John Bennett is strategic communications consultant at GFI Informatics (formerly ECS and GADC Networks). He was previously employed as a 'communications intercept' specialist with Government Communications Headquarters (GCHQ), based in Cheltenham.
To answer this question you have to consider what a hacker or 'cracker' really is. While it is true that the majority of people who hack others can be considered to be exploiting mistakes in websites or networks; there are a distinct few that possess other skills and motives.
The majority of those who do such a thing consider hacking to be a 'skill' that is learned over time - the reality is somewhat different. With a growing number of websites dedicated to the hacking community the truth is that anybody can utilise the tools online and go off merrily hacking other people's networks with virtually no 'skill' whatsoever. It has become easy to do simply because the majority of businesses today take little or no precautions to ensure that their data remains private. The truth of this argument can be seen by simply installing a 'firewall' on your home PC. Leave it on for a day or two, surf the Net, and see how many times your computer comes under attack from others - it will frighten you to death!
There are a few who undertake this type of activity for very different purposes. There is the network professional who is genuinely testing for vulnerabilities in order to plug the gaps. Additionally there are those (called 'super-hackers') that do so for reasons of national security. These people have to be aware of the latest and most up-to-date techniques and principles in order to be able to counter or, in some cases, exploit them.
This often involves more than just 'luck', it involves utilising certain skills and techniques not available to the general hacker. Such techniques usually involve finding a particular network, observation of that network and finally exploitation of the particular network. The difference between the super hacker and the ordinary hacker is a distinct one. The distinction comes in hacking or, as I prefer, 'cracking' the network without detection by the owner of such a network, which is a one way to describe another activity - spying!
Robert Graham is chief technology officer at Network ICE. He is a long-time developer of NIDS technology and has spent more than 10 years in the protocol analysis industry.
Iam what you might call a 'well-recognised expert in the computer-security field'. As such, the press bombards me every time there is a virus outbreak, a breach in corporate security, or when parts of the Internet go down. Since I am tied into the elite hacker underground, the reporters want me to reveal the dark secrets that are being kept from the public.
The frustration for me is that such 'secrets' are quite well known and easily available on the Internet (for example, www.securityfocus.com). Moreover, there is nothing special about them. The instructions for breaking into a computer are so easy even a child could follow them.
The problem is that they are also boring. When a member of the press asks "How did the hacker do that?" they are not actually looking for the real answer. I could certainly tell them, but they aren't interested in the boring details (and frankly, neither are their readers). They are instead looking for interesting quotes like "A 15 year old with a PC and a modem commands a weapon of mass destruction".
Take for example the 'Solar Sunrise' incident of 1998. The press likes to repeat a Pentagon quote that claims that this was the most massive attack against its systems ever, and that the leader (Ehud Tennebaum, an Israeli teenager) was hailed as a 'national treasure' by Israel's prime minister. The truth is that the kid simply downloaded an easy-to-use program, pointed it at the Pentagon, and hit 'go'. It is no different than a terrorist who buys a missile, aims it at his target, and presses the launch button. Terrorists shouldn't be treated as genius scientists for missiles they did not build, and hackers shouldn't be given credit for tools they didn't create.
This whole 'hacking' thing is like the world of magic where performers take an easy trick and surround it with scantily clad women, shooting flames and zoo animals. It is all very impressive and entertaining, but the trick itself is trivial. The hackers you read about in the news have perfected the same art. They take a small trick, but with deft self-promotion, trash-talk, and slight-of-hand, make the effect look bigger than it really is.
In short, 'hackers', the 'hacker community', and 'elite secrets' are really myths created by the media because they sell.