A is a person who compromises the devices in Software which may or may not be legal in a country's laws is actually Software Cracking .
Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the computer and security field and even there, it is considered controversial. Until the 1980s, all people with a high level of skills at computing were known as "hackers". A group that calls themselves hackers refers to "a group that consists of skilled computer enthusiasts". The other, and presently more common usage, refers to those who attempt to gain unauthorized access to computer systems. Over time, the distinction between those perceived to use such skills with Social Responsibility and those who used them maliciously or criminally, became perceived as an important divide. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the common usage remains ingrained. The former became known as "hackers" or (within the computer security industry) as White Hat s, and the latter as "crackers" or "black hats". The general public tends to use the term "hackers" for both types, a source of some conflict when the word is perceived to be used incorrectly. In computer jargon the meaning of " Hacker " can be much broader.
Usually, a black hat is a person who uses their knowledge of vulnerabilities and Exploit s for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many black hats hack networks and web pages solely for financial gain. Black hats may seek to expand holes in systems; any attempts made to patch software are generally done to prevent others from also compromising a system they have already obtained secure control over. A black hat hacker may write their own 0-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, black hats may work to cause damage maliciously, and/or make threats to do so as Extortion .
Techniques for breaking into systems can involve advanced programming skills and Social Engineering , but more commonly will simply be the use of semi-automatic software. Common software weaknesses exploited include Buffer Overflow , Integer Overflow , Memory Corruption , Format String Attacks , Race Conditions , Cross-site Scripting , Cross-site Request Forgery , Code Injection and SQL Injection bugs.
Note that many of these individuals have since turned to fully legal hacking.
- Mark Zbikowski — In his senior year at Roeper, c. 1973/4, Zbikowski became known as one of the earliest computer crackers, after cracking the security system on Wayne State University 's MTS (Michigan Terminal Service, developed at University Of Michigan ) mainframe for his own amusement. According to Zbikowski, when he offered to show the university how to fix the security leak, university officials threatened prosecution and offered him a job during the same meeting.
- Jonathan James (also known as ''c0mrade'') made unauthorized copies of software controlling the International Space Station 's life sustaining elements, and intercepted thousands of electronic messages relating to U.S. nuclear activities from the Department Of Defense . Sentenced at age 16, he was the youngest cybercriminal ever incarcerated in the United States.
- Dark Avenger — Bulgarian virus writer that popularized Polymorphic Code in 1992 as a means to circumvent the type of pattern recognition used by Anti-virus Software , and nowadays also Intrusion Detection System s.
- Markus Hess — A West German , he hacked into United States Military sites and collected information for the KGB ; he was eventually tracked down by Clifford Stoll .
- Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank 's computers into giving out $10 million. To this day, the method used is unknown, but can be speculated.
- Robert Tappan Morris — In 1988 while a Cornell University graduate student was the writer of the first Worm , Morris Worm , which used buffer overflows to propagate.
- Nahshon Even-Chaim (also known as ''Phoenix'') — Leading member of Australian hacking group The Realm. Targeted US defense and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He and fellow Realm members '' Electron '' and '' Nom '' were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.
- Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus .
- Jon Murdock (also known as ''Xtasy'') — In 2004, Murdock was convicted on multiple counts of cyber-terrorism, internet fraud, and was then prosecuted for allegedly causing over $12,000,000 in online theft from thousands of stolen paypal and e-gold accounts. After Murdock's release in 2006 at the age of 19, Murdock was then indicted on another 17 counts of high-tech fraud and was linked to numerous underground "cracking communities" and forums. Murdock will be released from prison in 2008, following a 5 year probationary period.
- David L. Smith — In 1999 Smith launched the Melissa Worm , causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI .
|
