Hacker (computer security)

Transcription

Hacker (computer security)
Hacker (computer security)
In the computer security context, a hacker is someone
who seeks and exploits weaknesses in a computer system
or computer network. Hackers may be motivated by a
multitude of reasons, such as profit, protest, challenge.
enjoyment,[1] or to evaluate those weaknesses to assist in
removing them. The subculture that has evolved around
hackers is often referred to as the computer underground
and is now a known community.[2] While other uses of
the word hacker exist that are related to computer security, such as referring to someone with an advanced understanding of computers and computer networks,[3] they
are rarely used in mainstream context. They are subject to
the longstanding hacker definition controversy about the
term’s true meaning. In this controversy, the term hacker
is reclaimed by computer programmers who argue that
someone who breaks into computers, whether computer
criminal (black hats) or computer security expert (white
hats),[4] is more appropriately called a cracker instead.[5]
Some white hat hackers claim that they also deserve the
title hacker, and that only black hats should be called
“crackers”.
of Raymond in what they see as a wider hacker culture,
a view that Raymond has harshly rejected. Instead of a
hacker/cracker dichotomy, they emphasize a spectrum of
different categories, such as white hat, grey hat, black hat
and script kiddie. In contrast to Raymond, they usually
reserve the term cracker for more malicious activity.
According to Ralph D. Clifford, a cracker or cracking
is to “gain unauthorized access to a computer in order
to commit another crime such as destroying information
contained in that system”.[6] These subgroups may also be
defined by the legal status of their activities.[7]
2.1 White hat
Main article: White hat
A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while
working for a security company which makes security
software. The term “white hat” in Internet slang refers
to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability
1 History
assessments within a contractual agreement. The ECCouncil,[8] also known as the International Council of
Further information: Timeline of computer security Electronic Commerce Consultants, is one of those organizations that have developed certifications, courseware,
hacker history
classes, and online training covering the diverse arena of
ethical hacking.[7]
Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement that published the Technological Assistance Pro- 2.2 Black hat
gram (TAP) newsletter. TAP was a phone phreaking
newsletter that taught techniques for unauthorized explo- A “black hat” hacker is a hacker who “violates computer
ration of the telephone network. Many people from the security for little reason beyond maliciousness or for perphreaking community are also active in the hacking com- sonal gain” (Moore, 2005).[9] Black hat hackers form the
munity even today, and vice versa.
stereotypical, illegal hacking groups often portrayed in
2
popular culture, and are “the epitome of all that the public fears in a computer criminal”.[10] Black hat hackers
break into secure networks to destroy, modify, or steal
data; or to make the network unusable for those who are
authorized to use the network. Black hat hackers are also
referred to as the “crackers” within the security industry
and by modern programmers. Crackers keep the awareness of the vulnerabilities to themselves and do not notify the general public or the manufacturer for patches to
be applied. Individual freedom and accessibility is promoted over privacy and security. Once they have gained
control over a system, they may apply patches or fixes to
the system only to keep their reigning control. Richard
Classifications
Several subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some specific
group with whom they do not agree.
Eric S. Raymond, author of The New Hacker’s Dictionary, advocates that members of the computer underground should be called crackers. Yet, those people see
themselves as hackers and even try to include the views
1
2
3 ATTACKS
Stallman invented the definition to express the malicious- 2.8 Hacktivist
ness of a criminal hacker versus a white hat hacker who
A hacktivist is a hacker who utilizes technology to publiperforms hacking duties to identify places to repair.[11]
cize a social, ideological, religious or political message.
Hacktivism can be divided into two main groups:
2.3
Grey hat
Main article: Grey hat
• Cyberterrorism — Activities involving website defacement or denial-of-service attacks; and,
• Freedom of information — Making information that
A grey hat hacker lies between a black hat and a white hat
is not public, or is public in non-machine-readable
hacker. A grey hat hacker may surf the Internet and hack
formats, accessible to the public.
into a computer system for the sole purpose of notifying
the administrator that their system has a security defect,
for example. They may then offer to correct the defect 2.9 Nation state
for a fee.[10] Grey hat hackers sometimes find the defect
of a system and publish the facts to the world instead of Intelligence agencies and cyberwarfare operatives of naa group of people. Even though grey hat hackers do not tion states.[17]
perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.
2.10 Organized crime
2.4
Elite hacker
Groups of hackers that carry out organized criminal activities for profit.[17]
A social status among hackers, elite is used to describe the
most skilled. Newly discovered exploits circulate among
these hackers. Elite groups such as Masters of Deception
conferred a kind of credibility on their members.[12]
3 Attacks
2.5
A typical approach in an attack on Internet-connected
system is:
Script kiddie
A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using
automated tools written by others (usually by other black
hat hackers), hence the term script (i.e. a prearranged
plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature),[13]
usually with little understanding of the underlying concept.
2.6
Neophyte
Main article: Computer security
1. Network enumeration: Discovering information
about the intended target.
2. Vulnerability analysis: Identifying potential ways of
attack.
3. Exploitation: Attempting to compromise the system
by employing the vulnerabilities found through the
vulnerability analysis.[18]
In order to do so, there are several recurring tools of the
trade and techniques used by computer criminals and security experts.
A neophyte ("newbie", or “noob”) is someone who is new
to hacking or phreaking and has almost no knowledge or
experience of the workings of technology and hacking.[10] 3.1
Security exploits
Main article: Exploit (computer security)
2.7
Blue hat
A blue hat hacker is someone outside computer security
consulting firms who is used to bug-test a system prior
to its launch, looking for exploits so they can be closed.
Microsoft also uses the term BlueHat to represent a series
of security briefing events.[14][15][16]
A security exploit is a prepared application that takes advantage of a known weakness.[19] Common examples of
security exploits are SQL injection, cross-site scripting
and cross-site request forgery which abuse security holes
that may result from substandard programming practice.
Other exploits would be able to be used through File
3.2
Techniques
Transfer Protocol (FTP), Hypertext Transfer Protocol
(HTTP), PHP, SSH, Telnet and some Web pages. These
are very common in Web site and Web domain hacking.
3.2
Techniques
Vulnerability scanner A vulnerability scanner is a tool
used to quickly check computers on a network for
known weaknesses. Hackers also commonly use
port scanners. These check to see which ports on
a specified computer are “open” or available to access the computer, and sometimes will detect what
program or service is listening on that port, and its
version number. (Firewalls defend computers from
intruders by limiting access to ports and machines,
but they can still be circumvented.)
Finding vulnerabilities Hackers may also attempt to
find vulnerabilities manually. A common approach
is to search for possible vulnerabilities in the code
of the computer system then test them, sometimes
reverse engineering the software if the code is not
provided.
Brute-force attack Password guessing. This method is
very fast when used to check all short passwords, but
for longer passwords other methods such as the dictionary attack are used, because of the time a bruteforce search takes.
Password cracking Password cracking is the process of
recovering passwords from data that has been stored
in or transmitted by a computer system. Common
approaches include repeatedly trying guesses for the
password, trying the most common passwords by
hand, and repeatedly trying passwords from a “dictionary”, or a text file with many passwords.
Packet analyzer A packet analyzer (“packet sniffer”) is
an application that captures data packets, which can
be used to capture passwords and other data in transit over the network.
Spoofing attack (phishing) A spoofing attack involves
one program, system or website that successfully
masquerades as another by falsifying data and is
thereby treated as a trusted system by a user or another program — usually to fool programs, systems
or users into revealing confidential information, such
as user names and passwords.
Rootkit A rootkit is a program that uses low-level, hardto-detect methods to subvert control of an operating
system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent
their removal through a subversion of standard system security. They may include replacements for
3
system binaries, making it virtually impossible for
them to be detected by checking process tables.
Social engineering In the second stage of the targeting
process, hackers often use Social engineering tactics to get enough information to access the network.
They may contact the system administrator and pose
as a user who cannot get access to his or her system. This technique is portrayed in the 1995 film
Hackers, when protagonist Dade “Zero Cool” Murphy calls a somewhat clueless employee in charge
of security at a television network. Posing as an
accountant working for the same company, Dade
tricks the employee into giving him the phone number of a modem so he can gain access to the company’s computer system.
Hackers who use this technique must have cool
personalities, and be familiar with their target’s
security practices, in order to trick the system
administrator into giving them information. In
some cases, a help-desk employee with limited
security experience will answer the phone and
be relatively easy to trick. Another approach
is for the hacker to pose as an angry supervisor, and when his/her authority is questioned,
threaten to fire the help-desk worker. Social
engineering is very effective, because users are
the most vulnerable part of an organization.
No security devices or programs can keep an
organization safe if an employee reveals a password to an unauthorized person.
Social engineering can be broken down into
four sub-groups:
• Intimidation As in the “angry supervisor” technique above, the hacker convinces the person who answers the phone
that their job is in danger unless they help
them. At this point, many people accept
that the hacker is a supervisor and give
them the information they seek.
• Helpfulness The opposite of intimidation, helpfulness exploits many people’s
natural instinct to help others solve problems. Rather than acting angry, the
hacker acts distressed and concerned.
The help desk is the most vulnerable to
this type of social engineering, as (a.) its
general purpose is to help people; and
(b.) it usually has the authority to change
or reset passwords, which is exactly what
the hacker wants.
• Name-dropping The hacker uses names
of authorized users to convince the person who answers the phone that the
4
5 NOTABLE SECURITY HACKERS
hacker is a legitimate user him or herself. Some of these names, such as those
of webpage owners or company officers,
can easily be obtained online. Hackers
have also been known to obtain names
by examining discarded documents (socalled “dumpster diving”).
• Technical Using technology is also a way
to get information. A hacker can send a
fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he
or she is involved in law enforcement and
needs certain data for an investigation, or
for record-keeping purposes.
Trojan horses A Trojan horse is a program that seems
to be doing one thing but is actually doing another.
It can be used to set up a back door in a computer
system, enabling the intruder to gain access later.
(The name refers to the horse from the Trojan War,
with the conceptually similar function of deceiving
defenders into bringing an intruder into a protected
area.)
Computer virus A virus is a self-replicating program
that spreads by inserting copies of itself into other
executable code or documents. By doing this, it behaves similarly to a biological virus, which spreads
by inserting itself into living cells. While some
viruses are harmless or mere hoaxes, most are considered malicious.
Computer worm Like a virus, a worm is also a selfreplicating program. It differs from a virus in that
(a.) it propagates through computer networks without user intervention; and (b.) does not need to
attach itself to an existing program. Nonetheless,
many people use the terms “virus” and “worm” interchangeably to describe any self-propagating program.
4 Notable intruders and criminal
hackers
Main article: List of computer criminals
5 Notable security hackers
Main article: List of hackers
• Jacob Appelbaum is an advocate, security researcher, and developer for the Tor project. He
speaks internationally for usage of Tor by human
rights groups and others concerned about Internet
anonymity and censorship.
• Rakshit Tandon is an prominent cyber security researcher from India with primary focus on combating online abuse of women and children.
• Eric Corley (also known as Emmanuel Goldstein)
is the longstanding publisher of 2600: The Hacker
Quarterly. He is also the founder of the Hackers on
Planet Earth (HOPE) conferences. He has been part
of the hacker community since the late 1970s.
• Ed Cummings (also known as Bernie S) is a longstanding writer for 2600: The Hacker Quarterly. In
1995, he was arrested and charged with possession
of technology that could be used for fraudulent purposes, and set legal precedents after being denied
both a bail hearing and a speedy trial.
• Dan Kaminsky is a DNS expert who exposed multiple flaws in the protocol and investigated Sony’s
rootkit security issues in 2005. He has spoken in
front of the United States Senate on technology issues.
Keystroke logging A keylogger is a tool designed to
record (“log”) every keystroke on an affected machine for later retrieval, usually to allow the user of
this tool to gain access to confidential information
typed on the affected machine. Some keyloggers
use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used
for legitimate purposes, even to enhance computer
security. For example, a business may maintain a
keylogger on a computer used at a point of sale to
detect evidence of employee fraud.
• Andrew Auernheimer, sentenced to 3 years in
prison, is a grey hat hacker whose security group
Goatse Security exposed a flaw in AT&T’s iPad security.
Tools and Procedures
• Gary McKinnon is a Scottish hacker facing
extradition to the United States to face criminal
charges. Many people in the UK have called on the
authorities to be lenient with McKinnon, who suffers from Asperger syndrome.[21]
A thorough examination of hacker tools and
procedures may be found in Cengage Learning’s E|CSA certification workbook.[20]
• Gordon Lyon, known by the handle Fyodor, authored the Nmap Security Scanner as well as many
network security books and web sites. He is a founding member of the Honeynet Project and Vice President of Computer Professionals for Social Responsibility.
5
• Kevin Mitnick is a computer security consultant and
author, formerly the most wanted computer criminal
in United States history.[22]
7 Consequences
hacking
• Rafael Núñez, a.k.a. RaFa, was a notorious hacker 7.1
who was sought by the Federal Bureau of Investigation in 2001. He has since become a respected com7.2
puter security consultant and an advocate of children’s online safety.
•
• Meredith L. Patterson is a well-known technologist
and biohacker who has presented research with Dan
Kaminsky and Len Sassaman at many international
security and hacker conferences.
for
malicious
India
Netherlands
Article 138ab of Wetboek van Strafrecht prohibits
computervredebreuk, which is defined as intruding
an automated work or a part thereof with intention
and against the law. Intrusion is defined as access by
means of:
• Len Sassaman was a Belgian computer programmer
and technologist who was also a privacy advocate.
• Defeating security measures
• Solar Designer is the pseudonym of the founder of
the Openwall Project.
• By false signals or a false cryptographic key
• Michał Zalewski (lcamtuf) is a prominent security
researcher.
6
• By technical means
• By the use of stolen usernames and passwords.
Maximum imprisonment is one year or a fine of the fourth
category.[25]
Customs
7.3 United States
The computer underground[1] has produced its own specialized slang, such as 1337speak. Its members often
advocate freedom of information, strongly opposing the
principles of copyright, as well as the rights of free speech
and privacy. Writing software and performing other activities to support these views is referred to as hacktivism.
Some consider illegal cracking ethically justified for these
goals; a common form is website defacement. The computer underground is frequently compared to the Wild
West.[23] It is common for hackers to use aliases to conceal their identities.
6.1
Hacker groups and conventions
Main articles: Hacker conference and Hacker group
The computer underground is supported by regular realworld gatherings called hacker conventions or “hacker
cons”. These events include SummerCon (Summer),
DEF CON, HoHoCon (Christmas), ShmooCon (February), BlackHat, Chaos Communication Congress, AthCon, Hacker Halted, and HOPE. Local Hackfest groups
organize and compete to develop their skills to send a
team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker
groups became popular in the early 1980s, providing access to hacking information and resources and a place
to learn from other members. Computer bulletin board
systems (BBSs), such as the Utopias, provided platforms
for information-sharing via dial-up modem. Hackers
could also gain credibility by being affiliated with elite
groups.[24]
18 U.S.C. § 1030, more commonly known as the
Computer Fraud and Abuse Act, prohibits unauthorized
access or damage of “protected computers”. “Protected
computers” are defined in 18 U.S.C. § 1030(e)(2) as:
• A computer exclusively for the use of a financial
institution or the United States Government, or, in
the case of a computer not exclusively for such use,
used by or for a financial institution or the United
States Government and the conduct constituting the
offense affects that use by or for the financial institution or the Government.
• A computer which is used in or affecting interstate
or foreign commerce or communication, including
a computer located outside the United States that is
used in a manner that affects interstate or foreign
commerce or communication of the United States;
The maximum imprisonment or fine for violations of the
Computer Fraud and Abuse Act depends on the severity of
the violation and the offender’s history of violations under
the Act.
8 Hacking and the media
8.1 Hacker magazines
Main category: Hacker magazines
6
8
The most notable hacker-oriented print publications are
Phrack, Hakin9 and 2600: The Hacker Quarterly. While
the information contained in hacker magazines and ezines
was often outdated by the time they were published, they
enhanced their contributors’ reputations by documenting
their successes.[24]
HACKING AND THE MEDIA
• Live Free or Die Hard
• The Matrix series
• The Net
• The Net 2.0
8.2
Hackers in fiction
See also: List of fictional hackers
Hackers often show an interest in fictional cyberpunk
and cyberculture literature and movies. The adoption of
fictional pseudonyms,[26] symbols, values and metaphors
from these works is very common.[27]
• Pirates of Silicon Valley
• Skyfall
• Sneakers
• Swordfish
• Take Down
8.2.1
Books
• The cyberpunk novels of William Gibson—
especially the Sprawl trilogy—are very popular
with hackers.[28]
• Tron
• Tron: Legacy
• Helba from the .hack manga and anime series
• Untraceable
• Merlin of Amber, the protagonist of the second series in The Chronicles of Amber by Roger Zelazny, is
a young immortal hacker-mage prince who has the
ability to traverse shadow dimensions.
• WarGames
• Lisbeth Salander in The Girl with the Dragon Tattoo
by Stieg Larsson
• The Fifth Estate
• Alice from Heaven’s Memo Pad
• Ender’s Game by Orson Scott Card
• Evil Genius by Catherine Jinks
• Hackers (anthology) by Jack Dann and Gardner Dozois
• Little Brother by Cory Doctorow
• Neuromancer by William Gibson
• Snow Crash by Neal Stephenson
8.2.2
Films
• Antitrust
• Cypher
• Eagle Eye
• Enemy of the State
• Firewall
• Girl With The Dragon Tattoo
• Hackers
• Weird Science
• Who Am I – No System Is Safe (film)
8.3 Non-fiction books
• The Art of Deception by Kevin Mitnick
• The Art of Intrusion by Kevin Mitnick
• The Cuckoo’s Egg by Clifford Stoll
• Ghost in the Wires: My Adventures as the World’s
Most Wanted Hacker by Kevin Mitnick
• The Hacker Crackdown by Bruce Sterling
• The Hacker’s Handbook by Hugo Cornwall (Peter
Sommer)
• Hacking: The Art of Exploitation Second Edition by
Jon Erickson
• Out of the Inner Circle by Bill Landreth and Howard
Rheingold
• Underground by Suelette Dreyfus
7
9
See also
• Computer crime
• Cracking of wireless networks
• Cyber spying
• Cyber Storm Exercise
• Hack value
• Hacker (programmer subculture)
• Hacker Manifesto
• Hacker (term)
• IT risk
• Mathematical beauty
• Metasploit Project
• Penetration test
• Technology assessment
• Vulnerability (computing)
10
References
[1] Sterling, Bruce (1993). “Part 2(d)". The Hacker Crackdown. McLean, Virginia: IndyPublish.com. p. 61. ISBN
1-4043-0641-2.
[2] Blomquist, Brian (May 29, 1999). “FBI’s Web Site
Socked as Hackers Target Feds”. New York Post.
[3] “The Hacker’s Dictionary”. Retrieved 23 May 2013.
[4] Political notes from 2012: September–December. stallman.org
[5] Raymond, Eric S. “Jargon File: Cracker”. Coined ca.
1985 by hackers in defense against journalistic misuse of
hacker
[6] Clifford, D. (2011). Cybercrime: The Investigation,
Prosecution and Defense of a Computer-Related Crime.
Durham, North Carolina: Carolina Academic Press.
ISBN 1594608539.
[7] Wilhelm, Douglas (2010). “2”. Professional Penetration
Testing. Syngress Press. p. 503. ISBN 978-1-59749-4250.
[8] EC-Council. eccouncil.org
[11] O'Brien, Marakas, James, George (2011). Management
Information Systems. New York, NY: McGraw-Hill/ Irwin. pp. 536–537. ISBN 978-0-07-752217-9.
[12] Thomas, Douglas (2002). Hacker Culture. University of
Minnesota Press. ISBN 978-0-8166-3346-3.
[13] Andress, Mandy; Cox, Phil; Tittel, Ed (2001). CIW Security Professional. New York, NY: Wiley. p. 638. ISBN
0-7645-4822-0.
[14] “Blue hat hacker Definition”. PC Magazine Encyclopedia.
Retrieved May 31, 2010. A security professional invited
by Microsoft to find vulnerabilities in Windows.
[15] Fried, Ina (June 15, 2005). “Blue Hat summit meant to
reveal ways of the other side”. Microsoft meets the hackers.
CNET News. Retrieved May 31, 2010.
[16] Markoff, John (October 17, 2005). “At Microsoft, Interlopers Sound Off on Security”. The New York Times.
Retrieved May 31, 2010.
[17] Chabrow, Eric (February 25, 2012). “7 Levels of Hackers: Applying An Ancient Chinese Lesson: Know Your
Enemies”. GovInfo Security. Retrieved February 27,
2012.
[18] Gupta, Ajay; Klavinsky, Thomas and Laliberte, Scott
(March 15, 2002) Security Through Penetration Testing:
Internet Penetration. informit.com
[19] Rodriguez, Chris; Martinez, Richard. “The Growing
Hacking Threat to Websites: An Ongoing Commitment to
Web Application Security”. Frost & Sullivan. Retrieved
13 August 2013.
[20] Press, EC-Council (2011). Penetration Testing: Procedures & Methodologies. Clifton, NY: CENGAGE Learning. ISBN 1435483677.
[21] “Gary McKinnon extradition ruling due by 16 October”.
BBC News. September 6, 2012. Retrieved September 25,
2012.
[22] “Kevin Mitnick sentenced to nearly four years in prison;
computer hacker ordered to pay restitution ...” (Press release). United States Attorney’s Office, Central District
of California. August 9, 1999. Retrieved April 10, 2010.
[23] Jordan, Tim and Taylor, Paul A. (2004). Hacktivism and
Cyberwars. Routledge. pp. 133–134. ISBN 978-0-41526003-9. Wild West imagery has permeated discussions
of cybercultures.
[24] Thomas, Douglas (2003). Hacker Culture. University of
Minnesota Press. p. 90. ISBN 978-0-8166-3346-3.
[25] Artikel 138ab. Wetboek van Strafrecht, December 27,
2012
[9] Moore, Robert (2005). Cybercrime: Investigating High
Technology Computer Crime. Matthew Bender & Company. p. 258. ISBN 1-59345-303-5.Robert Moore
[26] Swabey, Pete (27 February 2013). “Data leaked by
Anonymous appears to reveal Bank of America’s hacker
profiling operation”. Information Age. Retrieved 21
February 2014.
[10] Moore, Robert (2006). Cybercrime: Investigating HighTechnology Computer Crime (1st ed.). Cincinnati, Ohio:
Anderson Publishing. ISBN 978-1-59345-303-9.
[27] “Hackers and Viruses: Questions and Answers”. Scienzagiovane. University of Bologna. 12 November 2012.
Retrieved 21 February 2014.
8
12
[28] Staples, Brent (May 11, 2003). “A Prince of Cyberpunk Fiction Moves Into the Mainstream”. The New York
Times. Mr. Gibson’s novels and short stories are worshiped by hackers
11
Further reading
• Apro, Bill; Hammond, Graeme (2005). Hackers:
The Hunt for Australia’s Most Infamous Computer
Cracker. Rowville, Vic: Five Mile Press. ISBN 174124-722-5.
• Beaver, Kevin (2010). Hacking for Dummies.
Hoboken, NJ: Wiley Pub. ISBN 978-0-7645-57842.
• Conway, Richard; Cordingley, Julian (2004). Code
Hacking: A Developer’s Guide to Network Security.
Hingham, Mass: Charles River Media. ISBN 9781-58450-314-9.
• Freeman, David H.; Mann, Charles C. (1997). At
Large: The Strange Case of the World’s Biggest Internet Invasion. New York: Simon & Schuster. ISBN
0-684-82464-7.
• Granville, Johanna (Winter 2003). “Dot.Con: The
Dangers of Cyber Crime and a Call for Proactive Solutions”. Australian Journal of Politics
and History 49 (1): 102–109. doi:10.1111/14678497.00284. Retrieved 20 February 2014.
• Gregg, Michael (2006). Certfied Ethical Hacker. Indianapolis, Ind: Que Certification. ISBN 978-07897-3531-7.
• Hafner, Katie; Markoff, John (1991). Cyberpunk:
Outlaws and Hackers on the Computer Frontier. New
York: Simon & Schuster. ISBN 0-671-68322-5.
• Harper, Allen; Harris, Shon; Ness, Jonathan (2011).
Gray Hat Hacking: The Ethical Hacker’s Handbook
(3rd ed.). New York: McGraw-Hill. ISBN 978-007-174255-9.
• McClure, Stuart; Scambray, Joel; Kurtz, George
(1999). Hacking Exposed: Network Security Secrets
and Solutions. Berkeley, Calif: Mcgraw-Hill. ISBN
0-07-212127-0.
• Russell, Ryan (2004). Stealing the Network: How to
Own a Continent. Rockland, Mass: Syngress Media.
ISBN 978-1-931836-05-0.
• Taylor, Paul A. (1999). Hackers: Crime in the Digital Sublime. London: Routledge. ISBN 978-0-41518072-6.
EXTERNAL LINKS
12 External links
• CNN Tech PCWorld Staff (November 2001).
Timeline: A 40-year history of hacking from 1960
to 2001
• Can Hackers Be Heroes? Video produced by Off
Book (web series)
9
13
13.1
Text and image sources, contributors, and licenses
Text
• Hacker (computer security) Source: http://en.wikipedia.org/wiki/Hacker%20(computer%20security)?oldid=656573680 Contributors:
The Anome, Deb, Fred Bauder, Pnm, HarmonicSphere, Ronz, Jebba, Darkwind, Charles Matthews, Andrewman327, Topbanana, Chuunen Baka, ZimZalaBim, Academic Challenger, Michael Snow, Pengo, Marcika, Tieno, Mckaysalisbury, OverlordQ, DragonflySixtyseven,
AndrewKeenanRichardson, CesarFelipe, Joyous!, Mike Rosoft, Freakofnurture, Discospinster, Rich Farmbrough, Qutezuce, Thedangerouskitchen, ESkog, MisterSheik, MBisanz, Aude, Adambro, Bobo192, Army1987, Smalljim, Duk, Adrian, Wrs1864, Storm Rider,
Alansohn, Tek022, Arthena, Diego Moya, Howrealisreal, Mysdaao, Zsero, Wtmitchell, Velella, Crystalllized, H2g2bob, BlastOButter42,
Mahanga, Kelly Martin, Woohookitty, Mindmatrix, TigerShark, Unixer, NeoChaosX, WadeSimMiser, Tckma, MONGO, Waldir, Xiong
Chiamiov, SqueakBox, Graham87, Jclemens, Icey, Ketiltrout, Rjwilmsi, ElKevbo, Jehochman, Ghepeu, The wub, DoubleBlue, FayssalF,
RexNL, Intgr, SpectrumDT, Coolhawks88, Celebere, David91, DVdm, Gwernol, YurikBot, Wavelength, RussBot, TheDoober, SpuriousQ, Hydrargyrum, Gaius Cornelius, Rsrikanth05, Pseudomonas, NawlinWiki, Xkeeper, Bachrach44, Grafen, Deskana, DarthVader,
Ejdzej, Thiseye, Irishguy, Abb3w, RUL3R, Gigor, Nate1481, Bucketsofg, DeadEyeArrow, Kewp, Kakero, Alpha 4615, Intershark, Zzuuzz, Arthur Rubin, Josh3580, Dspradau, Dcb1995, Whaa?, Tall Midget, SmackBot, Rtc, Maelwys, Hydrogen Iodide, Jacek Kendysz, Davewild, KVDP, KelleyCook, AnOddName, Bburton, Edgar181, Yamaguchi , Zvonsully, Gilliam, Hmains, Oscarthecat, Rmosler2100,
Tytrain, Chris the speller, Bluebot, Kurykh, MK8, Droll, Gutworth, Swiftdr, Mark7-2, Kungming2, Farry, Yunaffx, Wisden17, Butterboy, Pegua, Tsca.bot, SheeEttin, Onorem, JonHarder, Mos4567, Addshore, Khoikhoi, Fuhghettaboutit, Cybercobra, Nakon, Weregerbil,
WikiMASTA, Antipode, Ligulembot, Vic93, Rory096, Zymurgy, Harryboyles, Microchip08, Acidburn24m, Grimhim, Gobonobo, Erhik,
Mgiganteus1, Ben Moore, A. Parrot, Othtim, Slakr, Ehheh, Hu12, Swotboy2000, BananaFiend, Iridescent, Twas Now, Nfutvol, Igoldste,
Beno1000, Sbbpff, Courcelles, Tawkerbot2, CYRAX, TheHorseCollector, JForget, GeneralIroh, Paulmlieberman, Tanthalas39, Randhirreddy, Sir Vicious, Taimy, Neelix, Fordmadoxfraud, Unmitigated Success, Nauticashades, Mblumber, Ryan, Anthony62490, Gogo
Dodo, Anthonyhcole, ST47, Brianpie, Ameliorate!, Njan, Omicronpersei8, Kokey, Maziotis, Pipatron, Click23, Thijs!bot, Alexmunroe,
Epbr123, Kubanczyk, Ishdarian, PierceG, Marek69, NorwegianBlue, Cdf333fad3a, Pogogunner, Nick Number, Porqin, KrakatoaKatie,
AntiVandalBot, BokicaK, Luna Santin, Seaphoto, Nickrj, QuiteUnusual, Jj137, Deadbeef, Leuko, MER-C, Skomorokh, CosineKitty,
Davman1510, Hexatron2006, Tqbf, Acroterion, Propaniac, Meeples, Pigmietheclub, Hroðulf, Bongwarrior, VoABot II, JamesBWatson,
Wikichesswoman, Digital Pyro, Jvhertum, Evaunit666, Animum, Mukesh2006, Allstarecho, JonWinge, DerHexer, Atulsnischal, MartinBot, Comperr, R'n'B, Brothejr, Terafox, ArcAngel, Ash, Tgeairn, Manticore, J.delanoy, Pharaoh of the Wizards, Trusilver, Grim Revenant,
Rekrutacja, Bogey97, Tikiwont, Adamryanlee, Vanished user 342562, Footballfan42892, Kudpung, Dipu2susant, Katalaveno, Crakkpot,
Xython, SJP, Touch Of Light, Toon05, KylieTastic, Juliancolton, Cometstyles, Atsinganoi, Rising*From*Ashes, Bonadea, Useight, JohnDoe0007, SoCalSuperEagle, Dark-Dragon847, Funandtrvl, Hchoe, Jeff G., Indubitably, Robertobaroni, Danbloch, Delivi, Philip Trueman, Fran Rogers, Tense, Technopat, MrFirewall, KillerBl8, Someguy1221, Nicopresto, Lradrama, Zimbardo Cookie Experiment, Martin451, Slysplace, PaulTanenbaum, Seb az86556, Snowbot, Roo556, Benedictaddis, Doug, Haseo9999, Staka, Meters, Qlid, Turgan,
Indexum, PokeYourHeadOff, Howlingmadhowie, Horrorlemon, Jwray, Work permit, Scarian, Dawn Bard, Caltas, SecurInfos, Triwbe,
Mnbitar, Ml-crest, Sephiroth storm, Yintan, JoeMaster, Quest for Truth, Flyer22, Jasgrider, Bdorsett, Redmarkviolinist, Oxymoron83,
Faradayplank, Nuttycoconut, Jameshacksu, Poindexter Propellerhead, Hobartimus, Aiden Fisher, Ustad24, Denisarona, Darkspin, Nokeyplc, Loren.wilton, Martarius, Elassint, ClueBot, WilliamRoper, Jackollie, The Thing That Should Not Be, T.Neo, Ndenison, Taroaldo,
Adrianwn, TheOldJacobite, Boing! said Zebedee, Hafspajen, Halod, Krazekidder, Blanchardb, Ottawahitech, Stayman Apple, Sv1xv,
Kitsunegami, Excirial, Bedwanimas214, Encyclopedia77, BigChris044, AWoodland, KnowledgeBased, SpikeToronto, Rhododendrites,
AndyFielding, Morel, SchreiberBike, Knowz, Ottawa4ever, Thehelpfulone, DanielPharos, Thingg, Error −128, Andponomarev, Aitias,
Versus22, Hans Kamp, SoxBot III, Egmontaz, Apparition11, SF007, Glacier Wolf, DumZiBoT, Lolimahaxu, BarretB, AlanM1, Angelafirstone, XLinkBot, Armeyno, Rayzoy, Fastily, RebirthThom, Xena-mil, Avoided, Mitch Ames, Condra, PL290, Badgernet, Noctibus,
Speddie2, Ipwnz, Mounlolol, Hannibal14, RyanCross, Nolan130323, Bookbrad, Fat4lerr0r, Creepymortal, Zeeshaanmohd, Landon1980,
Nallen20, Tpjarman, IXavier, Grandscribe, Vatrena ptica, Jncraton, Mr. Wheely Guy, Computerhackr, A1b1c1d1e1, CanadianLinuxUser,
Fluffernutter, Asphatasawhale, MrOllie, Mentisock, Proxima Centauri, FerrousTigrus, Vonvin, Freqsh0, Dan Brown456, Glane23, Danbrown666, FCSundae, Favonian, 5 albert square, Tyw7, Japonca, Imanoob69, Im anoob68, Hudy23, Tide rolls, OlEnglish, RaidX, ‫ברי"א‬,
Khawar.nehal, CRYSIS UK, Jarble, Ladanme, Lolhaxxzor, Frehley, Ben Ben, Publicly Visible, HTS3000, Yobot, WikiDan61, Aubwie, Fraggle81, Sdtte345, Doctor who9393, THEN WHO WAS PHONE?, Hackistory, Br33z3r, UncleanSpirit, 007exterminator, Daniel
1992, Evilmindwizard, Tempodivalse, Surya.4me, Retro00064, AnomieBOT, Andrewrp, Holyjoely, DemocraticLuntz, Noq, Jim1138,
Gyakusatsu99, AdjustShift, Kingpin13, Ulric1313, RandomAct, Materialscientist, Limideen, ImperatorExercitus, DogPog1, Danno uk,
Citation bot, Aneah, Object404, Waterjuice, GB fan, Ammubhave, Xf21, JimVC3, Capricorn42, Nivekcizia, Delmundo.averganzado,
Jmundo, Mzinzi, Martychamberlain, Raganaut, Steaphan Greene, Mccleskeygenius10, Abce2, Frosted14, VanHelsing23, 7OA, Pradameinhoff, Mathonius, Raptor1135, Alex60466176, Shadowjams, Axonizer, Erik9, A.amitkumar, Voatsap, Haxor000, Satanthemodifier, K-lhc,
Ravyr, FrescoBot, Amirhmoin, Michael93555, Recognizance, XxtofreashxX, Jersey92, Dejan33, Cannolis, Killian441, ChadWardenz,
I dream of horses, HRoestBot, Spidey104, MHPSM, Achraf52, Sweetpaseo, Nickgonzo23, SpaceFlight89, Yutsi, Σ, Cathy Richards,
IAnalyst, KayinDawg, White Shadows, Winsock, Jaybhanderi, Chris5858, SchreyP, Strobelight Seduction, Slumvillage13, Searine, Lotje,
Callanecc, Fox Wilson, Vrenator, Yong, Bluefist, Allen4names, Aoidh, Reaper Eternal, Acatyes, Specs112, Lilnik96, Tbhotch, Reach Out to
the Truth, Minimac, DARTH SIDIOUS 2, Jfmantis, Mean as custard, RjwilmsiBot, Mrdifferentadams, Agent Smith (The Matrix), Skamecrazy123, Rollins83, DASHBot, Koppapa, EmausBot, John of Reading, Orphan Wiki, JCRules, Dewritech, GoingBatty, RA0808, RenamedUser01302013, Computerwizkid991, Iamahaxor, Tommy2010, Elvenmuse, Wikipelli, K6ka, Thecheesykid, AvicBot, Tranhungnghiep,
Fæ, Josve05a, Mr.honwer, Ὁ οἶστρος, A930913, Script-wolfey, Mukslove, H3llBot, Wikfr, Cymru.lass, Robotdantheman, XeroJavelin,
Aviator702-njitwill, DarkFalcon04, Gray eyes, Sayros, Deutschgirl, Donner60, Pre101, Ranga42, Wipsenade, Bomazi, Mcc1789, Craxmilian, Hmcc10, GrayFullbuster, Sven Manguard, Rmashhadi, Rocketrod1960, Akasosetutza, Whoop whoop pull up, Socialservice, Vanished
user ij3rnfkmclk3tkj4ncknefkjnadmcnbgrju, ClueBot NG, Smtchahal, WIERDGREENMAN, Headchopperz, Bigfatradish, WEBHTW,
Jeff Song, MelbourneStar, Kro-Kite, A520, Decepticon1, Ezzk, Narracan3824, Tonersa, Afpropm, Frietjes, Mrn5-NJITWILL, Muon,
Mesoderm, Widr, Argionember, ‫דיסקוברי‬, Helpful Pixie Bot, Augiecalisi, Bigwalter54, HMSSolent, The Elven Shadow, Cas CS, Whitehatpeople, Lowercase sigmabot, BG19bot, FAROOQBUTT2015, Sharkselva, Bausshackerhf, Sibidharan, Kennydo, MadHaTTer666,
Rsotillo, Mybenyboy, Ajith P V, ExdeathSoul, Paganinip, Mourt1234, AwamerT, Mark Arsten, Khaosfarrow, Xcyss, Royalle, Sandmanchang, General lee awesome, Savrose, Mrk28-NJITWILL, Zdrft, Sachinaditya5, Kizar, Insidiae, Pkbaughman, Cbellalmr, Achowat, Hackerxz13, Guanaco55, Abgelcartel, Codenamezuck, 2EChO, IamkenIT, Mala maju, Malqbi, Nohus, Hibye12345678910, Mediran, Gagan
sedulity, Kaeza, Jacobsipod, Jon.weldon, Austin170, Pincode84, Zak123456789, To-man, Stefano Vincenzi, AutomaticStrikeout, EagerToddler39, Danishfareed, Codename Lisa, Webclient101, Lorenzozandoli98, RazrRekr201, K8steve, Faceashbook, Knuckles352, Ejoe91,
10
13
TEXT AND IMAGE SOURCES, CONTRIBUTORS, AND LICENSES
SaltyKrackafag, Cubita linda, WikiEXBOB, Infinitematter, Nazanin8804023, Ydnom89, Numbermaniac, Bathtub41, Frosty, Little green
rosetta, Piyushratnu, Superboy 1989, Max Stardust, Telfordbuck, St.andrewstroll, Dnasuffix, SmartyPantsKid, Zdarm, Ashikali1607, Esmael001, Crydizzy, ProtossPylon, Risraeloff, Tentinator, Anonyseb13, Lolnoiedit, Geforsen, Arun vasan, Cfr robot, Ozuru, Balles2601,
Jenselby, Crou, Hippiman36, Ginsuloft, Hacker Exploits, S Kaushik wiki, Simius narrans, MrLinkinPark333, Manul, Techi 2013, Dhhacks,
Nickturner A$AP, WikiJuggernaut, Crenshawblackhat, KodojoDragon, Bshupe626, Vahidxaker, Akshay0000, Tathavms, Ethically Yours,
Thrasherrdesigns, Hack3rzgethacked, Adeemjan666, Chimpgod, Monkbot, MightyHypnoToad, Magicwalrus69, Adogake, VACyber,
BethNaught, Ipsdix, Person1928, Josephchenlin, NJMcrp1990, Isaiahs825, Nikhitagupta415, Mo5254, Ranjeet.yadav8563, Amortias,
Dracomalfoy3, ROMAN JERRY, EDITOR2003, Ayush dhiman 272, SEZDRX, Jezzardloffler24, HexOp, UnpredictablePrashant, Momin
Sohail, Therealinfosystir, XXGerry AdamsXx, Nikigreen02, Bhuwnesh.joshi2014, NAVNEET AGRAWAL GORAI, Esquivalience,
Anonymous6767, ShpetimRacaj, Gs5star, Pyrotle, W33svm, Miguel ATW, ParadoxLuLz, Shin0bih4x0r, Dawave0, Johngot and Anonymous: 1256
13.2
Images
• File:Commons-logo.svg Source: http://upload.wikimedia.org/wikipedia/en/4/4a/Commons-logo.svg License: ? Contributors: ? Original
artist: ?
• File:Edit-clear.svg Source: http://upload.wikimedia.org/wikipedia/en/f/f2/Edit-clear.svg License: Public domain Contributors: The
Tango! Desktop Project. Original artist:
The people from the Tango! project. And according to the meta-data in the file, specifically: “Andreas Nilsson, and Jakub Steiner (although
minimally).”
• File:Folder_Hexagonal_Icon.svg Source: http://upload.wikimedia.org/wikipedia/en/4/48/Folder_Hexagonal_Icon.svg License: Cc-bysa-3.0 Contributors: ? Original artist: ?
• File:Internet_map_1024_-_transparent.png Source: http://upload.wikimedia.org/wikipedia/commons/b/bd/Internet_map_1024_-_
transparent.png License: CC BY 2.5 Contributors: Originally from the English Wikipedia; description page is/was here. Original artist:
The Opte Project
• File:Portal-puzzle.svg Source: http://upload.wikimedia.org/wikipedia/en/f/fd/Portal-puzzle.svg License: Public domain Contributors: ?
Original artist: ?
• File:Question_book-new.svg Source: http://upload.wikimedia.org/wikipedia/en/9/99/Question_book-new.svg License: Cc-by-sa-3.0
Contributors:
Created from scratch in Adobe Illustrator. Based on Image:Question book.png created by User:Equazcion Original artist:
Tkgd2007
• File:Wikibooks-logo-en-noslogan.svg Source: http://upload.wikimedia.org/wikipedia/commons/d/df/Wikibooks-logo-en-noslogan.
svg License: CC BY-SA 3.0 Contributors: Own work Original artist: User:Bastique, User:Ramac et al.
• File:Wiktionary-logo.svg Source: http://upload.wikimedia.org/wikipedia/commons/e/ec/Wiktionary-logo.svg License: CC BY-SA 3.0
Contributors: ? Original artist: ?
13.3
Content license
• Creative Commons Attribution-Share Alike 3.0