Knowing Who's a Cybertroublemaker - dummies

Knowing Who’s a Cybertroublemaker

By John R. Levine, Ray Everett-Church, Greg Stebben, David Lawrence

Feeling safe on the Internet is easy if you think of yourself as just one little surfer out in the middle of a giant ocean of networks, computers, and users. “I’ll bet the odds of someone seeing me, let alone picking me out as a victim, are about as slim as the odds of getting bitten by a shark,” you may think.

The problem with this analogy is that your average Internet bad guy is lots more technologically advanced than your average shark. Think about it: When you’re a shark, you have only one mouth. You can chomp down on only one surfer at a time. The situation is completely different for someone who wants to wreak havoc on your computer.

Introducing the cast of characters

A rose by any other name — on the Internet — can sometimes smell sweet and sometimes smell foul. What you may think of as a “hacker” is often known by another name within the hacking and computing communities. Here’s how to know who is who.

Technically speaking, a hacker is someone who is really good at pushing computers to their limits. These days, the definition has been expanded to mean someone who is really good at pushing computers to their limits as a way to get access to something he shouldn’t have.

Because some hackers are good, the good ones have suggested that an alternative word, cracker, be applied to hackers who are bad. The problem is that the hackers didn’t do a good job of telling the rest of the world that there’s a difference between a hacker and a cracker, so the two words are used pretty much interchangeably. When the news media makes any distinction between the two words, they usually call a hacker someone who has some larger scheme in mind when breaking into a computer or network and refer to a cracker as someone who generally breaks into computers for the thrill of it.

Just as in John Wayne’s world, the world of computer hacking has white hats and black hats. The black hats are the bad-guy hackers and crackers, of course — but the role of the white hats isn’t as clear as it was in John Wayne’s day.

White hats are good guys, mostly. The problem is that the way many white hats do their good deeds is by doing many of the same things that crackers do, but often while working as consultants for the networks they’re trying to crack (known as ethical hacking). Meanwhile, some white hats don’t wait to be hired, instead preferring to go ahead and ply their craft (pulling off the hack) and then telling the owners of the site after the fact that they’ve conquered the site.

Separating the good guys from the nasties

What differentiates these self-proclaimed white hats from the bad-guy black hats is that they don’t abuse the companies whose soft underbellies they’ve just exposed. But problems still exist. For example, sometimes after a white hat successfully pulls off a hack and then notifies the company of the security hole, the company doesn’t take the hint and fix the problem. This neglect enrages some white hats, who then feel justified in publicizing the vulnerability — and this, of course, then forces the company to fix the problem in a big-time hurry or risk being overrun by a horde of bad guys, all intent on taking advantage of the security leak.

For your average Internet user, script kiddies pose the greatest threat. Unlike hackers and crackers — who know what they’re doing — script kiddies have merely lucked into the possession of harmful software programs called scripts. But these script kiddies don’t really understand what the scripts do or how they work — all they know is how to unleash these dangerous little applications on the world at large.

As you may expect, script kiddies are most often teenagers — teenage boys, to be exact. At any time, hundreds of chat rooms and message boards on the Internet are swarming with these script kiddies, who are swapping the latest scripts. Unfortunately, the Internet makes it so easy for them to trade and distribute these scripts that it puts all our computers at greater risk of falling victim to one of their random attacks.

The “coolest” kiddies are 31337 H4X0rZ (which, believe it or not, stands for ELEET HAXORZ or elite hackers). Does that leave you feeling clueless? If you turn the 3s around into capital Es, the number 1 into a lowercase l, and look at the 7 as sort of a cursive capital T, you see ELEET. You can figure out the rest. What does it mean? Simply that they think they’re better than the next kiddies at doing things like downloading hacking software, even though most of them still don’t know how it works.