Friday, March 28, 2008

hacking

hacking

Describe a negative aspect of ICT's impact on the information society. Describe how ICT has brought this about and what society is has done in response to it.

Abstract

Hacking has been and still disease different societies suffer from. The essay aims to provide the reader with knowledge regarding the effects hacking caused to our society, and how the society responded and tried to solve or minimize those effects.

Different issues regarding hacking are discussed, such as the motivations that were behind guiding hackers who were at first computer professional to perform unauthorized activities, at the same time a discussion about the types of attacks can be found.

The society response to hacking attacks lacks till this moment the ability to stop or completely prevent attacks from happening because as long as security tools are developed, more sophisticated hacking attacks are invented. That's why we should start to think about hacker's psychology as the main way to prevent and stop attacks by understanding their needs or desires.

Introduction

The Oxford English Dictionary defines hacking as "cut or chop roughly; mangle: cut (one's way)"... to its present definition as "gain unauthorized access (to data in a computer)". Banks (1997:11) defines hacking as "something that boring mainframe computer operators did to improve performance and battle boredom." Here banks focuses on boredom as the reason of hacking. A more technical definition of hacking according to Digital Guards data base (2001) is "unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network." Darlington (2001) believes hacking is not limited to accessing data or information but also includes an attack on the privacy of all people. Almost all different opinions agree on the illegality of hacking.

On the other hand the word hacker is the agent of hack or hacking and it was defined as a person who enjoys accessing files whether for fun, imposing power or the interest related to the accessed files or data according to Taylor (1999). While Marotta (in Taylor, 1993) has a negative view of the hacker as a data lord, a barbarian who takes what he wants. Himanen (2001) defines hacker as any person who performs illegal actions whether they were related to computer or not which means the usage of a device apart from its functionality. Seems hacking according to Himanen is related to any illegal or unauthorized action. Seebach (1999) finds hacker as a person who feels delighted and full of joy when being able to access a system and break the security utilities but Himanen (2001) doesn't consider hacker as a thief. This definition looks at the hacker as a normal person who is only practicing his knowledge and ability to access what he wants. Williams (2002) goes in the same direction and finds hacker as a knowledgeable person who never stops reading and exploring new technology for the sake of improving himself and might perform illegal actions but his first priority is to look and search for more knowledge. Digital Guards data base (2001) gives the hacker a definition of "a person who enjoys exploring the details of computers and how to stretch their capabilities". Clear from the definitions mentioned above that there is a controversy that encounters the judgment and definition of hacking, controversy aroused because it's hard to decide exactly what the aim is behind hacking or how to know the mentality of the hacker. That's why the ethics and motivation of hackers should be paid attention and discussed then understanding the hacker will be much easier.

Who is the Hacker?

Hacker is part of the society, a computer professional who wants to use technology for his own benefit Taylor (1999). Seems hackers are experts and professional people who were behind the technology we are enjoying at the moment but at no time and suddenly they began to think about their interests and benefits they can achieve from what they invented. Levy (in Taylor, 1999) described hackers in regard to the history; she divided the life history of hackers into three generations: the first generation of hacking was made of experts of computer programming who never stopped improving their skills then misuse them, the second generation was made of computer hardware developers who found hacking and accessing data and information for free as an appealing idea while the third generation included developers of games architecture. Recently the fourth generation includes any person who has a computer and some knowledge of programming.

Pipkin (1997) classification of hackers depends on the functionality, in other words the classification depends on the way hacker interacts with what is being hacked. Hackers were classified into three different types; the first type is called In-house hacker. In-house hacker is an employee who is responsible of operating and maintaining the system, who interacts immediately with the system as programmer or data entry employee and is aware of all the system security capabilities and gaps and should be the guard of the system but for different motivations he hacks the system and gets what he needs betraying all the trust given to him, the second type is called super hacker who doesn't interact with the system but at the same time monitors the system on daily basis and has an eye on what is going on and what type of data is entered at what time then depending on the entries he decides the moment he should get these information and retrieve them for personal motivations while the third type is called professional hacker and this hacker is very strong and capable of getting any type of data, he has the ability of persuading the user or the operator to provide him with the needed information by programming tricks or user friendly screens and this kind of hackers often gets unique training specially when being used in military tasks as what happened in the cold war.

Randall et al. (2000) focus on another type of hackers related to organizations and business, this hacker can be a company's competitor, who is interested in business statistics or future plans. Hacking such information is beneficial to other companies so that they can change their plans in accordance to what was hacked and try to build strategies that cause failure and damage to others. This leads us to analyze and study the motivations and the thoughts of hackers and the reason behind performing illegal activities.

Motivations behind Hacking

The motivations behind hacking are an issue that is discussed heavily due to the importance of understanding the hacker's psychology and the fuel that encourages him/her to perform such illegal activities, also because hackers view about what they are doing is far different from our views as victims Furnell (2002). Taylor (1999) found that hacking is motivated by the desire of imposing power and improving knowledge, searching for convenience rather than making money. It's a matter of self convenience and satisfaction so that's why motivations differ from one hacker to another but they all share the feel of addiction, curiosity and the need to impose their power while Levy ( in Taylor, 1999) discussed the role of own thoughts and ethics in motivating the hacker; she believes that hacker thoughts were the main motivator, the thoughts focused on the freedom of information which means that information should be easily accessed by all people at any time, but since regulations and security tools limited accessibility and began to interfere with the freedom of information, hackers helped people to return back their right of instant access of any source of information. After seventeen years Selwyn and Gorard (2001) proved levy right and found that hackers do believe that knowledge and information should be shared and there is no need for information owning because accessing information is one of the basic rights people should have. Himanen (2001) believes that the thought of information sharing was the reason behind the failure and bankruptcy of many companies that were the target of many hacking attacks in the name of information sharing and defending the community rights. Sterling (2004) believes that information should be shared but with mentioning who is the owner and with the permission of doing that because knowledge should be spread away and not to be limited or restricted and hacking is not the proper way of doing this.

Pipkin (1997) on the other hand reveals the challenging part of the hacker's personality as the biggest motivation; this means that the hacker feels the joy and excitement when hacking systems that are provided with the almost perfect security tools. Randall et al. (2000) see the excitement as the major reason while Banks (1997) relates hacking to finding jobs which means if hackers were caught breaking into the system, the hacked system owners will offer the hacker highly paid job just for the sake of protecting their system from other intruders. Crucial paradigm (2003) includes that money had never been a motivator but in some cases hackers look for money because that will enable them to create unreal online shopping sites to collect payment details or to gain entry to servers displaying credit cards details.

Motivations behind hacking are difficult to capture because it's related to each hacker way of thinking or belief or sometimes the type of hack is used as an excuse for the illegal activity as what Pipkin (1997:8) stated "there are many hackers who don't consider themselves criminals because they are not stealing money, credit cards, computer hardware, or anything made of atoms. Rather, they are only making copies of software and data and utilizing computer resources". And also Thomas and Loader (2000) showed the result of a study done by asking different people about differences between hackers. The majority responded that hackers are not alike and they differ so much from each other since their motivations are different while Furnell (2002) judged hackers depending on the harm they cause whatever was their motivation, because hacking is a disease and should be removed so that the effect of hacker attacks will be minimized.

Types of attack

Pipkin (1997) lists a number of hacking attacks that are most commonly used in breaking system and causing disruption and damage for services. These attacks can be summarized as following:

1. Software Theft: means software will be hacked by producing illegal copies and selling them without the permission of the owner. This will result in bankruptcy and failure to companies that spend millions developing and creating software that will be sold later on with the cheapest prices in an unauthorized way.

2. Theft of business secrets: means that trading and business information are stolen for the benefit of other companies.

3. Theft of information: means that all types of information and data are stolen for a particular benefit or self motivation.

4. Denial of service: means that hacker will break into a system and disable different operations and cancel all account so that all users won't be able to access their own information.

5. Terrorism: known as information terrorism and occurs when dataflow is disrupted causing the system to break down and stop providing services for a period of time.

On the other hand Crucial paradigm (2003) talks specifically about forms and techniques of computer and network attacks and summarize them in five points as following:

1. Distributed denial of service attacks: means that the system crashes or stops working for a period of time due to flood of messages or requests.

2. Trojan horse: software installed on computer systems and treated as another software. It shuts down the system or allows you to hack other people. It enables others to enter your system or sets itself when triggered.

3. Viruses: most commonly used, the procedure of viruses is to spread and repeat itself then destroy or attack the system.

4. Websites: use known security holes to track your web browser and then perform harmful activities.

5. Worms: used for hacking big systems. It uses all available resources to cause overload to the system and difficulty to function.

Talking about attacks leads us to the question of what are the characteristics of them. Taylor (1999) listed the main characteristics of hacking attacks in three points:

1. Simplicity: means that the attack should be simple in appearance but the effects are impressive and the results will be as pleasing to the hacker as what he planned for. It means that do your job in a smart and easy way.

2. Mastery: the methods used in hacking contain sophisticated knowledge which is difficult for anyone to understand. The reason behind mastery is to make sure that the hacker is the only one who can solve the problem being caused.

3. Illicitness: means that the act is against all rules and laws.

Hacking should be halted and stopped. To know how to stop it we should know the reason behind the birth of hack, and to know why to stop it we should know the consequences and effects of hacking.

ICT and the birth of Hacking

Randall et al. (2000:15) state that "as long as there have been computers, there have been hackers". It's clear here that the birth of computer technology helped in the birth of hackers and computer psychos. Since internet and computer technology had spread away and became available to different people around the globe, information crime including hacking appeared as an enormous problem due to professionals or experts who realized the benefit of information for their own use.

ICT development was so fast and provided different facilities and services in a short span of time, but at the same time ICT helped in building hacking environments because the speed of ICT development and improvement was not matched with the speed of information security technologies development, so it allowed hackers to feel free in doing what they want Taylor (1999). It was ICT failure to provide high quality security technology that encouraged people who turned to be hackers to access information in unauthorized way without the fear of being caught.

Furnell (2002:190) stated that "hackers have established their own communities on the internet". That's because internet provides cheap access to everyone enabling the occurrence of illegal activities. According to Chakrabarti and Manimaran (2002) ICT should have provided security features to protect their findings and inventions then think about how to develop them. This means that ICT major problem that it was so fascinated by the fast development and ignored or totally forgot to protect and save the earlier inventions, this helped hackers to break into systems gaining benefit from security gaps and weaknesses.

Thomas and Loader (2000) believe that the development of ICT played a big role in building a hacking community, not only because ICT development is faster than security development, but also because ICT provided new chances and opportunities of hacking by including different and huge information data bases that are appealing to any person, this encouraged hackers to begin their illegal actions helped by the lack of capable security infrastructure.

Effects on Society

Hacking effects can be categorized into three types; effects on individuals, organizations, economy and effects on countries. The most important issue to recognize is that victims are the only ones who feel the threat and effects of hacking attacks, and our duty is to inform other people about the danger of hacking to be cautious and alert which helps in preventing hacking attacks from happening Furnell (2002). The effects are as following:

1. Effects on individuals: according to Banks (1997) there are cases where individual information is sold and used for bad purposes like using their accounts. While Seo (2001) focuses on the psychology of individuals after being hacked and that they will always have the fear of being monitored when accessing internet and information, added to that the privacy of users can be easily penetrated. According to Thomas and Loader (2000) credit card details and passwords can be stolen causing financial damage to individuals added to that computer systems can be hacked causing the machine to stop working as usual or stealing your data. These effects will cause frustration and fear to individuals when using ICT.

2. Effects on organizations and economy: hacking is said to have cost the global economy an estimated .2 Billion Niccolai (2000). Hacking caused and still causing till the moment bankruptcy to plenty of companies, that's because companies are being hacked plenty of times which leads to the loss of customer confidence or belief in the security capabilities of the company Furnell (2002). Banks (1997) believes that companies are a main target for hackers who break into their systems to steal trade information or customer's payment details. Pipkin (1997) focuses on denial of service and the effects on companies. The company server will be broken due to huge traffic causing customer frustration and hurt the company reputation. Same for software theft that causes bankruptcy to companies which spend millions to develop and create software that sadly later on is stolen and copied for cheap prices. The main problem is that some companies hire or use hackers to break into other competitor systems to steal precious information Randall et al. (2000). Thomas and Loader (2000) discuss the effect of hacking on E-commerce. Web sites for online selling are being hacked for the sake of getting customer and company information which then used for nefarious purposes.

3. Effects on countries: since we are living in information society where all our daily activities are controlled by technology, there will be a great damage if a vital system was broken by hacking attacks. Breaking main system might result in collapse of countries Banks (1997). Ninemsn ( 2004) shows that north Korea is training 600 hackers to begin cyber attacks against United States, Japan and south Korea to gather military intelligence. This kind of attacks to computer systems aim to steal vital information of countries decisions regarding foreign policies and strategies, this results in causing countries to reconsider their policies that were taken after long analysis, it might also cause disturbance due to the attack of precious and top secret information. CNET (2001) states that "FBI agents downloaded data from two Russian-based computers. The hacking was done to help their investigation and track information on internet crimes and breaking bank networks. This approach caused a lot of controversy and opened the door for other countries to hack different systems and retrieve any source of data using the excuse of tracking criminals which might lead to destroying the principle of information owning and security and then turn the world into a mess and open the door to a new cold war.

Society response (solutions)

The war against hacking is a continuous battle that has a starting point with no end at all. The world is using a variety of methods either to halt attacks or minimize their effects on different perspectives. McClure et al. (2003) found that the best way to minimize the effect of attacks or even avoid them is by building a well educated computer user who can gain benefit from different security techniques in the war against hacking. While Randall et al. (2000) believe that the first step to allocate hacking activities should be by applying information security policies, and that's what Pipikin (1997) stated and confirmed that nowadays policies are running in a large number of organizations, these policies imply that all employees should sign a workplace behavior sheet specially the ones dealing with sensitive data and information that must be kept secret. According to those policies any employee who is caught guilty and participating in information theft or hacking will be questioned and further sanctions are applied. Furnell (2002) has a negative opinion and blames policies and restrictions for the limitation of what we can do online. Randall et al. (2000) suggest that companies are making a big mistake by waiting for the attack to happen then when it's too late they reconsider their security techniques. Furnell (2002) suggests that companies are making a big mistake by hiding the attacks on their system and should inform authorities about any incident to help in tracking hackers and intruders.

Regarding security software, different opinions agree that there is no total security and the more sophisticated security tools are invented the more technical hacking attacks are applied, that's because as what Banks (1997) stated that hacking is a big field with no limitations, and hackers are inventing new techniques in a rate faster than security utilities. Server pipeline (2004) states that even with the availability of security tools, it's hard to fill all holes. Furnell (2002) also blames computer users for the inefficiency of security tools, he stated that having a security software is not a solution by itself, users should realize that they need those tools and should learn how and when to use them.

Furnell (2002) suggests that hacking will never fade away but it can be managed if precautions are taken, and Randall et al. (2000:499) said that "there will never be total security". And till this moment we are suffering from hacking attacks almost on daily basis and the only thing we can do is to minimize their effects and rarely prevent them from happening.

Conclusion

Hackers are responsible of the huge development in computer and internet technology, but these days we consider them as thieves and intruders who penetrated our own privacy and used the achievements they were behind for their own benefit.

Hackers have different opinions and motivations. However, they all share the spirit of challenge and always trying to prove their capabilities of doing what all believe is impossible maybe because they were mistreated, or doubts surrounded their abilities and past achievements. Hackers believe that information should be shared and they fight against information owning.

Effects that hacking caused and still causing to the society can't be ignored. Hacking nowadays is taking new phases and the danger is increasing because we are now living in a society that runs by ICT, and any attack to the ICT especially in advanced countries will cause vital consequences.

ICT still lacks a powerful security tools that are capable of tracking, catching hackers, and protecting computer systems from their attacks. My own view is that the best way to protect ICT from hackers is to study their psychology and try to understand their way of thinking, because hackers are human beings, who have two sides; evil and good, and they used to show their good side but suddenly they turned to be evil. The reasons which caused the transformation from good to evil individuals should be studied and given the highest priority in the war against hackers because since we put our hands on the cause, we can fix it to reach for better effects.

Bibliography 1. Banks, Michael A. (1997), Web psychos, stalkers, and pranksters: How to protect yourself online, Arizona (USA), The Coriolis group.

2. Chakrabati, Anirban and Manimaran, G. (2002), Internet infrastructure security: A Taxonomy, IEEE Network, November/December 2002, P.13.

3. CNET (2001), FBI "hack" raises global security concerns [online]. Available from: http://news.com.com/FBI+%22hack%22+raises+global+security+concerns/ 2100-1001_3-256811.html [Accessed 14th December 2004].

4. Crucial paradigm (2003), Hacking attacks-How and Why [online], Crucial paradigm. Available from: http://www.crucialparadigm.com/resources/tutorials/ website-web-page-site-optimization/hacking-attacks-how-and-why.php [Accessed 7th December 2004].

5. Darlington, Roger. (2001) Crime on the net [online], United Kingdom, Darlington, Roger. Available from: http://www.rogerdarlington.co.uk/crimeonthenet.html [Accessed 4th December 2004].

6. Digital Guards data base (2001), Glossary [online]. Available from: http://www.digitalguards.com/Glossary.htm [Accessed 10th December 2004].

7. Furnell, Steven. (2002), Cybercrime: Vandalizing the information society, Boston; London: Addison-Wesley.

8. Himanen, Pekka. (2001), The hacker ethic and the spirit of information age, Great Britain, Secker & Warburg.

9. Levy, S. (1984), Hacker: Heroes of the computer revolution, New York: Bantam Doubleday dell. Cited in: Taylor, Paul A. (1999), Hackers: Crime in the digital sublime, London, Routledge.

10. Marotta, M.E. (1993), `online with the super hacker'. Available from: http://www.kzsu.stanford.edu.uwi/post/mercury.html. Cited in: Taylor, Paul A. (1999), Hackers: Crime in the digital sublime, London, Routledge.

11. McClure, Stuart. Et al. (2003), Hacking exposed: Network security secrets & solutions, Fourth edition, Berkley, California (USA), McGraw-Hill/Osborne.

12. Niccolai, James.(2000), Analyst puts hacker damage at $ 1.2 billion. Available from: http://archive.infoworld.com/articles/ic/xml/00/02/10/000210icyankees.xml [Accessed 7th December 2004].

13. Ninemsn (2004), North Korea `has 600 computer hackers' [online], [national Nine news]. [SCI Tech news]. Available from: http://news.ninemsn.com.au/article.aspx?id=19653 [Accessed 10th December 2004].

14. Oxford English Dictionary. (1995), Concise, 9th edition. Oxford.oup.

15. Pipkin, Donald L. (1997), Halting the hacker: A practical guide to computer security, United States of America, Prentice Hall.

16. Randall, Nichols K. et al. (2000), Defending your digital assets: Against hackers, crackers, spies and thieves, United States of America, McGraw-Hill.

17. Seebach, Peter. (1999), Care and feeding of your hacker [online], Seebach, Peter. Available from: http://web.demigod.org/~zak/geek/hack.shtml [Accessed 6th December 2004].

18. Selwyn, Neil and Gorard, Stephen. (2001), 101 key ideas in information technology, United Kingdom: United States of America: Hodder and Stoughton-McGraw-Hill.

19. Seo, Jung.U. (2001), Toward the global information society opportunities and challenges [online], [minister of science and technology, Republic of Korea]. Available from: http://web.ptc.org/library/proceedings/ptc2001/plenary/seo.html [Accessed 10th December 2004].

20. Server pipeline (2004), Simulated hacker attacks [online], Server pipeline, Available from: http://www.nwc.serverpipeline.com/trends/trends_archive/46200228 [Accessed 15th December 2004].

21. Sterling, Bruce. (2004), The hacker crackdown: (Law and disorder on the electronic frontier), McLean, Virginia (USA), Indypublish.com.

22. Taylor, Paul A. (1999), Hackers: Crime in the digital sublime, London, Routledge.

23. Thomas, Douglas and Loader, Brian D (eds.) (2000), Cybercrime: Law enforcement, security and surveillance in the information age, London: Routledge.

24. Williams, Sam. (2002), Free as in freedom: Richard Stallman's crusade for software, Farnham, Sebastopol, California: O'Reilly.

0 Comments:

 

blogger templates 3 columns | Make Money Online