.

Ethical Hackers' thoughts on a general misunderstanding of "hacker"?

<<

kaztech

Newbie
Newbie

Posts: 6

Joined: Thu Jan 31, 2013 10:47 pm

Post Thu Jan 31, 2013 10:51 pm

Ethical Hackers' thoughts on a general misunderstanding of "hacker"?

So I recently saw one of my friends write this for a project concerning technology:

"Hacking is bad, because it can destroy hard work. It can also harm people’s lives. If you want to prevent yourself from getting hacked don’t share your personal information. If you don’t want your system to get hacked then you should have a good firewall. It will protect your computer and your files."

I decided to bring it here to see what you all would say.  Do you agree that hacking destroys hard work and harms people? Is a good firewall really all it takes to protect yourself and your files?
Last edited by kaztech on Sun Feb 03, 2013 10:57 pm, edited 1 time in total.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Jan 31, 2013 10:59 pm

Re: Hacking: Is it good or bad?

Don't forget about a flux capacitor (FC). Firewall + FC = Fort Knox
<<

kaztech

Newbie
Newbie

Posts: 6

Joined: Thu Jan 31, 2013 10:47 pm

Post Thu Jan 31, 2013 11:08 pm

Re: Hacking: Is it good or bad?

Interesting, I haven't heard of that. I'm a bit of a noob when it comes to this stuff, but I was really wondering what people on a forum called "ethical hacker" would think of such a bold, all-encompassing statement such as "Hacking is bad." Is hacking justified?
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Jan 31, 2013 11:27 pm

Re: Hacking: Is it good or bad?

Sorry, I was being a dick, I'll be serious for a minute.

It's a strange question. Illegal hacking is bad but it also keeps me employed on the white hat side. Our industry benefits from the Anonymous stuff and also when the media takes an incident and scares the crap out of people that don't understand it.

I don't promote illegal activity and I agree that a serious hacking incident can have devastating effects to a business.

I think a more interesting question is in regards to cyber warfare and what you think about nations using it against each other.....in my opinion, I think those hacks are good...

Stating that a person only needs a firewall to be secure is such an ignorant statement. There is so much wrong with it, I won't even get into it here. Go read about the attest new York times incident. They had a firewall AND antivirus ooooooooo. Those hackers must have used voodoo to get in  ;D
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jan 31, 2013 11:32 pm

Re: Hacking: Is it good or bad?

It depends on your definition, and where you got it. I've given hour-long talks on this, so I'll try to be brief. If you take the media's reporting as your basis for the definition of hacking, then it is bad.

If hacking is more like tinkering where you explore something and try to make it do what it was not originally intended to do, then you can hack a computer, hack a network, hack your car, even hack your toaster.

So if you take the more general term for hacking which is to tinker, then it is neither good nor bad. It is what you make it. So I prefer to call the people who use it for bad by a name we all recognize... they're criminals. As with anything, there are brilliant people on both sides. So from an outside perspective, sometimes the lines get blurred.

So we in the 'ethical hacking' business like to always start with permission. If you own the 'something' that is being hacked, then you have permission. If not, then the permission should be in written format by someone who has the authority to grant you that permission. So it ends up not being a question of whether the result is judged as being good or bad. That is way too open for argument. But rather it is whether you have permission or not.

In the end, it is all hacking. And with the above argument, it becomes relatively easy to tell which is ethical and which is criminal. Good or bad? That's in the eye of the beholder.

Agree? Disagree? Additional thoughts? Let's hear them.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Fri Feb 01, 2013 7:16 am

Re: Hacking: Is it good or bad?

I'm with Don. Hacking is not good or bad, it is how the person that posesses these skills uses them. The media has given the term "hackers" a negative meaning as they only feature blackhat incidents under this label and in positive messages speak of "compter professionals / consultants / experts).

Blackhats or criminals are a necessary evil. If they wouldn't be around, there was no security industry or policeforce and hence many people would be without a job. So not expect a completely safe internet ever, it's the same as real life: there will always be risks. Take your precautions and you will be most likely be safe enough.

A fw or anti-virus will not keep you safe from a serious threat. You should determine for yourself how valuable your data is and what level of protection is needed. As long as anything is in a computer there will ALWAYS be a way to get to it.
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
<<

kaztech

Newbie
Newbie

Posts: 6

Joined: Thu Jan 31, 2013 10:47 pm

Post Fri Feb 01, 2013 10:47 pm

Re: Hacking: Is it good or bad?

cd1zz wrote:
It's a strange question. Illegal hacking is bad but it also keeps me employed on the white hat side. Our industry benefits from the Anonymous stuff and also when the media takes an incident and scares the crap out of people that don't understand it.



It is a strange question, but one I've been wondering about.  As both you and others mentioned, without the criminal hackers (I understand they're called crackers?) the white hat hackers would be out of a job.  But if no one hacked, then there would be neither be crackers nor hackers.  Would that be a good thing?  I mean, what would the internet be like if hacking did not exist?  Where does one encounter ethical hacking on the internet anyway?

Let's say our definition of a hacker is someone who is skilled at writing code.  I agree with Don, hacking is what you make of it and can go both ways.  As for cyber warfare, whether or not it's right or wrong all depends on which country you're from, I guess. 

What do you think of the cases where someone hacked into a scientists account, for example, and found that the scientist was using flawed processes to come to produce false data?  Is that hacker right to inform the public?  Who is really at wrong there, and how would one classify the hacker who leaked such information? Thank you so much for you help, as I'm new to this.  I'll be sure to tell my friend that her files aren't as safe as she thought
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Sat Feb 02, 2013 1:14 am

Re: Hacking: Is it good or bad?

A reply on your first part:

If hacking did not exist there would be no internet. The true and old definition of a hacker is somebody who has the need to understand the inner workings of something in order to enhance / improve it or to gain more knowledge.

When using that definition you see a hacker is not restricted to the digital world. The same processes can be adopted to almost any field. People like this are the reason society always advances and comes up with new technology.

Second part: my opinion is that somebody who breaks in a computer and finds information that the public should know about must have the right to publish this. However in real life this is not the case. It usually comes down to profits and money. If there is enough at stake companies will try to sue you and goverments will put you in jail.

Journalists occasionaly publish stuff they get from an anonymous source. That would be the only way I would dare to publish.
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
<<

kaztech

Newbie
Newbie

Posts: 6

Joined: Thu Jan 31, 2013 10:47 pm

Post Sun Feb 03, 2013 12:01 pm

Re: Hacking: Is it good or bad?

Ah, so then the internet wouldn't have gotten to where it is today without hackers?  Interesting. . . I have so much respect for them.  Where do you think hackers of today will take us?  What ethical problems do you (and this is to anyone; your thoughts are quite appreciated!)  think could arise in the future?

I like how you stated your opinion and find myself in agreement with you, but what do you mean by it coming down to profits and money?  What about people who reveal let's say, confidential government information?  They think they're helping to inform people about something they need to know, but they may actually be putting hundreds of people in danger.  Is there anyone who disagrees with sh4d0wmanPP?

Ah yes, but then the problem I sometimes have with such information is the fact that it isn't verifiable.  What's an internet rumor and what's not?  Hard to tell sometimes.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Feb 03, 2013 8:24 pm

Re: Hacking: Is it good or bad?

The general public, have a view such as your friend's. This is because they do not understand that there are professional / ethical hackers like us, on the "good side", to many people, this type of job is surrealistic and incomprehensible, it's only something that exists in the movies, while this type of community on the good side, is in fact, quite large.

Obviously your friend is biased and somewhat newb, as he is only thinking about the script kiddies and black hats, and not thinking about that it was in fact a hacker who invented SSL (HTTPS), and another form of hacker, that invented a lot of other cool things, who was named Nikola Tesla.

It's a shame the general public have this view about hackers, that they are all bad, while a lot of us use a lot of our time, dedicated to learning in a safe and non harmful way, while increasing the security locally, or globally, often completely free. If increasing the security on a local or global scale is bad, then your friend may want to reconsider what is good or bad. (I know this is not what he said, but I am assuming his perception of the hacker world and the security aspect of technology is very limited.)

PS: Yes, it were hackers that invented the Internet.
Last edited by MaXe on Sun Feb 03, 2013 9:41 pm, edited 1 time in total.
I'm an InterN0T'er
<<

kaztech

Newbie
Newbie

Posts: 6

Joined: Thu Jan 31, 2013 10:47 pm

Post Mon Feb 04, 2013 11:14 pm

Re: Ethical Hackers' thoughts on a general misunderstanding of "hacker"?

I myself was of the opinion that all hacking was bad before coming upon this network. I now understand white hat hackers and black hat hackers and that hacking is not confined to digital technology.  Now I'm curious though, what kind of work do you on the good side do?  What are some examples of white hat hacking I may come across on the internet?

Ah, well that's a problem, isn't it?  We don't question who came up with SSL, we just accept that it's there (by "we" I mean your average internet user).  Only when black hats pose a threat to our security do we acknowledge the existence of hackers, so white hats are somewhat overlooked.  I find it strange that you use Nikola Tesla as an example of a hacker.

Thank you for your insight--my friend is quickly learning that not everything is as black and white as she thought when it comes to hacking.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Feb 05, 2013 1:53 am

Re: Ethical Hackers' thoughts on a general misunderstanding of "hacker"?

The reason why I used Nikola Tesla as an example of a hacker, is because he was extremely clever and brilliant, he was way ahead of his time and was hacking together devices still in use today. Hacking is you and many others said, not confined to technology. The original meaning of a hacker was e.g. a person who was extremely good at crafting items out of wood. Of course, you don't have to share my beliefs and generally I wouldn't consider Nikola Tesla as the general kind of hacker, but, he was extremely dedicated to his work, just like any other hacker is, and he knew exactly what he was doing.

It's good to hear your friend is learning that everything is not black and white, there's (even though I don't want to say this), shades of grey in between. (Not 50 though.)

On the good side, depending on what type of role you're in, you will do almost the same as the attackers (blackhats), except you have permission to do so, and that you abide by an ethical code so you won't e.g. sell the client out, blackmail them, or disclose their information, etc.

Examples of work I have done is as follows:
- Web Application Penetration Tests (often few ips or small blocks)
- Web Service Penetration Tests
- Wireless Penetration Tests
- External Network Penetration Tests
(And soon I'll be doing Internal Network Penetration Tests too.)
- External Vulnerability Assessments (of large blocks)
- Vulnerability Research (finding 0days)
- Incident Response (when a client gets hacked by the bad guys..)
- Host Security Assessments (review of OS and/or Service configuration)
- Writing Secure Configuration Standards (for clients)
(And soon, I'll be writing Secure Coding Standards)
- Denial of Service Testing (i.e. stress testing servers.)
- Verifying that a site is e.g. out of a PCI Scope. (Otherwise, they have to get a PCI Assessment, which I don't do. We have a separate team for that.
- Source Code Reviews (I have a few big projects coming up.)
- Social Engineering Penetration Test (I have this type of project coming up soon as well.)

Of course I have also done:
- Marketing Videos for Information Security Conferences (showing how an external penetration test could get Domain Access, all because of an XSS bug to start with, and a MySQL server (the latest) hosted on a Windows server. This video was made months before KingCope released his "bugs".)
- Developing and upgrading internal tools (hacking tools, reporting tools, security tools)
- Developing and upgrading internal lab environment (for demonstrations, Capture-the-Flag contest, testing environments, etc)

And of course, I have used a variety of different risk rating systems, internal, client-based, and CVSS 2.0


Besides that I have done research in a variety of domains (most not released yet), but it spans across network attacks, web application security, etc.

The released stuff is mostly related to web application security. (Where this was released way before I got my job.)
I'm an InterN0T'er
<<

mrvore

User avatar

Newbie
Newbie

Posts: 8

Joined: Mon Sep 24, 2012 7:48 am

Post Fri Feb 22, 2013 7:09 am

Re: Ethical Hackers' thoughts on a general misunderstanding of "hacker"?

This is a topic a talk about all the time with people.  Back in the day when I was growing up a hacker was a programer, a cracker was a code breaker and a script kiddie was some one that did not know how to code and used everyone elses.

Now to what is a hack? A hack is to make something do what you want it to do outside of it's design (or Program).  So hacking is not bad hacking is what make us understand things more and possibly make it operate better.  Breaking an I phone is due to Hacking.  Making a car drive faster or cleaner is a hack.  People Hack everyday all types of ways . . . so I ask you is ahcking BAD?
broke user and failed programmer
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Fri Feb 22, 2013 11:44 pm

Re: Ethical Hackers' thoughts on a general misunderstanding of "hacker"?

All what mrvore said is truth, even though the term script kiddie (and the acronym skiddie) is still widely used  :)
I'm an InterN0T'er
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Feb 24, 2013 8:14 am

Re: Ethical Hackers' thoughts on a general misunderstanding of "hacker"?

Great discussion, I love seeing non-hacker types gain a better understanding of the this world and the community around it.  I don't have anything else to add to the explanation of "Hacker" but I am someone who benefits from the good guys.  I am primarily a defender.  I perform mostly vulnerability assessments and help the org address the findings.  Fix the problems we know about before we call in the heavy hitters.  I can do some minor testing though I need the assistance of tools.  I also assist infrastructure teams with better hardening techniques, use of least privileged accounts, and helping app owners better understand app security test reports.  I spend a great amount of time in this community to better educate myself on the latest techniques used to break systems.  I hope to one day find a niche that I can concentrate more on but for now I will embrace the InfoSec Generalist role.  Jack of all trades, master of none I suppose.  But this group here in particular is great and I am glad to be a part of it.

If you want to see some real hacking in action, try to hunt down a local Hacker/Maker Space.  They do projects for everything from making home made soap to building electronic door locks and 3D printers.  My space runs computer clinics every other month as well as open houses so the public can come in and check out the current projects.
Certs: GCWN
(@)Dewser
Next

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software