computer hacking: A brief History

One might not suspect that the art, or scourge, of computer hacking was created at one of the havens for technological excellence.

True, at MIT (Massachusetts Institute of Technology), a group of students developed the technique and borrowed their name from the "hackers" of the late 1800s who found amusement in pranking the emerging telephone companies.Getting their laughs and skills from hacking and cracking into primitive computers and exploiting the Arpanet (predecessor to the internet), they created a novelty that would become the target of federal crackdown in years to come. To define hacking in short, we can say that an artistic criminal offense of breaking into another remote system without the owner's consent for the purpose of stealing information is what is hacking.

However, the act of hacking started out innocently, and was basically a method of trying to figure out how computer systems worked. The 1970s saw the rise in "phreaking," or phone hacking, headed by John Draper. This method allowed the user of a "blue box,", when used with a Captain Crunch whistle of 2600 hertz which accessed the AT&T long distance system, to make free long distance calls. Hackers initiated with accessing the free phone calls through a varied range of sources, thereby managing to circumvent into the nation's radio system and the phoning system resulting in a tremendous phone fraud nationwide.

After the age of "phreaking," computers became not only the target, but also the forum, for a growing hacker population to communicate. The creation of bulletin board systems (BBS) allowed this communication and the technological possibility of more serious government and credit card hacking became possible. At this time in the early 80's, hacking groups such as the Legion of Doom began to emerge in the United States, giving organization, and thus more power to hackers across the country.

Once this happened, breaking into the computers became a legitimate activity, with its own groups and soon its own voice with the 2600 magazine, launched in 1984. The effects of computer hacking were serious. Two years later, inevitably, Congress launched the Computer Fraud and Abuse Act that outlawed hacking. Over the years, there was a series of noticeable occurrences as the worst consequential effect of computer hacking on more high profile cases, such as the Morris Worm, responsible for infecting government and university systems, and the Mitnick case in 1995, which captured Kevin Mitnick, steeling as many as 20000 credit card numbers.

In 1999, security software became widely known by the public, and with the release of new Windows programs, which were littered with security weaknesses, they became successful because of necessity. This fraudulent act of computer hacking is perhaps the major problem, confronting the rapidly expanding population of Internet users today, with the systems still trying to battle online hackers.

Computer Hackers
World of Forensic Science | 2005 | Copyright
Computer Hackers
Forensic science utilizes the global resources of the Internet to access databases and to communicate with concerned experts. This form of communication, however, can make forensic databases and files vulnerable to deliberate sabotage. Computer hackers are people who gain remote access (typically unauthorized and unapproved) to files stored in another computer, or even to the operating system of the computer. In the 1950 and 1960s, hackers were motivated more by a desire to learn the operating characteristics of a computer than by any malicious intent. Indeed, in those days hackers were often legitimate computer programmers who were seeking ways of routing information more quickly through the then-cumbersome operating systems of computers.
Since then, however, computer hacking has become much more sophisticated, organized, and, in many cases, illegal. Some hackers are motivated by a desire to cripple sensitive sites, make mischief, and to acquire restricted information.
In the late 1990s, several computer hackers attempted to gain access to filesin the computer network at the Pentagon. The incidents, which were dubbed Solar Sunrise, were regarded as a dress rehearsal for a later and more malicious cyber-attack, and stimulated a revamping of the military's computer defenses. In another example, computer hackers were able to gain access to patient files at the Indiana University School of Medicine in February 2003.
One well-known hacker is Kevin Mitnick. Beginning in the late 1970s and continuing through the late 1980s, Mitnick was apprehended at least five times for hacking into various computer sites. Indeed, his lenient one-year jail sentence and subsequent counseling was based on his defense that he suffered from a computer addiction. In 1989, he vanished, only to reappear in 1992, when police became suspicious of tampering with a California Department of Motor Vehicles database. Mitnick was arrested in 1995 and remained in prison until his release in 2002. He was barred by law from using a computer until January 21, 2003 and later publishedThe Art Of Intrusion: The Real Stories Behind The Exploits Of Hackers, Intruders, And Deceivers in 2005.
The U.S. Patriot Act was signed into law on October 26, 2001. The intent of the act was to curb the danger posed to the country by terrorism. Computer hackers did not escape the legislative crack-down, since hacking represents a potential national security threat.
Under the act's provisions, the power of federal officials in criminal investigations involving hacking activities has been increased. These increased and somewhat secretive powers were among the contentious issues debated in 2005 as provisions of the Patriot Act come up for renewal.
Indeed, the threats to civilian privacy and national security from computer hackers was deemed so urgent that the U.S. government further enacted the Cyber-Security Enhancement Act in July 2002, as part of the Homeland Security measures in the wake of the terrorist attacks on September 11, 2001. Under this legislation, hackers can be regarded as terrorists, and can be imprisoned for up to 20 years. In seeking to prosecute a suspected hacker, investigators have the power to conduct Internet searches or telephone taps without court-sanctioned permission.
One tool that a hacker can use to compromise an individual computer or a computer network is a virus. Depending on their design and intent, the consequences of a virus can range from the inconvenient (i.e., defacing of a web site) to the catastrophic (i.e., disabling of a computer network). Within a few years during the 1990s, the number of known computer viruses increased to over 30,000. That number is now upwards of 100,000, with new viruses appearing virtually daily.
Despite the threat that they can pose, computer hackers can also be of benefit. By exposing the flaws in a computer network, hackers can aid in the redesign of the system to make information more inaccessible to unauthorized access.
see also Computer hardware security; Computer keystroke recorder; Computer security and computer crime investigation; Computer software security.
Cite this article
Pick a style below, and copy the text for your bibliography.
MLA

Chicago

APA

"Computer Hackers." World of Forensic Science. 2005. Encyclopedia.com. 9 Mar. 2011<http://www.encyclopedia.com>.
Learn more about citation styles
Related articles from newspapers, magazines, and more

Book decodes cryptic mind-set of a computer hacker.(Metropolitan)(Police Beat) Newspaper article from: The Washington Times (Washington, DC); ; 700+ words...technical side of computer crime is complex...leads them to attack computers and networks? People involved in computer security have developed profiles of hackers that give a reasonably...age of the average hacker - but in general...people think of a hackers as an outsider who breaks ...

COMPUTER HACKER HITS UW ALONG WITH FEDS.(Front) Newspaper article from: The Capital Times; ; 700+ words ...organizations targeted by acomputer hacker this week, according...down thousands of computers nationwide Monday...system for larger computers and networks. They caused computers to crash, but...reports of any computer information being...

Computer hacker is on loose New, sophisticated program has experts concerned Newspaper article from: Oakland Tribune; ; 700+ words ...knock them offline. The newhacker threat caught the attention...US-CERT -- the U.S. Computer Emergency Readiness Team...researcher at the Chicago-based computer security firm Lurhq, has...network traffic for small computer files, or cookies, that...because Phatbot links infected computers ...

Computer Hacker Fined $4,125 News Wire article from: AP Online; ; 700+ words ...AP Online 08-10-1999 ComputerHacker Fined $4,125 LOS ANGELES (AP) -- Computer hacker Kevin Mitnick, who...can't make a living from computers. Mitnick, the only computer hacker to make the FBI's 10 Most...made him a hero to fellow hackers world wide. As part of an...

Computer hacker films break logic code Newspaper article from: The Irish Times; ; 700+ words MOST FILMS about computerhackers have more in common with...students attended the Hackers and Hollywoodtalk given...Gordon, a former computer hacker and now a lecturer in...Gordon. "The majority ofhackers in real life come from...

Michigan computer hacker's sentence is 9 years in prison for Lowe's conspiracy. Newspaper article from: Knight Ridder/Tribune Business News; ; 700+ words...installed a program on the computer system of several of Lowe...previously imposed for acomputer hacking offense was the 5...nation's most notorious hackers, allegedly caused millions...corporate and university computers. Mitnick, once the FBI's most wanted hacker, was arrested in ...

COMPUTER HACKER-TURNED-INFORMANT ON THE LAM AFTER PAROLE VIOLATION Newspaper article from: Post-Tribune (IN); ; 700+ words ...long-haired, one-leggedhacker known to computer outlaws...admitted to helping other hackers rig a radio station promotion...conferences to spy on other hackers. He also says he helped...on probation for previous computer crimes. Mitnick faces trial...January. Mitnick is the only ...

Australia to Try Computer Hacker Accused of Damaging NASA Network Newspaper article from: The Washington Post; ; 700+ words ...20-year-old computerhacker from Melbourne to stand trial...research and space agency computer systems by telephone and...Nahshon Even-Chaim, a computer science student at the Royal...penetrating Australian and U.S. computers and altering or deleting...allegedly shutting down a ...

INFAMOUS COMPUTER HACKER GETS JANUARY RELEASE DATE.(News) Newspaper article from: Daily News (Los Angeles, CA); ; 700+ words ...s most notorious computer hacker, finally was brought to justice...Mitnick to stay away from allcomputer hardware and software, cell phones, computer networks, personal information...working as a consultant to computer companies or in any firms with access tocomputers. She also ...

Lab Officials Seek to Contact Computer Hacker; Intruder Has Breached... Newspaper article from: The Washington Post; ; 700+ words A computer "hacker" who has breached low...access through a national computer communications network...No files or data in the computers appear to have been altered...Charles Cole, the lab's computersecurity manager. "I...

Hacking
For years, "hacker" was a positive term that described computer enthusiasts who had a zeal for computer programming. Those who hacked took pride in their ability to write computer programs that stretched the capabilities of computer systems and find clever solutions to seemingly impossible problems. Although many computer enthusiasts still ascribe to this definition, the everyday usage of the word has changed significantly. Today, "hacking" generally refers to individuals who break into computer systems or use their programming skills or expert knowledge to act maliciously. (Traditional hackers—the good kind—prefer to use the term "cracker" to refer to these individuals.)
Some of the most common types of hacking include:
Breaking into computer networks;

Bypassing passwords or copy protection in computer software;

Defacing and/or damaging Internet web sites;

Causing a denial of service attack on a web site or network (preventing legitimate users from accessing a web site);

Stealing valuable information such as passwords and credit card data.

A Systematic Process
Although portrayed otherwise in Hollywood films and in television shows, hacking is a systematic, tiresome process in which the attacker attempts methodically to locate computer systems, identify their vulnerabilities, and then compromise those vulnerabilities to obtain access. Experts have identified six steps that are generally followed in the hacking process. These include (1) footprinting (reconnaissance); (2) scanning; (3) enumeration; (4) penetration; (5) advance; and (6) covering tracks.
Footprinting.
The first technique often used by hackers is called footprinting. The objective is to gather information essential to an attack and enable an attacker to obtain a complete profile of an organization's security posture. During this phase, the hacker might gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network. Often, hackers can perform this work with a simple web browser, a telephone, and a search engine. Unfortunately, humans are often the weakest security link in a corporation. A clever phone call to the technical support department can often compromise critical information: "Hi—this is Bill and I forgot my password. Can you remind me what it is?"
Scanning.
Next, hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use. During this phase, the hacker determines which systems on the target network are live and reachable from the Internet. Commonly used scanning techniques include network ping sweeps and port scans . A ping sweep lets the attacker determine which individual computers on the network are alive and potential targets for attack. Port scanning can be used to determine what ports (a port is like a door or window on a house) are open on a given computer, and whether or not the software managing those ports has any obvious vulnerabilities.
Enumeration.
The third phase is the process of identifying user accounts and poorly protected computing resources. During the enumeration stage, the hacker connects to computers in the target network and pokes around these systems to gain more information. While the scanning phase might be compared to a knock on the door or a turn of the doorknob to see if it is locked, enumeration could be compared to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely more intrusive.
Penetration.
During the fourth phase, penetration, the attacker attempts to gain control of one or more systems in the target network. For example, once an attacker has acquired a list of usernames during enumeration, he can usually guess one of the users' passwords and gain more extensive access to that user's account. Alternatively, once the attacker has determined that a target computer is running an old or buggy piece of software or one that is configured improperly, the hacker may attempt to exploit known vulnerabilities with this software to gain control of the system.
Advance.
In the advance phase of hacking, the attacker leverages computers or accounts that have been compromised during penetration to launch additional attacks on the target network. For instance, the attacker can break into more sensitive administrator root accounts, install backdoors or Trojan horse programs, and install network sniffers to gather additional information (for example, passwords) from data flowing over the network.
Covering Tracks.
In the final phase of hacking, the hacker eliminates any records or logs showing his malicious behavior. By deleting log files, disabling system auditing (which would otherwise alert the administrator to malicious activities), and hiding hacking files that the hacker has introduced, he can cover his tracks and avoid detection. Finally, the hacker can install a root kit—a series of programs that replace the existing system software to both cover his tracks and gather new information.
Recent Attacks, Countermeasures, and Motivations
Since the late 1990s, the number of hacking attacks has grown dramatically. Both private companies such as Microsoft, Yahoo, Amazon.com, Buy.com, and U.S. government entities like the Federal Bureau of Investigation (FBI) and the White House have been targeted by hackers. In the vast majority of incidents, hackers have attempted to either launch denial of service attacks or deface Internet web pages with inappropriate content. However, some of the attacks are far more insidious. In January of 2000, a nineteen-year-old Russian hacker, using the pseudonym Maxim, threatened to publish more than 300,000 customer credit card numbers (obtained by hacking into a popular e-commerce site) if he was not given $100,000 cash. Beyond these highly publicized cases, it is unclear how many corporations have been hacked successfully; however, from all accounts, the number is definitely large and growing.
A number of technologies are available to companies to prevent hacking attacks. The most popular tools are Internet firewalls, anti-virus software, intrusion detection systems, and vulnerability assessment tools. Firewalls are used to set up a virtual wall between the Internet and the company's internal network to repel attackers. Anti-virus software detects and removes computer viruses, worms, and Trojan horses. Intrusion detection systems watch over critical networks and computers looking for suspicious activities, and can alert administrators in the event of an attack. Finally, corporations use vulnerability assessment tools to inventory their computing infrastructure and better understand the existing vulnerabilities.
Contrary to popular belief, most hackers are not international or industrial spies with evil motives and a desire to rule the world; most hackers have a simpler agenda. Among hackers, one of the most frequently cited motivations is that hacking is fun and is like solving a game or a puzzle. Many hackers perceive their activities to be harmless and they do not believe that they are victimizing anyone. In addition, the thrill of doing something illegal or the ability to access data unavailable to the public can be a tempting motivator. The chance to earn recognition from within a hacker group also offers strong incentive for up-and-coming hackers who have yet to gain a reputation. Finally, many hackers justify their actions by explaining that they are doing a service for other computer users by identifying new security holes.
Judicial, Criminal, and Civil Implications of Hacking
The following federal statutes offer computer crime and hacking protection:
18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices;

18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers;

18 U.S.C. § 1362. Communication Lines, Stations, or Systems;

18 U.S.C. § 2511. Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited;

18 U.S.C. § 2701. Unlawful Access to Stored Communications;

18 U.S.C. § 2702. Disclosure of Contents;

18 U.S.C. § 2703. Requirements for Governmental Access.

As this list suggests, there is a substantial body of statutory law that applies directly to computer crime and hackers. Hacking of government computers, computers that are used by or for the government, and private computers used "in interstate commerce or communications" can be prosecuted under existing statutes. The existing statutory framework also provides for civil liability for unauthorized interception of communications. Finally, federal statutes exist to protect federal records, property, or public money. Consequently, bank, credit records, and electronic fund transfers are all protected by federal laws.
In recent cases, prosecuted hackers have been incarcerated, sentenced to home detention, and/or ordered to pay restitution. Offenders have been incarcerated for up to two years and some have been ordered to pay thousands of dollars in fines.
see also Hackers; Privacy; Security; Security Hardware; Security Software.
Carey Nachenberg
Bibliography
McClure, Stuart, Joel Scambray, and George Kurtz. Hacking Exposed. Berkeley, CA: Osborne/McGraw-Hill, 1998.

Palin e-mail hacker starts prison term
By Bobbie JohnsonTechnology reporter, BBC News
Sarah Palin has suggested the incident was the reason she failed to reach the White House
Continue reading the main story
Related stories
Year in custody for Palin hacker

Palin e-mail hack details emerge

Hackers infiltrate Palin's e-mail

A man who broke into Sarah Palin's e-mail has been imprisoned - despite being told he might be spared jail.
David Kernell, 23, was found guilty last year of illegally accessing Mrs Palin's e-mail during the 2008 presidential campaign.
At the time, a judge suggested he should serve his year-long sentence in a halfway house.
But after intervention from US government officials he is now in federal prison, the BBC has learned.
Officials confirmed that Mr Kernell reported on 10 January to begin serving his time at a federal corrections institute in Ashland, Kentucky.
That is not the situation that his friends and family were hoping for, however.
During a hearing in November, Judge Thomas Phillips indicated that Mr Kernell's sentence of one year and one day should be served at a halfway house to reflect the case's "unique circumstances".
"Even if the defendant serves his sentence at a halfway house, this combined with a criminal conviction is significant punishment," he said at the time, adding that it would mark "a sufficient restriction of the defendant's liberty".
The US Bureau of Prisons, however, has decided to make Mr Kernell serve out his term in the low-security prison camp nearly 300 miles from his home in Knoxville, Tennessee.
The move comes more than two years after the virtual break-in took place, at the height of the former Alaska governor's failed campaign to win the US vice presidency.
Using the online pseudonym "rubico", Mr Kernell - a student whose father is a senior Democrat politician in Tennessee - answered a series of security questions that gave him access to her private inbox, and then shared the details online.
A copy was retained by Wikileaks, the whistle-blowing website currently at the centre of a controversy over leaked US diplomatic cables, and details of her messages were published in several media outlets.
Continue reading the main story
“Start Quote
The state gives power to the Bureau of Prisons to determine the nature of incarceration.”
Professor Robert WeisbergStanford University
As a result, Ms Palin's family received abusive emails and phone calls. A subsequent FBI investigation led to Mr Kernell's arrest five days later.
Although he was eventually charged with four crimes - including identity theft and fraud - a court in Knoxville, Tennessee, only found him guilty of two lesser counts after a two-week trial last May.
The US Bureau of Prisons (BOP) would not comment on why Judge Phillips' recommendations had not been followed, but said decisions concerning inmates took into account a number of factors.
The BOP is not bound by judicial recommendations, one legal expert said federal sentencing was often "arbitrary".
"The judge can give either incarceration or probation, but if it's incarceration the state gives power to the Bureau of Prisons to determine the nature of incarceration," said Professor Robert Weisberg, director of the criminal justice center at Stanford University in California.
"There is not a general or uniform US rule," he added. "There is huge local variation."
Ms Palin - now seen as a potential presidential candidate in 2012 - has been in the headlines again after the fatal shootings in Arizona that left six dead and Congresswoman Gabrielle Giffords fighting for her life.
Critics have singled out aggressive political rhetoric as a possible aggravating factor in the shooting, with some specifically criticising Ms Palin for using an online graphic containing crosshair symbols that marked targeted Democratic districts, including that of Ms Giffords, in the recent US mid-term elections.
In a video posted online, the former governor said such suggestions constituted a "blood libel".
"Acts of monstrous criminality stand on their own," she said, rejecting claims that the vitriolic political climate was an incitement to violence.

computer hacking

Popular Posts

Wednesday, 9 March 2011

A brief History

Computer Hackers

Computer Hackers

Related articles from newspapers, magazines, and more

Hacking

A Systematic Process

Footprinting.

Scanning.

Enumeration.

Penetration.

Advance.

Covering Tracks.

Recent Attacks, Countermeasures, and Motivations

Judicial, Criminal, and Civil Implications of Hacking

Bibliography

Palin e-mail hacker starts prison term

“Start Quote

No comments:

Post a Comment

	Book decodes cryptic mind-set of a computer hacker.(Metropolitan)(Police Beat) *Newspaper article from: The Washington Times (Washington, DC); ; 700+ words**...technical side of* *computer* *crime is complex...leads them to attack* *computers* *and networks? People involved in* *computer* *security have developed profiles of* *hackers* *that give a reasonably...age of the average* *hacker* *- but in general...people think of a* *hackers* *as an outsider who breaks ...*
	COMPUTER HACKER HITS UW ALONG WITH FEDS.(Front) *Newspaper article from: The Capital Times; ; 700+ words* *...organizations targeted by acomputer* hacker this week, according...down thousands of computers nationwide Monday...system for larger computers and networks. They caused computers to crash, but...reports of any computer information being...**
	Computer hacker is on loose New, sophisticated program has experts concerned *Newspaper article from: Oakland Tribune; ; 700+ words* *...knock them offline. The newhacker* threat caught the attention...US-CERT -- the U.S. Computer Emergency Readiness Team...researcher at the Chicago-based computer security firm Lurhq, has...network traffic for small computer files, or cookies, that...because Phatbot links infected computers ...**
	Computer Hacker Fined $4,125 *News Wire article from: AP Online; ; 700+ words* *...AP Online 08-10-1999* *ComputerHacker* Fined $4,125 LOS ANGELES (AP) -- Computer hacker Kevin Mitnick, who...can't make a living from computers***. Mitnick, the only* *computer* *hacker* *to make the FBI's 10 Most...made him a hero to fellow* *hackers* *world wide. As part of an...*
	Computer hacker films break logic code *Newspaper article from: The Irish Times; ; 700+ words* *MOST FILMS about* *computerhackers* have more in common with...students attended the Hackers and Hollywoodtalk given...Gordon, a former computer hacker and now a lecturer in...Gordon. "The majority ofhackers in real life come from...**
	Michigan computer hacker's sentence is 9 years in prison for Lowe's conspiracy. *Newspaper article from: Knight Ridder/Tribune Business News; ; 700+ words**...installed a program on the* *computer* *system of several of Lowe...previously imposed for acomputer* hacking offense was the 5...nation's most notorious hackers***, allegedly caused millions...corporate and university* *computers**. Mitnick, once the FBI's most wanted* *hacker**, was arrested in ...*
	COMPUTER HACKER-TURNED-INFORMANT ON THE LAM AFTER PAROLE VIOLATION *Newspaper article from: Post-Tribune (IN); ; 700+ words* *...long-haired, one-leggedhacker* known to computer outlaws...admitted to helping other hackers rig a radio station promotion...conferences to spy on other hackers***. He also says he helped...on probation for previous* *computer* *crimes. Mitnick faces trial...January. Mitnick is the only ...*
	Australia to Try Computer Hacker Accused of Damaging NASA Network *Newspaper article from: The Washington Post; ; 700+ words* *...20-year-old* *computerhacker* from Melbourne to stand trial...research and space agency computer systems by telephone and...Nahshon Even-Chaim, a computer science student at the Royal...penetrating Australian and U.S. computers and altering or deleting...allegedly shutting down a ...**
	INFAMOUS COMPUTER HACKER GETS JANUARY RELEASE DATE.(News) *Newspaper article from: Daily News (Los Angeles, CA); ; 700+ words* *...s most notorious* *computer* *hacker**, finally was brought to justice...Mitnick to stay away from allcomputer* hardware and software, cell phones, computer networks, personal information...working as a consultant to computer companies or in any firms with access tocomputers***. She also ...*
	Lab Officials Seek to Contact Computer Hacker; Intruder Has Breached... *Newspaper article from: The Washington Post; ; 700+ words* A *computer* "*hacker**" who has breached low...access through a national* *computer* *communications network...No files or data in the* *computers* *appear to have been altered...Charles Cole, the lab's* *computer**security manager. "I...* Hacking For years, "hacker" was a positive term that described computer enthusiasts who had a zeal for computer programming. Those who hacked took pride in their ability to write computer programs that stretched the capabilities of computer systems and find clever solutions to seemingly impossible problems. Although many computer enthusiasts still ascribe to this definition, the everyday usage of the word has changed significantly. Today, "hacking" generally refers to individuals who break into computer systems or use their programming skills or expert knowledge to act maliciously. (Traditional hackers—*the good kind—prefer to use the term "cracker" to refer to these individuals.)* *Some of the most common types of hacking include:* *Breaking into computer networks;* *Bypassing passwords or copy protection in computer software;* *Defacing and/or damaging* *Internet* *web sites;* *Causing a denial of service attack on a web site or network (preventing legitimate users from accessing a web site);* *Stealing valuable information such as passwords and credit card data.* A Systematic Process *Although portrayed otherwise in* *Hollywood* films and in television shows, hacking is a systematic, tiresome process in which the attacker attempts methodically to locate computer systems, identify their vulnerabilities, and then compromise those vulnerabilities to obtain access. Experts have identified six steps that are generally followed in the hacking process. These include (1) footprinting (reconnaissance); (2) scanning; (3) enumeration; (4) penetration; (5) advance; and (6) covering tracks. Footprinting. The first technique often used by hackers is called footprinting. The objective is to gather information essential to an attack and enable an attacker to obtain a complete profile of an organization's security posture. During this phase, the hacker might gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network. Often, hackers can perform this work with a simple web browser, a telephone, and a search engine. Unfortunately, humans are often the weakest security link in a corporation. A clever phone call to the technical support department can often compromise critical information: "Hi—*this is Bill and I forgot my password. Can you remind me what it is?"* Scanning. Next, hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use. During this phase, the hacker determines which systems on the target network are live and reachable from the Internet. Commonly used scanning techniques include network *ping sweeps* *and* *port scans* . A ping sweep lets the attacker determine which individual computers on the network are alive and potential targets for attack. Port scanning can be used to determine what ports (a port is like a door or window on a house) are open on a given computer, and whether or not the software managing those ports has any obvious vulnerabilities. Enumeration. The third phase is the process of identifying user accounts and poorly protected computing resources. During the enumeration stage, the hacker connects to computers in the target network and pokes around these systems to gain more information. While the scanning phase might be compared to a knock on the door or a turn of the doorknob to see if it is locked, enumeration could be compared to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely more intrusive. Penetration. During the fourth phase, penetration, the attacker attempts to gain control of one or more systems in the target network. For example, once an attacker has acquired a list of usernames during enumeration, he can usually guess one of the users' passwords and gain more extensive access to that user's account. Alternatively, once the attacker has determined that a target computer is running an old or buggy piece of software or one that is configured improperly, the hacker may attempt to exploit known vulnerabilities with this software to gain control of the system. Advance. In the advance phase of hacking, the attacker leverages computers or accounts that have been compromised during penetration to launch additional attacks on the target network. For instance, the attacker can break into more sensitive administrator root accounts, install backdoors or *Trojan horse* *programs, and install network sniffers to gather additional information (for example, passwords) from data flowing over the network.* Covering Tracks. In the final phase of hacking, the hacker eliminates any records or logs showing his malicious behavior. By deleting log files, disabling system auditing (which would otherwise alert the administrator to malicious activities), and hiding hacking files that the hacker has introduced, he can cover his tracks and avoid detection. Finally, the hacker can install a root kit—*a series of programs that replace the existing system software to both cover his tracks and gather new information.* Recent Attacks, Countermeasures, and Motivations Since the late 1990s, the number of hacking attacks has grown dramatically. Both private companies such as Microsoft, Yahoo, Amazon.com, Buy.com, and U.S. government entities like the Federal Bureau of Investigation (*FBI) and the White House have been targeted by hackers. In the vast majority of incidents, hackers have attempted to either launch denial of service attacks or deface Internet web pages with inappropriate content. However, some of the attacks are far more insidious. In January of 2000, a nineteen-year-old Russian hacker, using the pseudonym Maxim, threatened to publish more than 300,000 customer credit card numbers (obtained by hacking into a popular e-commerce site) if he was not given $100,000 cash. Beyond these highly publicized cases, it is unclear how many corporations have been hacked successfully; however, from all accounts, the number is definitely large and growing. A number of technologies are available to companies to prevent hacking attacks. The most popular tools are Internet firewalls, anti-virus software, intrusion detection systems, and vulnerability assessment tools. Firewalls are used to set up a virtual wall between the Internet and the company's internal network to repel attackers. Anti-virus software detects and removes computer viruses, worms, and Trojan horses. Intrusion detection systems watch over critical networks and computers looking for suspicious activities, and can alert administrators in the event of an attack. Finally, corporations use vulnerability assessment tools to inventory their computing infrastructure and better understand the existing vulnerabilities. Contrary to popular belief, most hackers are not international or industrial spies with evil motives and a desire to rule the world; most hackers have a simpler agenda. Among hackers, one of the most frequently cited motivations is that hacking is fun and is like solving a game or a puzzle. Many hackers perceive their activities to be harmless and they do not believe that they are victimizing anyone. In addition, the thrill of doing something illegal or the ability to access data unavailable to the public can be a tempting motivator. The chance to earn recognition from within a hacker group also offers strong incentive for up-and-coming hackers who have yet to gain a reputation. Finally, many hackers justify their actions by explaining that they are doing a service for other computer users by identifying new security holes. Judicial, Criminal, and Civil Implications of Hacking* *The following federal statutes offer computer crime and hacking protection:* *18 U.S.C.* § *1029. Fraud and Related Activity in Connection with Access Devices;* *18 U.S.C.* § *1030. Fraud and Related Activity in Connection with Computers;* *18 U.S.C.* § *1362. Communication Lines, Stations, or Systems;* *18 U.S.C.* § *2511. Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited;* *18 U.S.C.* § *2701. Unlawful Access to Stored Communications;* *18 U.S.C.* § *2702. Disclosure of Contents;* *18 U.S.C.* § *2703. Requirements for Governmental Access.* As this list suggests, there is a substantial body of statutory law that applies directly to computer crime and hackers. Hacking of government computers, computers that are used by or for the government, and private computers used "in interstate commerce or communications" can be prosecuted under existing statutes. The existing statutory framework also provides for civil liability for unauthorized interception of communications. Finally, federal statutes exist to protect federal records, property, or public money. Consequently, bank, credit records, and electronic fund transfers are all protected by federal laws. In recent cases, prosecuted hackers have been incarcerated, sentenced to home detention, and/or ordered to pay restitution. Offenders have been incarcerated for up to two years and some have been ordered to pay thousands of dollars in fines. *see also* *Hackers; Privacy; Security; Security Hardware; Security Software. Carey* *Nachenberg* Bibliography *McClure, Stuart, Joel Scambray, and George Kurtz.* *Hacking Exposed.* *Berkeley, CA: Osborne/McGraw-Hill, 1998.* Palin e-mail hacker starts prison term By Bobbie JohnsonTechnology reporter, BBC News Sarah Palin has suggested the incident was the reason she failed to reach the White House Continue reading the main story Related stories Year in custody for Palin hacker Palin e-mail hack details emerge Hackers infiltrate Palin's e-mail A man who broke into Sarah Palin's e-mail has been imprisoned - despite being told he might be spared jail. David Kernell, 23, was found guilty last year of illegally accessing Mrs Palin's e-mail during the 2008 presidential campaign. At the time, a judge suggested he should serve his year-long sentence in a halfway house. But after intervention from US government officials he is now in federal prison, the BBC has learned. Officials confirmed that Mr Kernell reported on 10 January to begin serving his time at a federal corrections institute in Ashland, Kentucky. That is not the situation that his friends and family were hoping for, however. During a hearing in November, Judge Thomas Phillips indicated that Mr Kernell's sentence of one year and one day should be served at a halfway house to reflect the case's "unique circumstances". "Even if the defendant serves his sentence at a halfway house, this combined with a criminal conviction is significant punishment," he said at the time, adding that it would mark "a sufficient restriction of the defendant's liberty". The US Bureau of Prisons, however, has decided to make Mr Kernell serve out his term in the low-security prison camp nearly 300 miles from his home in Knoxville, Tennessee. The move comes more than two years after the virtual break-in took place, at the height of the former Alaska governor's failed campaign to win the US vice presidency. Using the online pseudonym "rubico", Mr Kernell - a student whose father is a senior Democrat politician in Tennessee - answered a series of security questions that gave him access to her private inbox, and then shared the details online. A copy was retained by Wikileaks, the whistle-blowing website currently at the centre of a controversy over leaked US diplomatic cables, and details of her messages were published in several media outlets. Continue reading the main story “Start Quote The state gives power to the Bureau of Prisons to determine the nature of incarceration.” Professor Robert WeisbergStanford University As a result, Ms Palin's family received abusive emails and phone calls. A subsequent FBI investigation led to Mr Kernell's arrest five days later. Although he was eventually charged with four crimes - including identity theft and fraud - a court in Knoxville, Tennessee, only found him guilty of two lesser counts after a two-week trial last May. The US Bureau of Prisons (BOP) would not comment on why Judge Phillips' recommendations had not been followed, but said decisions concerning inmates took into account a number of factors. The BOP is not bound by judicial recommendations, one legal expert said federal sentencing was often "arbitrary". "The judge can give either incarceration or probation, but if it's incarceration the state gives power to the Bureau of Prisons to determine the nature of incarceration," said Professor Robert Weisberg, director of the criminal justice center at Stanford University in California. "There is not a general or uniform US rule," he added. "There is huge local variation." Ms Palin - now seen as a potential presidential candidate in 2012 - has been in the headlines again after the fatal shootings in Arizona that left six dead and Congresswoman Gabrielle Giffords fighting for her life. Critics have singled out aggressive political rhetoric as a possible aggravating factor in the shooting, with some specifically criticising Ms Palin for using an online graphic containing crosshair symbols that marked targeted Democratic districts, including that of Ms Giffords, in the recent US mid-term elections. In a video posted online, the former governor said such suggestions constituted a "blood libel". "Acts of monstrous criminality stand on their own," she said, rejecting claims that the vitriolic political climate was an incitement to violence.