accessed 26 November 2014] Elon University, n.d. Back 150 Times. [online] Available at: http://www.elon.edu/docs/e-web/predictions/back150years.pdf [Accessed 24 November 2014] Felder, B., 2014. Hacking, a History. [online] Available at: http://www.streetdirectory.com/travel_guide/114361/programming/hacking_a_history.html[Accessed 24 November 2014] Fitch, C., 2003. Crime and Punishment: The Psychology of Hacking in the New Millennium. [online] Available at: http://www.giac.org/paper/gsec/3560/crime-punishment-psychology-hacking-millennium/105795 [Accessed 27 November 2014] History & Impact of Hacking: Final Paper. 2006. [online] Available at: http://courses.cs.washington.edu/courses/csep590/06au/projects/hacking.pdf[Accessed 26 November 2014] Identity Theft: Evolving with technology. n.d. [Online] Available at:https://www.sjpd.org/BFO/Community/Crimeprev/crimeprevention%20forms/Identitytheft.pdf[Accessed 27 November 2014] Leeson, P.T. and Coyne, C.J., 2005.The Economics of Computer Hacking. Journal of Law Economic and Policy, 1.2. pp. 511-531. [Online] Available at: http://mercatus.org/sites/default/files/publication/1JLEconPoly511.pdf [Accessed 24 November 2014] Nick Moffitts $7 History of Unix. n.d. [Online] Available at: http://people.virginia.edu/~rtg2t/spring2002/unix.html[Accessed 24 November 2014] Palmer, C.C., 2001.Ethical hacking. IBM System Journal, 40. 3. pp. 769-780. [online] Available at: http://pdf.textfiles.com/security/palmer.pdf [Accessed 24 November 2014] Samuel, A.W., 2004. Hacktivism and the Future of Political Participation. [online] Available at: http://www.alexandrasamuel.com/dissertation/pdfs/Samuel-Hacktivism-entire.pdf[Accessed 24 November 2014] Smith, B., Yurcik, W. and Doss. D., 2002. Ethical Hacking: The Security Justification Redux. [online] Available at: http://www.academia.edu/2486687/Ethical_hacking_the_security_justification_redux [Accessed 24 November 2014] Read More