American Flag Graphic


The following is Symantec's Virus Information site:

What goes on in the mind of a hacker? By Sarah Gordon, Senior Research Fellow, Symantec

What is hacking? By some definitions, hacking is breaking into computer systems without consent of the system owner. This activity once required a genuine knowledge of systems: it was once the domain of the computer geek, who pushed software to the limits and beyond. These days, however, it doesn't take a computer expert to become a hacker.

There are tools available to help the wanna-be hacker break into systems. These tools give people unprecedented access to networks. For the more advanced hackers, tools aren't necessary, they exploit configuration errors made by users when they configure their software, or they take advantage of system vulnerabilities. One of the most commonly exploited vulnerabilities is the buffer overflow—an event that occurs when more data is placed into a storage buffer or holding area in computer memory than the buffer can handle. This, in turn, can crash the system or leave it in an unplanned state that can be exploited.

For example, a program is waiting for input and may expect a small string like '123'. Instead the hacker puts in a long string like 'irespectyourskillzandyourkungfu,' overflowing the space allocated for the string in the memory. The result? The system crashes, potentially allowing a hacker access that extends far beyond that of the original program.

Contrary to popular myth, hackers aren't necessarily underground loners and nerds—they're not even necessarily all that smart—although there are exceptions. In many cases, they simply don't extend their ethical and moral codes from the real world to the virtual world.

Who is hacking? The popular hacking demographic of young, middleclass and male reflects those people who tend to be most technologically savvy in our society. However, hackers come in all ages, sizes, nationalities and genders. The average hacker is not necessarily some Goth-type teenaged male, dressed entirely in black and sporting the latest in piercing fashion—he may very well be the guy next door or a 50-year-old female.

In fact, anecdotal evidence does suggest that hacking by females is on the rise. As more and more young women are exposed to the technology and the subculture that glamorises the activity, we should expect to see more females taking part in these types of activities.

A visual check shows that there are more females at hacker conferences than there were in the early days; and while some are young girls who are part of the technically savvy counterculture, some are certainly hackers.

Why do they do it? Hacking is done for a variety of reasons - technical challenge, power, fun, excitement, peer pressure, profit, and in some cases to do damage. For some it's simply a mental challenge, for others it's money, for some it's the thrill—there are many different motives and many different targets. For many, though, it's the challenge and the exhilarating feeling of power and control that comes from accessing and controlling a machine. It feels good.

Historically, society has tended to uplift hackers to the heights of technical genius when in reality most of these break-ins are done using simple tools that exploit known vulnerabilities, yet many people almost admire them as techno-heroes in some ways. That is a much more serious problem and one that can't be overcome by just technical solutions. Recently public perception has shifted away from hacking being acceptable.

Catching hackers is of variable success - as in many ways, the Internet knows no borders, a careful hacker can cover his or her tracks extremely well, and so catching the skilled hacker can be very difficult. In other words, it is possible, though time consuming, to catch hackers, but if the hacker is well prepared it can be a long slow process, and one that might bear little fruit in the long run.

What can I do? One of the best defences against hacking is good computer security practices. Install good antivirus software that combats the gamut of blended threats. Buy a firewall, implement it and maintain it. Consider intrusion detection software to provide an additional layer of security by automatically blocking malicious attacks that spread quickly through Internet traffic that a firewall alone cannot stop. Keep your systems up to date, keep your data backed up, have a plan so that when something does go wrong you know how to react. Security should be an ongoing practice—as threats evolve so should your defences against them.