Time for me to go on another rant again here. The cause again seems to be the media in this country. I've seen a few TV shows on hackers which just seem wrong. Why is it that the media in this country can't seem to portrait an accurate image of any subgroup of people? The media loves playing hype and pop culture up. How many hacker movies have we seen in the past decade?

It's 'cool' to be a hacker. Women find it sexy, and guys call it bragging rights. But wait, what is a hacker? There's really nothing cool or sexy about it, even though the media and so called hackers would have you beleive so. I am by no means an expert on this subject matter, and the fact is, NO ONE is an expert on hacking because by it's very nature, it's elusive. I laugh so hard when I see people on TV claiming to be elite hackers because they read 2600 or visit hacking conventions. Yet true hackers wouldn't be caught dead being so blatent about their 'hobby'.

Hacking is bypassing a security measure meant to keep you out. A hacker is of course anyone who breaks a security measure. Although the true definition of hacker simply means one who writes code. We'll focus on the pop definition for the time being. There are of course different 'leagues' that hackers occupie:

Lamer: These people are barely hackers. They want to be, they think it's cool, but usually have so little computer knowledge it's scary. People who read e-mail headers, understand how to retreive an IP address, or do a WHOIS lookup and generally act impressed with themselves fill this category.

Script Kiddie: These people, usually younger in age, usually have some computer experience, they might even know how to install an OS from scratch or build a PC. Of course, everyone here knows that building a PC that turns on, and building a PC that runs stably is a different matter. Anyone can piece together the hardware, but so few of the people who do understand BIOS, ram timings and OS tweaks. Script Kiddies usually surf around the internet and download port scanners, backdoor exploiters, brute force password blockers, and port flooders. Most hackers fall in to this category, and in fact, script kiddies can do a good amount of damage to systems with poor security policies. Script kiddies are only as good as the software they can download, and really dont have any true skill themselves, just the know how enough to use the tools of True Hackers. They also have no idea how to keep from getting in trouble.

True Hacker: Usually programmers with a good knowledge of networking and security. These guys write the tools commonly used by the script kiddies, and are usually the first ones to exploit large holes in software/firmware. True hackers are also responsible for most of the viruses out there, and most do a fairly good job of hiding their identities. True hackers are usually rebels with out a cause, and don't cause too many wide spread problems (apart from the virus guys). They're really in it for the challenge, and dont commonly put the tools to good use.

Elite Hacker: So few of them exist, and I've never seen one myself. These are the professional hackers, the ones that try to make a living off of it. They are nearly impossible to catch, and are usually going after governmental institutions (working for other governments of course). Most of the work here is covert spying and data interception. Im not sure many of them actually get away with too much identity theft or stealing.

The common misconception about hackers, especially elite hackers, is that they can simply type a few keys on the keyboard and break in to any system. That's simply not true. People like to exaggerate and brag, and threaten others with hacking their PCs (on any IRC chatroom or some gaming servers). Script kiddies can cause havoc if you dont prevent against security holes, keep a good firewall, check for viruses/backdoors, etc. If you piss a True Hacker off enough, they can cause some more specific problems like a DoS attack, or they might get some of your passwords and get in that way.

It should be no surprise that people are so mystified about PCs that they believe the movie style hackers exist. People that can steal your identity and credit cards and money simply by touching your computer don't exist. Most credit card fraud is caused by people who actually work at the company your trying to do business with, not by hackers intercepting SSL packets.

End Rant.

Originally posted by Player0
End Rant.

End rant? I want to hear more!

Whenever watching moives with these so called "hackers" i'm always like, thats totally impossable! Kinda Like the movie anti-trust. Total BS.

Common Goofs:

I've decided to think up a small list of goofs and tips that most people should know regarding PC security.

1.) Don't use DMZ on your router/firewall! Yes, it makes ICQ file sharing work, and you dont have to know how to map ports for serving. However, you are negating all protection a firewall offers by using DMZ. The only time you should use DMZ is if you are bridging routers, or if you have a good software firewall on all your internal boxes (much harder to maintain and secure). For that matter, make sure to use a firewall.

2.) Use hard-to-guess passwords. Never use a password less than 8 characters for anything really important, and make sure to use letters, numbers and avoid any common words or abbreviations. By not using dictionary words, you force hackers to use brute force methods to crack the password. The best way to prevent brute force cracking is to make the passwords you use longer. A 10 character password will take an exponential factor of time longer to crack than a 8 character password.

3.) Dont ever send passwords via plain text! This includes email, instant messaging, telnet. Assume that these passwords can be easily seen, and they can be. If you need to send a password to someone, encrypt it with PGP, or in a locked ZIP file. Or call it in over the telephone.

4.) Seperate your passwords! Dont use the same password for a bank account that you do for an online website. The more passwords you use, the safer you are. If you have trouble remembering, store the passwords in your wallet. If you ever loose your wallet, change your passwords.

5.) Dont let anyone touch your PC unattended! Anyone with a floppy can steal all your passwords or install a back door in a matter of seconds. Any PC with physical access by another is a hacked PC.

6.) Run Anti-Virus scanners routinely! These will catch on to any backdoors or keycatchers that might be installed. You should also watch your service list and check any suspicious looking tasks running. There is much software out that spies on your keyboard habits.

7.) Dont use wireless keyboards! Every key you touch is sent out via radio frequencies and non-encrypted. Someone with a big enough directional antenna can pick these up even outside your house. In fact, there is technology that can read CRTs from a distance, although you need to be FBI to have easy access to this.

8.) Install the latest firmware/drivers/software updates! Many companies these days spend a lot of time and resources to secure their products, so you should take advantage of these usually free patches.

9.) Check your PC for foreign devices! If you're really paranoid, you can make sure that no one has plugged in a keyboard reader (a small PS2 device with onboard ram which plugs inline with the keyboard to the PC). These will steal passwords faster than butter melts. "Bugging" a PC isn't common, and this rule sort of ties in to #5. Still, it wouldnt be hard for someone at work to plop a device like this on your PC and get all your passwords.

10.) Keep up to date on security! There are many online publications which make security bulletins. The biggest advantage you have is knowledge. If you know how someone can hack in to your PC, you can better prevent it from happening. In the end, theres no sure fire way to prevent someone from getting access to your PC. All it takes is time. Watch your firewall logs, keep tabs on whats going in and out of your PC, and try to seperate the script kiddies from the people who are actually out to get in to your info.

Hear more? Im not sure whats left for me to say. There's a new hacker show coming up on TechTV which inspired this little rant about 'Hackers turned Good', basically hackers who now work for corporations trying to increase security. Oh, I cant wait to laugh at this one. I love how they have this gothic dressed green haired fat chick sitting on a couch talkign about her 'hacking' experiences. She of course dresses like someone might expect a 'hacker' to look.

Corporations dont know any better, and neither do the media. You place an add for a security consultant, and the HR lady interviews this 'hacker' and thinks to herself 'oh my, this is just what we need!'. Anyone ever see the movie Sneakers? Anyway...these corporations are being duped by script kiddies who are 'dressing the part'. I cant picture too many true hackers working for corporations like that. It really goes against the whole hacker mentality. Not that there IS a hacker mentality, it's usually people just trying to have fun and testing their intellegence. But not many intellegent people can stand working for the idiots that run most big corporations ;)

Then again, I could be wrong. I'm probably in the wrong job as usual. Im sure that even my markedly lame hacking skills could wow a corporation willing to spend lots of money paying for my video game addiction. Yet so many people buy in to this crap! Its like hackers have become some sort of Star Trek convention, where you dress up like hackers, pretend to know everythign about it, and then brag to other lamers just like you.

There's no reward in true hacking. You break a security policy, and the only one around to pat you on the back is you. You sure as hell dont go bragging about a crime ;) Unless you didnt actually commit one and have nothing to worry about :)

All in all a good listing that is fairly accurate save for a few details. The "True Hacker" as you call him (for arguments sake it's a he) is actually termed as a Cracker and the "Elite Hacker" is just plain old Hacker. There is much more of a difference than you have said:

The Cracker is the bad guy out there, he want's to break into any system (including yours) he can and cause damage so that he can go to his 1337 friends and act all manly and big because he broke into some hapless system and destroyed it. He has talent and skill but he doesn't care who's computer he breaks into and is only out to cause the system damage.

The Hacker, although a bad guy by rights he does things differently. He will target mainly large corporation systems and has some real talent with security systems and how they work. Once he accesses a system he will either a) tag the system or website with something barely noticable and only other hackers know to look for and enjoy the bragging rights for being able to get into the system ... or b) he'll steal a document or some software as evidence of his hack to show off and enjoy bragging rights. Hackers do not (in most cases) break into systems in order to bring them down (as hyped in the movie Hackers), no he wants to test his skills at circumventing security systems, it's almost like a sport to him.

The rest of the catagories you mentioned are accurate and can all go to hell as it's people in those catagories that have caused there to be a blurring in the distinctions. The media sees anyone in any of those catagories as a hacker which further fuels their egos and makes them go out and cause more mayhem as they feel they are something. I wish the media would get clued up and know who is what and report them as such, then those snotty-nosed script kiddies will be seen for what they are and ridiculed rather than being reported as being elite hackers of skill :rolleyes:

ummm ... *Ends rant rather abruptly*

I read 2600 but I'm in no way a hacker.

I have one friend that won't ever order something off the NET because of the "hackers" sealing people's #'s and junk. Then he goes and uses his cordless to call them and tell them his CC#. :confused: There's a better chance of someone picking that up than snaging some packets off the NET.

The movies crack me up. Password:Swordfish? the most realistic part of the movie was Halley Berry's rack. Script Kiddies have to go. They're just 12yr olds that haven't figured out mastrubation. Anyone can d/l a script and run it.

True hackers are doing it to further their knowledge not to cause trouble.

Most of the time ;)

Well, I wont argue the symmantecs of course, because there aren't any well defined labels for any of these groups. Lamers and Scriptkiddies are often bunched together, and elite hackers is really a made up thing. It's hard to classify any hacker as being one name or another. However, I creatde that list by skill level really.

I have to totally disagree with the term Cracker. A Cracker, as I know it, is a hacker that specializes in cracking software protection. Crackers are usually involved with warez, and the term cracker has been around from the atari days. I own many a pirated software with the words: Cracked by: John Doe. Crackers, Phreakers, and other terms like that are refering to speciality tasks in hacking, not really related to the skill level of the individual. A cracker would most likely be what I called a 'true hacker' though. True Hacker just means Hacker.

There are in fact Elite Hackers. These people are geniouses, usually employed by governmental agencies, and usually perform well planned attack and spying. Elite Hackers hack for a purpose, and you wont see these guys going after a Quake server. These are the guys hacking in to Osama's bank accounts and tracing criminal conversations overseas. Real CIA type stuff. Maybe working as corporate spies on a lower level.

Regarding the normal Hackers (which you wish to call Crackers), I don't beleive that these are the guys causing the most problems. Script kiddies are more dangerous than people with real skills. Yes, a hacker can do more damage than a script kiddie, but the big difference is that a hacker is going to target one system, not just portscan a range of IPs. The skill level needed to hack in to just any old PC is nothing compared to the skill level needed to hack in to a specific, and well guarded, PC. Does he want to break in to any system for bragging rights? Sometimes, but generally not. A true hacker is going to use his skills only when necessary, mostly to avoid any trouble with the law. A true hacker isnt going to randomly try and enter pcs, they are going to be methodical, take their time, and get in to do what they need to do. Usually, hackers like this dont cause damage, they simply get in and let you know they did, either by tagging a website or providing some other evidence.

The Hacker skill level has people who dont want trouble, and has people who do cause trouble. Again, I was classifying them by skill level, not by what they do. Mostly script kiddies are the ones trying to do damage though. Most of the hackers with any skill arent trying to bring down systems.

But, like I said, the symantecs of it all is hard, especially with the media clouding things up. There are at least 4 distinct skill levels though. What hackers choose to do with those skills is completely random however.

cracking older software is actually surprisingly easy i had a play around some time ago and it doesn't take more than a dissasembler and a hex editor to do it and for the older software you often only need to change one line to get around the protection new stuff is a *lot* harder though many people use standard protections so you can just load a standard protection breaker...

to be honest in my opinion "hacking" is too much hard work theres too many clever people trying to keep you out its much simpler to phone up the company and ask for whatever details you want, you'd be amased what people tell you if you come up with a story "hi am fred from it support, we are just running a few tests on the system can you tell me your password so i can check something?"

dicki