What goes on in the
mind of a hacker? By
Sarah Gordon, Senior Research Fellow, Symantec
What is hacking? By some definitions, hacking is breaking
into computer systems without consent of the system owner.
This activity once required a genuine knowledge of systems:
it was once the domain of the computer geek, who pushed software
to the limits and beyond. These days, however, it doesn't
take a computer expert to become a hacker.
There are tools available to help the wanna-be hacker break
into systems. These tools give people unprecedented access
to networks. For the more advanced hackers, tools aren't necessary,
they exploit configuration errors made by users when they
configure their software, or they take advantage of system
vulnerabilities. One of the most commonly exploited vulnerabilities
is the buffer overflow—an event that occurs when more data
is placed into a storage buffer or holding area in computer
memory than the buffer can handle. This, in turn, can crash
the system or leave it in an unplanned state that can be exploited.
For example, a program is waiting for input and may expect
a small string like '123'. Instead the hacker puts in a long
string like 'irespectyourskillzandyourkungfu,' overflowing
the space allocated for the string in the memory. The result?
The system crashes, potentially allowing a hacker access that
extends far beyond that of the original program.
Contrary to popular myth, hackers aren't necessarily underground
loners and nerds—they're not even necessarily all that smart—although
there are exceptions. In many cases, they simply don't extend
their ethical and moral codes from the real world to the virtual
Who is hacking? The popular hacking demographic of
young, middleclass and male reflects those people who tend
to be most technologically savvy in our society. However,
hackers come in all ages, sizes, nationalities and genders.
The average hacker is not necessarily some Goth-type teenaged
male, dressed entirely in black and sporting the latest in
piercing fashion—he may very well be the guy next door or
a 50-year-old female.
In fact, anecdotal evidence does suggest that hacking by females
is on the rise. As more and more young women are exposed to
the technology and the subculture that glamorises the activity,
we should expect to see more females taking part in these
types of activities.
A visual check shows that there are more females at hacker
conferences than there were in the early days; and while some
are young girls who are part of the technically savvy counterculture,
some are certainly hackers.
Why do they do it? Hacking is done for a variety of
reasons - technical challenge, power, fun, excitement, peer
pressure, profit, and in some cases to do damage. For some
it's simply a mental challenge, for others it's money, for
some it's the thrill—there are many different motives and
many different targets. For many, though, it's the challenge
and the exhilarating feeling of power and control that comes
from accessing and controlling a machine. It feels good.
Historically, society has tended to uplift hackers to the
heights of technical genius when in reality most of these
break-ins are done using simple tools that exploit known vulnerabilities,
yet many people almost admire them as techno-heroes in some
ways. That is a much more serious problem and one that can't
be overcome by just technical solutions. Recently public perception
has shifted away from hacking being acceptable.
Catching hackers is of variable success - as in many ways,
the Internet knows no borders, a careful hacker can cover
his or her tracks extremely well, and so catching the skilled
hacker can be very difficult. In other words, it is possible,
though time consuming, to catch hackers, but if the hacker
is well prepared it can be a long slow process, and one that
might bear little fruit in the long run.
What can I do? One of the best defences against hacking
is good computer security practices. Install good antivirus
software that combats the gamut of blended threats. Buy a
firewall, implement it and maintain it. Consider intrusion
detection software to provide an additional layer of security
by automatically blocking malicious attacks that spread quickly
through Internet traffic that a firewall alone cannot stop.
Keep your systems up to date, keep your data backed up, have
a plan so that when something does go wrong you know how to
react. Security should be an ongoing practice—as threats evolve
so should your defences against them.