Does the 'super hacker' exist or is it all just myth-making on the
part of the press? Two industry specialists give EBR their
conflicting views
John Bennett is strategic communications consultant at
GFI Informatics (formerly ECS and GADC Networks). He was previously
employed as a 'communications intercept' specialist with Government
Communications Headquarters (GCHQ), based in Cheltenham.
To answer this question you have to consider what a hacker or
'cracker' really is. While it is true that the majority of people
who hack others can be considered to be exploiting mistakes in
websites or networks; there are a distinct few that possess other
skills and motives.
The majority of those who do such a thing consider hacking to be
a 'skill' that is learned over time - the reality is somewhat
different. With a growing number of websites dedicated to the
hacking community the truth is that anybody can utilise the tools
online and go off merrily hacking other people's networks with
virtually no 'skill' whatsoever. It has become easy to do simply
because the majority of businesses today take little or no
precautions to ensure that their data remains private. The truth of
this argument can be seen by simply installing a 'firewall' on your
home PC. Leave it on for a day or two, surf the Net, and see how
many times your computer comes under attack from others - it will
frighten you to death!
There are a few who undertake this type of activity for very
different purposes. There is the network professional who is
genuinely testing for vulnerabilities in order to plug the gaps.
Additionally there are those (called 'super-hackers') that do so
for reasons of national security. These people have to be aware of
the latest and most up-to-date techniques and principles in order
to be able to counter or, in some cases, exploit them.
This often involves more than just 'luck', it involves utilising
certain skills and techniques not available to the general hacker.
Such techniques usually involve finding a particular network,
observation of that network and finally exploitation of the
particular network. The difference between the super hacker and the
ordinary hacker is a distinct one. The distinction comes in hacking
or, as I prefer, 'cracking' the network without detection by the
owner of such a network, which is a one way to describe another
activity - spying!
Robert Graham is chief technology officer at Network
ICE. He is a long-time developer of NIDS technology and has spent
more than 10 years in the protocol analysis industry.
Iam what you might call a 'well-recognised expert in the
computer-security field'. As such, the press bombards me every time
there is a virus outbreak, a breach in corporate security, or when
parts of the Internet go down. Since I am tied into the elite
hacker underground, the reporters want me to reveal the dark
secrets that are being kept from the public.
The frustration for me is that such 'secrets' are quite well
known and easily available on the Internet (for example,
www.securityfocus.com). Moreover, there is nothing special about
them. The instructions for breaking into a computer are so easy
even a child could follow them.
The problem is that they are also boring. When a member of the
press asks "How did the hacker do that?" they are not actually
looking for the real answer. I could certainly tell them, but they
aren't interested in the boring details (and frankly, neither are
their readers). They are instead looking for interesting quotes
like "A 15 year old with a PC and a modem commands a weapon of mass
destruction".
Take for example the 'Solar Sunrise' incident of 1998. The press
likes to repeat a Pentagon quote that claims that this was the most
massive attack against its systems ever, and that the leader (Ehud
Tennebaum, an Israeli teenager) was hailed as a 'national treasure'
by Israel's prime minister. The truth is that the kid simply
downloaded an easy-to-use program, pointed it at the Pentagon, and
hit 'go'. It is no different than a terrorist who buys a missile,
aims it at his target, and presses the launch button. Terrorists
shouldn't be treated as genius scientists for missiles they did not
build, and hackers shouldn't be given credit for tools they didn't
create.
This whole 'hacking' thing is like the world of magic where
performers take an easy trick and surround it with scantily clad
women, shooting flames and zoo animals. It is all very impressive
and entertaining, but the trick itself is trivial. The hackers you
read about in the news have perfected the same art. They take a
small trick, but with deft self-promotion, trash-talk, and
slight-of-hand, make the effect look bigger than it really is.
In short, 'hackers', the 'hacker community', and 'elite secrets'
are really myths created by the media because they sell.