0x01 – Definitions: Hacker vs Cracker

The New Hacker’s Dictionary defines Hacker as:

  1. “A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users’ Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
  2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
  3. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.”

The term Cracker was introduced later in defense against journalistic misuse of Hacker, to differentiate between ethical hackers and the malicious hackers who subvert computer security for vandalism, personal gain, or other types of crime.

As the Jargon File states, “While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it’s necessary to get around some security in order to get some work done).”

“Hacking is probably a natural part of exploring computers, no more malicious than figuring out how to put graphics in the border of the C64, disassembling executables, running programs through hex editors or trying to crack copy-restriction schemes on early software. With a world as vast and seemingly limitless as the Net, (and especially in the days before everyone was on it, when commercialism was strictly forbidden) reaching out to the far tentacles of the matrix was an exciting way to learn what was out there, and that included digging around through various computers. What’s here? It’s a host. What is it? Let’s get in and see. Where does it come from? What does it do? Whose is it? Why is it here? What’s on it? These sorts of explorations are a large part of the excitement of youth… Indeed, computer crime, as it is often called, is one of the few ways to keep entertained in the suburbs…

Too many people are quick to see a few 37337 h4x0r5 d3f4c3 4 w3bp4g3 and jump to the conclusion that everyone out there interested in network security is a little kid with a script who wants to write cryptic messages about owning so-and-so and playing games on irc. Beneath this superficial layer is a group of extremely dedicated advocates of freedom, truth, fair treatment, free information, sharing, exploration, curiosity, and knowledge, a true counter-culture which has remained steadfast as a vanguard against injustices perpetrated by the government, by corporations, by authoritarians. Yes, sometimes people think they go too far and probably suspect they’re characters in a post-apolocyptic sci-fi movie. Still, the diversity among these people who get written off as “crackers” is such that it is unfair to characterize the group as a whole…” (Jason Kroll, Linux Journal editor)

“It all boils down to what kind of motivations and opportunities the hacker has. If the hacker is unethical, many times his motivations will be based upon greed, hate, bias, and a destructive mindset. If the hacker is ethical, then he may be motivated by an intellectual challenge, innovative ingenuity, and the like. The opportunities for hackers to hack depends heavily upon their own skills and abilities, as well as the targeted system’s own deficiencies. The line between ethical and unethical hacking is a thin one, one which many do not dare to walk on.” (Rich Christie)

0x02 – The List

The following list is presented in chronological order, except for those entries where the date of birth is unknown. It includes academic hackers working on early minicomputers, prominent hackers from the open source software movement, the computer underground/hacker scene, and security experts.

Please note, this list is by no means complete; it only includes the most famous hackers and is provided for historical reference. Corrections are welcome (see above for my email address).

Peter SamsonPeter Samson (1941 – )

Computer software pioneer, author of the first Fortran compiler for PDP-6, and of Fortran II. Wrote hacks for TX-0 and PDP-1. Former member of MIT’s TMRC, wrote the first editions of the TMRC dictionary, predecessor to the Jargon File.

Dennis RitchieDennis Ritchie (1941 – )

Known as “dmr“. Creator of the C programming language. He and Ken Thompson created the UNIX operating system in 1969.

Gary KildallGary Kildall (1942 – 1994)

Founder of Digital Research Inc (DRI). He created the CP/M operating system and developed the first high-level programming language for microprocessors, PL/M.

Ken ThompsonKen Thompson (1943 – )

Wrote the B language, precursor to Ritchie’s C. He and Dennis Ritchie created UNIX in 1969.

Bill GosperRalph William “Bill” Gosper, Jr. (1943 – )

A math genius, he and Richard Greenblatt are considered to have founded the original hacker community. HAKMEM and the MIT Maclisp system are among his hacks.

Richard GreenblattRichard Greenblatt (1944 – )

TMRC member, implementor of Maclisp on the PDP-6, creator of MacHack, main designer of the MIT Lisp machine. He and Bill Gosper are considered to have founded the original hacker community.

Andrew TanenbaumAndrew Stuart Tanenbaum (1944 – )

Author of the first open-source UNIX clone, called Minix. He is also well recognized for authoring several textbooks on computer science.

Steven WozniakSteven Gary Wozniak (1950 – )

Known as “woz“. Wozniak started his hacking making devices for phone phreaking. By 1975 he withdrew from the University of California and invented the Apple I, one of the first microcomputers. He and Steve Jobs assembled the first prototypes in Job’s garage. The software was coded mostly by Wozniak.

Wau HollandHerwart Holland-Moritz (1951 – 2001)

Better known as Wau Holland, was a legenday German hacker, co-founder of the famed Chaos Computer Club (CCC), one of the oldest hacking groups, and of its magazine, “Datenschleuder”.

Holland, along with CCC’s Steffen Wernery, were the masterminds behind the infamous “Btx hack.” He never hacked for profit, and he fought to keep the CCC’s activities directed toward the free and open flow of information.

Wietse VenemaWietse Zweitze Venema (1951 – )

Wrote the Postfix e-mail system and TCP Wrapper (tcpd). Co-authored with Dan Farmer the security tool SATAN (Security Administrator Tool for Analyzing Networks), the Coroner’s Toolkit, and the book “Forensic Discovery”.

Richard StallmanRichard Matthew Stallman (1953 – )

Known as “rms“. Founder of the GNU Project, ardent free software advocate.

Got his start hacking at MIT, as a “staff hacker” on the Emacs project and others. He was a critic of restricted computer access in the lab. When a password system was installed in 1977, Stallman broke it down and sent users messages containing their decoded passwords.

Larry WallLarry Wall (1954 – )

Creator of the Perl programming language and of the *nix patch program.

Tom JenningsTom Jennings (1955 – )

Creator of FidoNet, the most influential protocol for networking BBSes.

Timothy Berners-LeeTimothy J. Berners-Lee (1955 – )

Berners-Lee majored in physics at Queen’s College, Oxford, and built his own computer out of spare parts. Was caught hacking and banned from using the University’s computer. Berners-Lee is recognised as the founding father of the World Wide Web. In 1990 he invented HTML and the HTTP protocol, and wrote the first web client and server. Founded the World Wide Web Consortium at MIT.

Eric RaymondEric S. Raymond (1957 – )

Known as “esr“. Open source software advocate and programmer, and maintainer of “The New Hackers Dictionary”. Co-founder of the Open Source Initiative. In 1998 he published the “Halloween documents” that were leaked from Microsoft. He also authored “The Cathedral and the Bazaar” (1997) and the book “The Art of Unix Programming” (2003).

Dan FarmerDan Farmer (1962 – )

Was in charge of the technical aspects of computer and network security for Silicon Graphics and Sun Microsystems. Wrote COPS (Computer Oracle and Password System). Co-authored with Wietse Venema the security tool SATAN (Security Administrator Tool for Analyzing Networks), the Coroner’s Toolkit, and the book “Forensic Discovery”.

Robert Tappan MorrisRobert Tappan Morris, Jr. (1965 – )

Known as “rtm“. Morris was considered a hacker while a graduate student at Cornell University. In 1988 he conceived what would become known as the Morris worm, considered the first Internet worm. It was meant to gauge the size of the Arpanet (the precursor to the Internet) rather than to damage computers. However, the worm contained a bug which caused rapid replication, and it spread to about 10% of all Arpanet, including NASA and the Air Force, by exploiting vulnerabilities in Unix services.

Morris co-authored the Viaweb software, that was acquired by Yahoo and renamed “Yahoo! Store”. He is currently working as a professor at the MIT Computer Science and Artificial Intelligence Laboratory.

The MentorLoyd Blankenship (1965 – )

Known as “The Mentor“. Former member of the Legion of Doom (LOD), Extasyy Elite, PhoneLine Phantoms, and Racketeers, authored the cyberpunk role-playing sourcebook “GURPS Cyberpunk”.
In 1990 he run “The Phoenix Project”, one of the largest hacking BBSes. Shortly after his arrest he wrote “The Conscience of a Hacker” (also known as the Hacker’s Manifesto).

Patrick VolkerdingPatrick Volkerding (1967 – )

Creator and maintainer of the Slackware Linux distribution.

Theo de RaadtTheo de Raadt (1968 – )

Founder of the OpenBSD and OpenSSH projects, and a founding member of NetBSD project.

Alan CoxAlan Cox (1968 – )

Prolific Linux kernel developer, supporter of programming freedom, and outspoken opponent of software patents.

Since he couldn’t afford a Unix system, he started adding Unix-like stuff to his Amiga. Later, he installed Linux (0.11) on a 386 box, wrote some fixes, and started maintaining the old network stack. He’s now one of the main developers and maintainers of the whole kernel.

Linus TorvaldsLinus Benedict Torvalds (1969 – )

Torvalds conceived his monolithic kernel in 1991, as a free replacement for Tanenbaum’s Minix operating system. Torvalds was then a student at the University of Helsinki. The new system, named Linux, became a fully functional operating system thanks to the collaboration with GNU developers who worked to integrate the open source GNU components with Linux. Currently, he coordinates the code that volunteers contribute to the Linux kernel.

Chris GoggansChris Goggans (1969 – )

Known as “Erik Bloodaxe“. Member of LOD (Legion of Doom) and a former editor of Phrack Magazine.

Bruce EvansBruce Evans

Author of the Minix-386 patches who made use of the memory protection features of the 80386. Also author of the 16-bit assembler that is still used to assemble the Linux 16-bit startup code.

Document source: http://dyne.m6.net/hackers.php

Alec MuffettAlec Muffett

Author of crack (password cracking program for UNIX) and of “WAN-Hacking with AutoHack” and other security-related White Papers. Currenly working as senior staff engineer for Sun.

Lance SpitznerLance Spitzner

Founder of the HoneyNet Project, and author of many quality White Papers.

Solar DesignerAlexander Peslyak

Known as “Solar Designer“. Russian computer security specialist, founder of the Openwall Project. Author of the security audit tool John the Ripper and of the Linux kernel hardening patches.

Emmanuel GoldsteinEric Gorden Corley

Known as “Emmanuel Goldstein“. Editor-in-chief of “2600: The Hacker Quarterly” and founder of the H.O.P.E. conferences.

Aleph1Elias Levy

Known as “Aleph One“. Former moderator of Bugtraq, and co-founder of SecurityFocus. Author of “Smashing The Stack For Fun and Profit” (1996).

FyodorGordon Lyon

Known as “Fyodor“. Author of nmap, and a founding member of the Honeynet Project.

MudgePeiter Zatko

Known as “Dr. Mudge“. Former L0pht member and Vice President of Research and Development for @stake, author of L0phtCrack.

DildogChristien Rioux

Known as “Dildog“. Member of cDc. Former L0pht member, worked at @stake. Co-authored L0phtCrack and the AntiSniff IDS. Original author of Back Orifice (BO2k).

Dark TangentJeff Moss

Known as “Dark Tangent“. In 1993 was sysop of the BBS “A Dark Tangent System” and operator of the “Platinum Net” Fidonet board. Founder of the Defcon hacker conventions and of Black Hat briefings. Moss is currently working as a security consultant.

Dan KaminskyDan Kaminsky (1979 – )

Known as “Effugas“. A long time speaker at the Black Hat Briefings, Kaminsky is best known for his work on DNS cache snooping and for discovering a fundamental flaw in the DNS protocol. Using the cache snooping technique he demonstrated that the Sony Rootkit had infected at least 568,200 computers. He’s also responsible for the Dynamic Forwarding patch to OpenSSH.

H D MooreH D Moore (1981 – )

Founder of the Metasploit Project. He’s been active on internet mailing lists since 1998 and also participated in the original design of OSVDB.

Michal ZalewskiMichal Zalewski (1981 – )

Known as “The Evil Twin“. Polish security researcher and long time Bugtraq poster, Zalewski has authored a number of security audit tools, including p0f and 0trace. He also exposed critical vulnerabilities in web browsers and was named one of the 15 most influential people in security by eWeek. Currently works for Google.

Jon Lech Johansen (1983 -)

Jon Lech JohansenNorwegian hacker famous for his work on reverse engineering data formats. One of the three member of MoRE (Masters of Reverse Engineering). In 2002 he was prosecuted for releasing DeCSS, a program used to crack the Content Scrambling System (CSS) encryption used to protect DVD movies.

Author of reverse-engineered drivers to avoid use of proprietary drivers, and tools like DeDRMS and QTFairUse for circumventing the DRM (Digital Rights Management) copy protection; has written VLC’s FairPlay support, and released code to allow Linux users to play video encoded with Microsoft’s proprietary WMV9 codec.

0x03 – Black Hats, Phreakers, & Other Tales From The Dark Side

John DraperJohn Draper (1944 – )

Known as “Captain Crunch“. One the first phreakers and member of the Homebrew computer club. Most known for experimenting with a whistle that came with Cap’n’Crunch cereal to hack the US phone system of the time (a trick that he learned from Joe Engressia), and for building Blue Boxes (devices capable of reproducing tones used by the phone company).

Arrested in 1972 on phone fraud and other such charges.

JoybubblesJoe Engressia (1949 – 2007)

Known as “Joybubbles“. Dubbed “the original granddaddy phone phreak” by journalist Ron Rosenbaum, Engressia became interested in telephones at age 4, when he learned to dial by using the hookswitch like a telegraph key. A few years later he also discovered that he could place free phone calls by whistling, with his mouth, a 2600 Hz tone into a telephone.

Died of a heart attack at age 58.

Kevin MitnickKevin David Mitnick (1963 – )

Known as “Condor“. Cracker and phreaker, described by the U.S. Department of Justice as “the most wanted computer criminal in United States history”. He broke into DEC, Motorola, NEC, Sun, Novell, Fujitsu, Nokia, and other systems.

He also broke into the computer of security expert Tsutomu Shimomura. However, Shimomura tracked him across the country to his apartment in Raliegh, North Carolina. Mitnick was arrested shortly thereafter.

Kevin Mitnick has authored the book “The Art of Deception”, and is currently working as computer security consultant.

Bill LandrethWilliam “Bill” Landreth (1964 – )

Known as “The Cracker“. In the 1980’s he was a member of the cracking club “Inner Circle”. He broke into the computer systems of banks, newspapers, schools, the phone company, and credit card bureaus. Author of the book “Out of the Inner Circle”, now has a job in computer security.

Dark DanteKevin Lee Poulsen (1965 – )

Known as “Dark Dante“. Broke into federal computers revealing details of wiretaps and of FBI front companies. His best-known hack was a takeover of all of the phone lines for radio station KIIS-FM 102, ensuring that he would be the “lucky” 102nd caller.

Poulsen is now a senior editor for Wired News. His most prominent article details his work on identifying 744 registered sex offenders who were using MySpace to solicit sex from children.

Karl KochKarl Werner Lothar Koch (1965 – 1989)

Known as “Hagbard Celine“. German hacker who was loosely affiliated with the CCC (Chaos Computer Club). He worked with the hackers known as DOB (Dirk-Otto Brezinski), Pengo (Hans Heinrich Hübner), and Urmel (Markus Hess), and was involved in selling hacked information from US military computers to the KGB. Mysteriously died in 1989 at the age of 23.

SoloGary McKinnon (1966 – )

Known as “Solo“. British hacker, currently facing charges of mounting “the largest computer hack of all time” of U.S. government computer networks, including Army, Air Force, Navy and NASA systems. In an interview he claimed that he was able to get into the military’s networks simply by using a script that searched for blank passwords.

Mark TabasCorey A. Lindsly (1967 – )

Known as “Mark Tabas“. Former LOD member. Ringleader of the Phone Masters, a phone phreaking group that penetrated the systems of AT&T, British Telecom, GTE, MCI WorldCom, Sprint, Equifax, TRW, Southwestern Bell, Nexis/Lexis, Dun & Bradstreet, systems owned by governmental agencies, air-traffic-control systems and more.

TronBoris Floricic (1972 – 1998)

Known as “Tron“. German hacker and phreaker, member of the CCC (Chaos Computer Club). In 1998 he was found dead, hanged with a belt. It is argued that his activities in the areas of Pay TV cracking and voice scrambling might have disturbed the affairs of an intelligence agency or organized crime.

Phiber OptikMark Abene (1972 – )

Known as “Phiber Optik“. Former member of the LOD (Legion of Doom). Between 1989 and 1990 his affiliations changed from the LOD to the rival group MOD (Masters of Deception) as a result of a feud with LOD member Erik Bloodaxe. Phiber Optik’s joining up with MOD marked the beginning of the “Great Hacker War”, several years of rivalry between the two groups.

When the AT&T telephone system crashed in 1990, he was blamed and raided by the Secret Service, but the crash later turned out be caused by a computer bug. In 1991 he was raided again for his phone hacking exploits with Southwestern Bell, New York Telephone, Pacific Bell, US West, and Martin Marietta Electronics Information and Missile Group.

Datastream CowboyRichard Pryce (1978 – )

Known as “Datastream Cowboy“. As a teenager, he and Mathew “Kuji” Bevan (age 21) broke into key U.S. Air Force systems and a network owned by the missile and aircraft manufacturers, obtaining access to files on ballistic weapons research and messages from U.S. agents in North Korea.

AnalyzerEhud Tenebaum (1979 – )

Known as “Analyzer“. Israeli cracker who in 1998 broke into many unclassified Pentagon systems in what was “the most organized and systematic attack to date” on US military systems.

Adrian LamoAdrian Lamo (1981 – )

Former grey hat hacker. Dubbed the “homeless hacker” for his transient lifestyle, Lamo identified and exploited security flaws in computer networks of several companies, and then notified them of their shortcomings. Best known among these were his intrusions into The New York Times, Microsoft, MCI WorldCom, Ameritech, Cingular, AOL, Bank of America, Sun Microsystems, and more. He only used a web browser for 95% of his intrusion.

c0mradeJonathan James (1984 – )

Known as “c0mrade“. As a teenager he broke into 13 NASA computers, and installed a backdoor into a Defense Threat Reduction Agency server, a Pentagon computer system that monitors threats from nuclear and chemical weapons.

0x04 – Groups

Legion of Doom (LOD)

H/P group, founded by Lex Luthor. The group later split into LOD (phreaking) and LOD/LOH (hacking). Involved in the Great Hacker War (1990-1991), an online conflict between MOD and the group Legion of Doom (LOD).

Members of LOD were: Lex Luthor, Erik Bloodaxe, Bill From RNOC, Lord Digital, The Mentor, Mark Tabas, Agrajag The Prolonged, King Blotto, Phiber Optik (joined MOD), The Urvile, Doc Holiday, Dead Lord, Doctor Who, Paul Muad’Dib, Prime Suspect, Frank Drake, Riot, The Leftist, Thomas Covenant, The Prophet, Monster X, The Marauder, Skinny Puppy, Professor Falken, Control C/Phase Jitter, Unknown Soldier, Phantom Phreaker, Sharp Razor, Phucked Agent 04, X-man, Randy Smith, Steve Dahl, The Warlock, Terminal Man, Silver Spy, The Videosmith, Malefactor, Blue Archer, The Dragyn, Gary Seven, Carrier Culprit, Kerrang Khan, The m0nit0r, Master of Impact, Doom Prophet, Sundry.

Masters Of Deception (MOD)

H/P group, founded by Acid Phreak, Scorpion and HAC. MOD controlled all the major telephone RBOC’s and X.25 networks as well as controlling large parts of the backbone of the rapidly emerging Internet. Involved in the Great Hacker War (1990-1991), an online conflict between MOD and the group Legion of Doom (LOD).

The original members of MOD were: Phiber Optik, Acid Phreak, Scorpion, HAC, Corrupt/Netw1z, Outlaw. Other members were: Wing, Supernigger, Nynex Phreak, Billy The Kid, Crazy Eddie, The Plague, ZOD, Neutrino, Seeker, Red Knight and Lord Micro.

L0pht Heavy Industries

Renowned hacker think tank from the Boston area, founded by Count Zero, White Knight, Brian Oblivion and Golgo 13. Members of the L0pht were: Brian Oblivion, Mudge, Dildog, Weld Pond, Space Rogue, Kingpin, John Tan, Count Zero, Silicosis, Netik, Golgo 13, Stefan Von Neuman, and White Knight.

In January 2000 the L0pht merged with consultancy @stake. Four years later Symantec Corporation acquired @stake.

Source: http://zed.m6.net/

Explore More

ModSecurity

ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making

Complete MySQL Injection

Credit go to sam207 TABLE OF CONTENT: #INTRO #WHAT IS DATABASE? #WHAT IS SQL INJECTION? #BYPASSING LOGINS #ACCESSING SECRET DATA #Checking for vulnerability #Find the number of columns #Addressing vulnerable

Critical Blind SQL injection in ChartNexus.com

PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.starinvestorrelations.com/ which owned by FiNEX Solutions Pte. Ltd. (“FiNEX Solutions”) powered by http://www.chartnexus.com/ This vulnerability has been alerted to :-