Man is a curious animal. Few people can get by a day without wondering about the working of the many things that surround them. How a bird stays in air by flapping it’s wings, or how people get work done despite posting on Twitter every 5 minutes. Our curiosity drives us to understand the inner working of things despite the potential harm. People have taken great risks to examine the workings of this universe, and we are wiser for it.
With computers our curiosity found another dimension to explore. How does the software work? How did someone manage to make an algorithm that works so fast? We want to know. For the most part the information is all there, a software itself is merely data about how it will operate.
When you look at it in the clearest sense, everything on your computer is merely data that you already have access to. It is a collection of binary instructions which direct the functioning of your computer, there is nothing stopping you from finding out exactly how, if you are capable of understanding it at its lowest level. Network communication is merely the transmission of collections of bits from one computer to another in such a way that the devices can influence each others functioning. There are no physical limitations on what we can do with the data, the boundaries here are legal.
It is like owning a toy car, but being forbidden to open it up and see how everything works together. A situation many a curious child will sympathize with. The legal framework is designed to protect the rights of the author of the code. However in doing that it also curbs the freedom of people who are merely curious, with no harm intended. We can debate till the end of time about whether it is better for people to have freedom or whether such restrictions only manage to push an otherwise healthy curiosity to a crime. As you might remember though, curiosity killed the cat. The dogs are safe, so I guess its OK.
7|-|3 \/\/|-|173 |-|475
Some people however just don’t grow up, while once they were breaking toy cars, they now break code. For these such people hacking is merely a digital offshoot of their curiosity. The limitation they face seem so artificial, everything they need to hack into the code is right there, like the screws hidden behind stickers in toys.
To say they are misunderstood and misrepresented would be a gross understatement. Hackers are perhaps most associated with teenage geeks who live within six inches of their computer keyboards. Eccentrics with non existing social lives, as it is for anyone whose work involves something that will merely annoy people.
The good news and the bad is that hacking is no longer a purely illegal domain, and as such is no longer as “cool” as it used to be. Today we have ethical hackers, whose curiosity and determination is respected instead of being restricted. It seems many companies have realized that such traits are rather good to have in their employees. Known as White Hat Hackers, these people tread on the same familiar hacking territory but in the sandbox of their organization.
Many people regard Ethical Hacking is an oxymoron, a phrase invented by offended programmers to justify their sinful ways. Hacking sounds just too violent and in most other contexts it would involve masked men lopping off body parts. How can people accessing your data without invitation be considered ethical?
The perception is the issue. Surely it is wrong of a person to barge into your home but if he really did is just to appreciate your lawn, you might throw in a few concessions. That is the truth about the White Hat hackers today. They aren’t barging into your home to steal your money, they do so because of the thrill of it, they do it because of the challenge, and most importantly they do it so they can point out to you just exactly how many times you need to turn the key in the lock.
The reason this is confusing is that the ones we are securing from are Hackers themselves, but without the ethical code that the White Hat hackers follow. Describe These people are known as Black Hat hackers or crackers. Their motivation is not just curiosity, but a desire for profit, or even just a malevolent joy in disrupting others. Like with most things the malicious few ruin things for the others. We are more inclined to see a serial killer in a muscular man carrying a large knife than to recognize him us the friendly neighborhood coconut vendor.
In any other field of security, whether it be bullet-proof glass or car bodies, or bank safes, we expect the companies to do the best they can to ensure that our security is never compromised. How do you know whether a glass is bulletproof till you shoot it, or how safe a car is till you crash it? How do you know you computer firewall is strong enough to resist any penetration.
The job of an ethical hacker is to judge the level of security of any computing infrastructure. In order to do this they may have to subject it to the same kind of treatment that a malicious entity might. They need to discover any open routes of attack, any unsecured entry into the system.
The intent behind performing a penetration test is to evaluate if a system is ready to be deployed in an environment like the internet, where it is open to attack. To obtain a full security audit a penetration test can reveal a lot about how susceptible the system might be to attack, how measures may be taken to avoid such breaches, and what would be the impact of such a breach on the company and its data (if it were to happen). Since any system is bound to be susceptible to an attack of some form or the other, how seriously the threat will be taken will obviously depend on how feasible the attack is and how serious is its impact.
To fully secure a system it needs to be tested under all possible scenarios. For any external attack on the system the attackers will most probably be unaware of the specifications of the system. Simulating such attacks is called BlackBox Testing. To test the resilience of the infrastructure to attacks from an internal party which may be partially or fully aware of the systems’ configuration, a WhiteBox test is performed.
BL4(|< b0>< 73571|\|9
A black box is meant to signify a closed opaque system where you cannot immediately determine the composition of its contents. Every time you play around with a new closed source software which you know nothing about, you are in a way doing some blackbox testing of your own.
Real blackbox test, meaning testing which is done in order to ascertain the security of a system (and not say finding out how to create a cube in Light wave 3D) is much more complex. It is like handing a microwave oven to someone in the 1800s and telling them to make a roast turkey. For this reason blackbox testing is not something which can be automated, and requires extensive work by a professional hacker.
Since Black Box testing is independent of the internals of the system, it can expose bugs in the system which can be missed even by people who have full knowledge of the system. However it is difficult to be exhaustive, since the tester has no knowledge about the range of tests that need to be performed.
While playing around with something you don’t have any knowledge about, there is always a chance that you will break things. However this is a risk that often has to be taken in order to ensure that such a situation does not happen for real when the damage done would be much more catastrophic.
White Box testing is performed with full knowledge of, and perhaps even access to the internals of the system. Since White Box testing is based on knowledge that we already have, some of its aspects can be automated. As such it is much simpler to accomplish than Black Box testing.
It can evaluate the security of the system in case of an attack by people who have knowledge of the system, its configuration and structure, and possibly even some passwords. It is a simulation of an attack which could be an inside job, or in case of information being leaked about the system.
Steven Levy lays down some guidelines for hacker ethics in his book “Hackers: Heroes of the Computer Revolution”. Anyone who calls themselves a hacker usually adheres and believes in these principles.
- Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!
- All information should be free.
Information is what innovations and inventions are built upon, farther the reaches of information the greater the good it can do, and the more people it will inspire.
One of the biggest reasons the internet is popular is that it is a free resource of information. Companies are beginning to learn this the hard way, as we can see with Microsoft’s recent abandonment of their Encarta Encyclopedia.
- Mistrust authority—promote decentralization.
Corporations such as the RIAA damage the consumers and artists by punishing fans on the artists’ behalf while the artist watched helplessly in disgust. In a decentralized system each person has control over their own work, and how much you plan to share and with whom is entirely up to you.
- Hackers should be judged by their hacking, not criteria such as degrees, age, race, or position.
Age, race, sex, and position are non-factors when the only thing of value is the work that you do. It is only the work that you do which lives on after you. Ignoring someone’s experience and work based on any of these factors is sure to act as a hurdle to progress. Everyone is capable of contributing something, and the only measure of the contribution should be the contribution itself.
- You can create art and beauty on a computer.
- Computers can change your life for the better.
We no longer need to deal with static pieces of paper which contain information that is outdated minutes after it is published. You can now be an active part bringing people what they need to know. With initiatives like Wikipedia, you can have the knowledge of the entire world at your fingertips and not just the words of a select few whose voice reaches farther than others’.
Hacking is no longer the realm of a hobby or a crime, curiosity should never be considered an ill trait. It is in out very nature to discover the workings of the things surrounding us and the best thing is, you can now get paid for it!
Hacking is not everyone’s cup of tea, but for the few people who have what it takes it is no longer something they need to suppress into a hobby. More and more people are putting their curiosity to better use with careers in professional hackers, the ethics are part of the job if nothing else.
We have always paid homage to the brave people who have “hacked” the laws of this world and brought us the modern day conveniences that we can no longer imagine living without. Computer hackers are merely people who test the laws of computing and push the limits of what they can do. In a way though we are all hackers. Every day we test the working of the things around us whether we know how they work or not and no matter which hat you chose to wear, there is no greater joy in discovering the limits and pushing past them.