Hackers’ motivations vary. For some, it’s economic. They earn a living through cyber crime. Some have a political or social agenda—their aim is to vandalize high-profile computers to make a statement. Others do it for the sheer thrill.
When asked by the website SafeMode.org why he defaces web servers, a cracker replied, “A high-profile deface gives me an adrenalin shot and then after a while I need another shot, that’s why I can’t stop.”
Tools of the Trade: Pass Me a Trojan Horse, Would You?
There are a series of tools that crackers use to gain access to computers:
* Trojan horse—This is a program that looks safe and useful but contains nasty programming inside that does bad stuff. If you are fooled into installing one of these on your computer, it can open what’s called a backdoor. A backdoor is an access point created from inside a computer’s defenses that allows outsiders to circumvent security and gain access to the machine from the Internet.
* Virus—A piece of self-replicating programming that infects a computer after being run by a human. It then installs tools that fulfill the attacker’s agenda. This could provide access to an outsider, hijack the system to do nefarious tasks, or install tools that can be commanded from afar. People that release viruses aren’t traditional hackers, but virus code is one tool in a hacker’s toolbox.
* Worm—A self-replicating program that does not need human intervention to spread. It travels across networks looking for computer vulnerabilities and exploits them when encountered. People that release these programs aren’t traditional hackers, either. They are virus writers.
* Vulnerability scanner—A program that checks a computer for known weaknesses, such as programming errors or security holes.
* Sniffer—A program that looking for security information such as user IDs and passwords in data as it flows over a network such as the public Internet. This would be like a malcontented postal worker reading postcards as they moved through a sorting facility.
* Social engineering—This is simply the art of fast talking. The easiest way to break security is to have someone give you access. You might have all kinds of security on your computer but if I call you and ask for access (and maybe convince you I am a technician that can help or a co-worker who should have access) and you give it to me, I have used social engineering to gain illicit access by fooling you.
* Root kit—This is the equivalent of digital camouflage. It is a programming toolkit that is used to program a virus, spyware, or other piece of malware to keep it from being discovered by a security program.
* Exploit—A program that that takes advantage of a known security weakness in a computer.