HOW CRACKERS OPERATE
From the World Wide Web Security FAQ
"It's a maxim in system security circles that buggy software
opens up security holes. It's a maxim in software development
circles that large, complex programs contain bugs. Unfortunately,
Web servers are large, complex programs that can (and in some
cases have been proven to) contain security holes."
There are a number of ways crackers can tap into data not
intended for them. Here are just a few:
PASSWORD SNIFFERS:
They are tiny programs hidden on networks and instructed to record
logons and passwords, which are then stored secretly in a file.
This has led to the stealing of tens of thousands of passwords--
maybe even yours.
SPOOFING:
A technique for getting access to a remote computer by plagiarizing
the Internet address of a trustworthy, 'friendly' machine. The
cracker obtains the top-level access granted to the computer administrator,
and can then install a password sniffer or a "back door"
path into the machine.
THE WORLD WIDE WEB'S 'HOLE':
An advisory panel from Germany described in early 1995 their knowledge
of the existence of a "hole" in the software that runs
most Web sites, allowing an intruder the same access owners of
the site have. Since then, many companies have upgraded their
software to try and fend off intrepid hackers. (See Responses
to Cracking for more details.)
For more information about sniffers, spoofing and bug exploitation
go to the Time Magazine
article relating to these three subjects . Also check out the RTF/COM
309 Bugs and Breakdowns website!
PHREAKING:
'Phreaking' is the arguably pejorative term that is used to describe
those who hack by using telephony. There are a number of color
coded "boxes"
that phreakers use to gain unauthorized access to telephone lines.
Much information about phreaking, as well as hacking and software
privacy, can be found within this thesis statement
written by a Northern Illinois University student .
More information on crackers and phreakers can be found using a search engine such as InfoSeek or AltaVista. Also, 2600
Magazine-The Hacker Quarterly has
an informational web site.
Ideal Targets For Crackers
The most ideal targets for crackers are computer systems of government
and business. Personal computers are rare targets of crackers
because their systems are too simple and not challenging. A true
cracker likes to poke around unique, new, and high-tech systems.
The predominant owners of such systems are government and business
institutions. These institutions have the most elaborate security
systems and give crackers the challenges they desire.
Many crackers start out their careers on phone company and university
systems--they are more public, so access is easier. These crackers
often move up to smaller and mid-size corporations. A choice
target for crackers are computer software companies; their systems
have the best security because they have so many talented programmers.
Crackers love to crack the systems of big name programmers.
Software company systems offer the most unique and challenging
programs, in addition to the best information to copy (steal).
Software companies also often receive the scorn of information
socialists.
Of course, the risk-taking crackers go for military and other
classified government systems which are supposed to have the best
security systems.