The White Hat: Are they reasonable for hacking?

2:45 AM ---


So as we back again to our previous topic about different kinds of hackers and what are their level, I’m going to share to you the mostly type of hat usually used in hacking community. This hat is the way how they recognize on how they behave on their hacking skills. 

Let’s start on White Hat. Before, I thought that hat are just something you wear as for style, for weather or if you just want to have hat on your head but when it comes to computer system and security as like for Linux and Red Hat, hat can be categorized into three – the White, Black and Grey Hat. White hat as a start for our topic are the ones who are considered as ethical hackers. There are lot of terms for white hat and based on the article from SecPoint: What is a White Hacker they are also known as sneakers, or even white knights. And from their definition, they are information and cyber security specialists who are well-versed in system examination, penetration testing, and many other network analysis approaches that guarantee the safety and integrity of many a company's information system. The sneakers appellation in particular refers to white hats who are actually employed by companies or organizations as network security professionals of sorts.

The National Security Agency (NSA) offers certifications to these hackers such as the CNS 4011, which covers professional and principled hacking techniques and team management. On that note, an entire group of these experts are referred to by the CNS 4011 as red teams or tiger teams if they're acting as aggressors or invaders, and as blue teams if they're acting as defenders or patch makers.

White Hat Hackers are known for their reasonable hacking on one’s system. They don’t want to harm or take advantage of the company or system they hack because they just want to share what they notice for the improvement of it and help without any change in return. It just about the company’s owner what action will he or she plan after knowing it from the white hats hacker. There are times, they recruit those white hat hackers and join to their team on the system and security department.

The idea about white hat and black hat was formulated in the presence of the black and white western genre of movies and television in which this white and black dichotomy is sometimes played out in the costuming, based on the wiseGEEK article what is White Hat? “White hats are a good person, a rescuer, a savior, or simply someone who upholds the law and does the right thing.”   

Black and white western genre of movies and television

There are lot of people who considered as white hat hackers. A slideshow about 12 "White Hat" hackers you should know by Ellen Messmer revealed some of them. For more info about it, you can click the hyperlink I include in the title and their pictures were also there for references.

Even in the Philippines, Raymond Nuñez is one of the white hat hacker or security professional. When the Cyber crime law was became the hit topic around the web he is one of those who helps companies defend against Internet attacks, says “some portions of the cybercrime law could be prone to abuse.” You can watch the video of it from ANC Presents: Cybercrime, October 10, 2012 ('White hat' hacker: Cybercrime law prone to abuse).

Hackers are not all mean. Sometimes, they just want to examine and experiment something that can contribute for future malwares and other issues about security. Imagine without those white hat hackers, do you think we can still have safe connection and privacy about our account credentials? Yeah we cannot say we have secured privacy but at least we can set it in terms we can still customize what we want to share to others or to everyone through web. It just a matter of appreciation to those ethical hackers because they also help other companies so they will know what specific task they should put more security to avoid system failure and destruction of their databases.

Apple Logo
Some of the biggest company hires white hat hackers on their company and one of them is Apple. There is a news about Apple hires white hat hacker who helped Microsoft probe and secure Windows Vista by The Next Web. You can read it for yourself since the link here can be accessible for everyone.

Control-Alt-Hack card game
While I’m reading and searching for other articles on the web that I can connect with my topic here, I found also an interesting site on which it is a card game but not just an ordinary game. This was released only last year and they called it Control-Alt-Hack: White hat hacking for fun and profit. Based on the article, Card game turns you into White Hat hacker by Alpha Doggs, “Although the new Control-Alt-Hack card game from a team of University of Washington computer scientists does expose you to enough computer security concepts that you probably will pick up a few learning along the way, and the game makers say it could be used in computer science classes to introduce students to security topics.” In this game, you and your fellow players work for Hackers, Inc., a small, elite computer security company of ethical (a.k.a., white hat) hackers who perform security audits and provide consultation services. Their motto? "You Pay Us to Hack You." You can read more of this on their site Control-Alt-Hack card website.

As I end the discussion about white hat hacker and move on our next blog post about black hat, we can learned from this articles that there are still some actions on which you cannot really determine if the white hat hackers are really white hat hackers or why the black hat hackers before become white hat hackers. Still it is just a matter of choice but as long as there is a professional ethics on how you do some things and skills you learned, hacking can be considered good in some different way.
Posted by Unknown at 2:45 AM 0 comments

Are YOU One of Us? (Levels of Hacker)

10:56 PM ---


Hello! I’m here again. Yeah going to type another blog post. It took me another week just to post something here since I’m thinking of my next topic to discuss. So after you have read my first post about some historical facts of hacking, I’m going to share to you the levels of hacker and what do they really do in their own skills.

I visited the site about Hacker Test. A simulation test with 20 levels that will require different skills to get to another step of the game and this meaning is written based on their website. (There are lot of games about hacking you can also try if you want: 10 fun (and safe) ways to pretend to be a hacker). I tried the Hacker Test for myself but I have not reached the next 14 levels of the game. Well, I don’t know but maybe my web browser does not cooperate with me when I’m typing those password on some of each level the website ask. If you are asking about my system environment:

MS Windows 8 Pro 32-bit
AMD Sempron Processor 140 Processor, 2.0GB RAM, NVIDIA GeForce 6150SE nForce 430
Browser: Mozilla Firefox 18.0.1

I am not that good into those kind of games and I don’t even consider myself as a hacker even though I do some of their skills when it comes to tweaking and coding from system application to networking. There lot of young professionals or even young students that even they are not into programming and IT related courses, they know so much about hacking. And with this kind of skills and talents they have where can we level them? As a reader, where do you consider yourself to be?

I found some good articles to read online and it also gave me an idea what are the other ranks or levels of the hackers based on their skills aside from the usual White, Black and Grey Hat. Eric Chabrow from his web page wrote an article about 7 Levels of Hackers Applying an Ancient Chinese Lesson: Know Your Enemies. It’s from Stuart Coulson (a director of the British hosting provider, in an article on the U.K. website business7.co.uk) who identifies seven levels of hackers and the higher the number, the greater the danger they pose. 

    1. Script Kiddies: Essentially bored teens with some programming skills who hack for fun and recognition. They're thrill seekers. 

     (I just want to add from this area is another web article from Tedifa - The Skill Levels of Hacker):  

     a)      Elite: Also known as 3l33t, 31,337, or a combination of that, is the spearhead of the network security industry. They get out in the operating system, able to configure and connect a global network. They are like stealth can enter the system undetected.

     b)      Semi Elite: These hackers are usually younger than the Elite. They also have the ability and extensive knowledge of computer. They understand all the operating systems (including holes). Usually equipped with a small amount sufficient to change the program exploits the program.

     c)       Developed Kiddie: The term is primarily because this age group are young (ABG) and still in school. They tried various platforms to ultimately succeed and proclaimed victory to another. Generally they are still using the graphic user interface (GUI) and just learn the basic of UNIX, without being able to find a new weakness hole in the operating system.

     d)      Lamer: They are people without experience and knowledge who want to become hackers. Use of their computers mainly to play games, IRC, exchange of personal software, steal credit card. Usually done by using software hacking Trojans, and DoS nuke. Usually boast etc. via IRC channels.

    2. The Hacking Group: A loose collection of script kiddies who wield more power as a collective than as individuals, and can cause serious disruption to business.

     3. Hacktivists: Collectives that often act with a political or social motivation. Anonymous is the best known hacktivist group that has been credited - or blamed - with attacks against child-porn sites, Koch Industries, Bank of America, NATO and various government websites.

     4. Black Hat Professionals: Using their expert coding skills and determination, these hackers generally neither destroy nor seek publicity but figure out new ways to infiltrate impenetrable targets, developing avenues of attacks that could prove costly for governments and businesses.

     5. Organized Criminal Gangs: Led by professional criminals, these serious hackers function within a sophisticated structure, guided by strict rules to ensure their crimes go undetected by law enforcement.

     6. Nation States: With massive computing power at their disposal, they target critical infrastructure, military, utilities or financial sectors.
     
    7. The Automated Tool: Fundamentally, it's a piece of software that acts like a worm virus and tries to affect as much as possible to give itself the largest possible framework. "A well-crafted tool could be utilized by any one of the other six criminal types," Coulson says.

    I believed that this levels of hackers or “not all that fall into the hacker category are cybercriminals. Not all are human", on which Mr. Coulson also shared. Some of them just want to explore something, learn new skills and because they are curious. He also said that not all (referring to hackers) are human. For me, it is because usually hacker can be an application and tools on which once you clicked it will lead to some cause of action like PC and email viruses. This may also cause failure of other business system and databases.


    You cannot determine who the lead of this hacking on one system are.  Even knowing your enemies and getting to know them won't be easy because as what Mr. Chabrow shared on his post, “we don't know much about the other levels that pose the greatest threats to information security.”

    So on what level do you consider yourself to be? Are you one of those Elite forces? Anonymous group? Or just one of those Kiddies who want to explore what does computer and internet can do besides from searching, browsing and streaming online?


    Posted by Unknown at 10:56 PM 0 comments

    History: Hacking? What does it mean?

    6:49 AM ---


    When I started to pursue my career in the field of computers, software, system and other technologies, I don’t really mind at all what will be the next opportunities awaits from me when I pass all my units on the course I take. When I started to learn some form of hacking on the web, there I thought this kind of skills will measure how great you are in any technologies but it does not really define you as a great person. I do not even consider myself as a hacker even though I do some of their skills for a purpose and as an ethical hacker. I know you are likely bored on what am I discussing on my first blog post but let define first the terms that you will encounter on this article.

    What is Hacking?

    Based on Merriam-Webster, hack is to cut or sever with repeated irregular or unskillful blows. It allows you to write computer programs for enjoyment and to gain access to a computer illegally. It is usually a creative solution to a computer hardware or programming problem or limitation.

    What is Hacker?

    Again thanks to Merriam-Webster as one of my reference for this blog post and on the next discussion of my topic. Hacker is the one that hacks. They are expert at programming and solving problems with a computer and who illegally gains access to and sometimes tampers with information in a computer system.

    So you can see from this definition, hack is already consider an illegal form of skills because it is trying to create something that can gain access illegally. But for you, do you really think hacking is really illegal? Does the hacker can be an outlaw? Or can be consider as patriot? Since some of the hacker now a days regards there selves as a defender, especially of individual rights, against presumed interference by the federal government.

    Before the world of computers came up, the word hack is already used a long time ago. Let’s just say, from the era of the creative minds, Socrates and Galileo. Hack is a different word to them of course but it means they have their own theory and techniques on how to manage to run not a system but the mind of others. I have a subject which is Information Security, there before we start to discuss all the .PDF files given to us we had a short documentary viewing about hacking. There I learned that the word hack already existed since then. It even started on the telephone lines. Some of the hackers here are called “phreaks” or “Phone Phreaking”. It is the art and science of cracking the phone network (so as, for example, to make free long-distance calls). By extension, security-cracking in any other context (especially, but not exclusively, on communications networks).

    John Draper - in his younger years.
    Colorized version of B&W photo
     from NightScribe - (Broken link - Sept. 25, 1999)
    It is the early 1970’s when John Draper makes a long-distance call for free by blowing a precise tone into a telephone that tells the phone system to open a line. Draper discovered the whistle as a give-away in a box of children's cereal. Draper, who later earns the handle "Captain Crunch," is arrested repeatedly for phone tampering throughout the 1970s, this is based on the St. Petersburg Times Online article I have read: A history of hacking.
    Starting from the right, "Berkeley Blue" (Steve Jobs) and
    "Oak Toebark" (Steve Wozniak) -  in their younger years.
    from Steve Jobs Entrepreneur

    Also, creator of the first computer also became hacker before. "Berkeley Blue" (Steve Jobs) and "Oak Toebark" (Steve Wozniak), the two members of California's Homebrew Computer Club begin making "blue boxes," devices used to hack into the phone system. Later go on to found Apple Computer. This is based also on the St. Petersburg Times Online article I have read: A history of hacking.

    At early 1980s and so on from this modern times, when computer was created and transform into other much more easy and portable to use, hackers are also increasing. Lot of crimes and illegal acts were also found. Well, we cannot really control them from what they want because as time goes by people also learn new things and we need to face that truth. We are the one who needs to learn how to adopt into this new things around us. If you want to read the complete history of this hacking, you can use my reference: A history of hacking based on the St. Petersburg Times Online. And if you want a complete timeline about this, you can also read A Brief History of Computer Hacking by Michael Devitt.

    Age does not matter on hackers. I thought hackers will be around their mid-20s or 30s and above but no, there are also teens who can hack different kind of system just by using their computers and doing some hacking skills. Their ages were listed in the references I used to build up this post.

    I read Mr. Devitt conclusion about the hacker and on his article he said, “Don't Hate the Hacker”. From this I believe that lot of agency like FBI in United States does not like what hackers do because they are destructing some of the private and confidential information of other government sectors. Hackers should really need to ask first for permission before they hack something but this can lead to some misunderstanding because what if the company person know that their system need to hack of course they will know who will be the mastermind once the system crashed or a system failure occurred. That’s why mostly of the hackers remain to be in silence and do the tweaking without any noise. (Tweak means to make small adjustments and refers to fine-tuning or adjusting a complex system, usually an electronic device). And hackers can really help to improve one system since they can determine what the possible weakness of the system and avoid other hackers to manipulate it. As Mr. Devitt also think that hackers serve a useful purpose in that they make companies take action and be responsible for their laziness and lack of organization.

    We all have our own choice whether it is good or bad. And as we go on to different chapters of our lives, we all have reasons on our choices. It just a matter on how you will accept the consequences you will encounter in the end. New International Version (©1984):

    “For we must all appear before the judgment seat of Christ, that each one may receive what is due him for the things done while in the body, whether good or bad.” - 2 Corinthians 5:10

    Because only; New Living Translation (©2007):

    “God will judge us for everything we do, including every secret thing, whether good or bad.” - Ecclesiastes 12:14
    Posted by Unknown at 6:49 AM 0 comments
    Subscribe to: Posts (Atom)