Hackers (computer security)

from Wikipedia, the free encyclopedia
A team of computer security hackers at DEFCON 17.

Hackers from the field of computer security deal with security mechanisms and their weak points. While the term also includes those who seek security vulnerabilities in order to point out or correct them, it is used more often by the mass media and in the general public to refer to people who illegally break into other systems. Accordingly, the term has a strong positive or negative connotation, with hackers being distinguishable from script kiddie : a hacker has deep basic knowledge, a script kiddie does not.

Depending on the motivation and loyalty to the laws, a distinction is made between white hat , gray hat and black hat hackers, with black hats and scriptkiddies in particular also being referred to as crackers .

White, gray and black hats

After a group of teenage hackers known as The 414s infiltrated numerous computer systems across the United States in 1983, Congressman Dan Glickman called for an investigation and new laws against hacking. Neal Patrick, the then 17-year-old spokesman for the hacking group, was interviewed in the United States House of Representatives about the dangers of hacking on September 26, 1983 , and six computer crime bills were brought before the House of Representatives that same year. In Germany, computer sabotage in general, and the unauthorized manipulation of data in particular, was included in the Criminal Code as a special form of property damage in August 1986 ( Section 202a , Section 303a and Section 303b of the StGB).

After the introduction of the cyber crime laws, white hat , gray hat and black hat hackers began to differentiate themselves depending on the legality of their activities:

White hats

White hats use their knowledge both within the law and within the hacker ethics , for example by carrying out professional penetration tests.

Gray hats

Gray-hat ( gray hats ) may violate laws or restrictive interpretations of the hacker ethic, but to achieve a higher goal. For example, by publishing security holes in order to make denial impossible and forcing those responsible to fix them. Gray hats are characterized by the fact that they cannot be clearly classified as good or bad .

Black hats

Black hats act with criminal energy on behalf of governments or organizations and intend, for example, to damage the target system or steal data ( cyber war ).

In the absence of a clear dividing line between good and bad , this subdivision makes little reference to real people and rather stands as a concept for a certain type of hacking.


In western films released in the United States between the 1920s and 1940s, white hats were primarily worn by heroes, while black hats were reserved for the antagonists to illustrate the contrast between good and evil.

Controversy on the term hacker

In response to bad press, the Jargon File has taken the position since 1990 that the term hackers should be disapproved of for those groups of people who emphasize the evasion of security mechanisms, regardless of their motivation , and instead suggests crackers . The demand to use a different word was not noticed by the press or was largely ignored.

Hackers from the field of computer security, especially the part that sees themselves as law-abiding, continue to raise a right to use the hacker term and only accept the designation as crackers for the darker-colored directions. They, too, are sometimes required to make a clear distinction between hackers and crackers. However, some crackers that are demarcated in this way would also like to be called hackers.

In addition, scriptkiddies are crackers in computer security. They use ready-made automatisms to penetrate third-party computer systems (usually under written instructions) or to cause other damage. Although they lack the deep basic knowledge of the subject, which is necessary for the term hacker, scriptkiddies are usually referred to as hackers within tabloid journalism .

Popular techniques

Social engineering
Describes a technique that allows the hacker to obtain the information sought after through social contacts.
Trojan horse
A Trojan horse is a program that is disguised as a useful application, but performs a different function in the background without the knowledge of the user.
This term describes a part of a computer program (often built in by the author) that enables users to gain access to the computer or to an otherwise protected function of a computer program, bypassing normal access protection. An example is the universal password for a BIOS or special software (usually secretly installed by a Trojan) that enables appropriate remote access to the computer system.
Rootkit technology is used to hide certain objects and activities from the eyes of the user. They are usually installed on the compromised system after a computer system has been broken into, in order to hide secret processes and files and to hide future logins from the intruder.
Denial of Service (DoS)
Means a suspension of a network service, for example due to overload.
An exploit is a computer program or script that exploits specific weaknesses or malfunctions in another computer program in order to obtain extended privileges or to carry out a DoS attack.
Vulnerability Scanner
This technique is used for the automatic analysis of computer systems. Utility programs search specifically for security gaps in an application, a computer or a network and can help to identify vulnerabilities.
A sniffer implements the technology to receive, record, display and, if necessary, evaluate the data traffic of a network or a device connected to the computer. For example, a network sniffer can be used to spy on passwords and view transmitted data.
A technique for recording keystrokes, for example to access various access data.
A computer virus is a computer program or script that has the special property of reproducing itself once it is executed. This causes the virus to get onto other storage media, such as network drives and removable media. Through the interaction of the user who connects an infected removable medium to another system or starts an infected file, the virus code is also executed there, whereby other systems are infected by the virus. In addition to secret distribution, the malicious function of the virus can make changes to the system that the user cannot control. In this way it is possible to compromise numerous computers in a company network or even servers from the Internet in a semi-automated manner.
In contrast to the virus, the computer worm needs a utility program already installed on the system, which it uses to copy itself to another system. This could be, for example, a specific e-mail program that the worm controls remotely in order to distribute itself to all addressees entered there. Depending on the type of utility program, the worm code can sometimes even execute itself on the newly infected system, which means that no interaction with the user is necessary in order to spread further from there. Therefore this method is very efficient. However, the worm cannot reproduce on systems that do not have the necessary utility.
physical access
An often underestimated way of gaining access is to get into the premises where security-critical hardware is located.

Historical outline from the area of ​​phreaking and computer security

Chroniclers of the hacker culture go back to antiquity in their search for the origin. The Greek invention of the Trojan horse is considered by some to be the very first hack. Telegraph operators (since the mid-1840s) and telephone networks (since the late 1870s), often as technology enthusiasts as hackers today, used their knowledge to use the network for their own purposes. They are considered to be the forerunners of today's hackers. One of the most famous among them was the inventor Thomas A. Edison . The corresponding use of the word hacker is closely linked to the history of the computer, with hackers in the field of network and computer security emerging from the subculture of phreaking :

In 1971 , Yippie Abbie Hoffman published methods of avoiding toll payments to telephone companies in his book Steal This Book and a newsletter called Youth International Party Line . In the same year a corresponding report appeared in the glossy magazine Esquire , and a year later in the radical magazine Ramparts . As a result, the era of free calling, known as phreaking, is born . This represents the first distinctive association between the term hacking and overcoming security barriers, in connection with which the hacker John T. Draper , also known as Captain Crunch , and Joybubbles are often mentioned.

In 1973 the two later founders of Apple , Steve Wozniak and Steve Jobs , are also active in the phreaking field and build blue boxes together with John T. Draper .

Logo of the Chaos Computer Club , the most influential association of hackers in Germany, where security issues are its main field of activity.

In 1981 the Chaos Computer Club (CCC) was founded, a German association by and for hackers, which mainly works in Germany for matters relating to data protection, freedom of information and data security and advocates a human right to communication. It is founded to give hackers a platform so that they can report activities and discovered security gaps without fear of prosecution.

In 1982 , a group of six teenagers broke into about 60 institutional computer systems ranging from laboratories in Los Alamos to Manhattan's Sloan-Kettering Cancer Center before being arrested. The group of hackers is called Milwaukee The 414s after the area code for their location . They were caught by the FBI the following year, which made the case very popular. However, due to the legal situation at the time, most of them will not be charged. Her story can be found in the cover story of the Newsweek article Beware: Hackers at play from September 5, 1983. This is the first use of the word hacker in national media, which use the term in a derogatory way.

In 1983 the film WarGames appears and leads the general public to the phenomenon of mass paranoia in front of hackers and their alleged ability to cause a nuclear catastrophe through hacking. At the same time, the Secret Service receives a department for credit card and computer fraud.

In 1984 the first annual Chaos Communication Congress , the oldest and largest international hacker conference in Europe, starts . In the same year, with the BTX hack , the CCC proves a weak point in the BTX system of the Federal Post Office, which was previously known as secure. Also in 1984 someone who calls himself Lex Luthor founds a hacker group called Legion of Doom ( LoD / H ), which later becomes one of the most famous hacker groups and fights a bitter battle with a rival group Masters of Deception . In the early 1990s, a collaboration between the Secret Service and the FBI broke up both groups of hackers, with many of their members arrested.

In 1985 , Loyd Blankenship (a well-known American hacker who calls himself The Mentor ) was arrested, whereupon he published a letter called Hacker's Manifesto , which is still often quoted today . It gives a rough insight into the emotional world of a hacker of the phreaking culture at the time. In the same year, a Hanoverian hacker group around Karl Koch and Markus Hess began a series of break-ins into various Western computer systems in order to sell the data to the Russian secret service (KGB). The hacks are made possible by a bug in the Emacs component movemail . It was not until March 1989 that the police and the Federal Intelligence Service finally succeeded in smashing the hacking group, with the KGB hack attracting public attention because it was the first known cyber espionage case.

In 1987 the organization Computer Emergency Response Team (CERT) is founded, which is financed by public funds and issues warnings of security gaps as promptly as possible. In the same year, hackers from northern Germany succeed in gaining access to the systems in the SPANet operated by NASA and ESA, which is later referred to as a NASA hack .

In 1988 , out of curiosity , Robert Tappan Morris wrote a program that automatically searches for known vulnerabilities on the UNIX system. It is able to use these vulnerabilities to copy itself to other systems and execute there. When his attempt got out of hand, the computer world is confronted with the first worm that spreads via the ARPAnet (the predecessor to the Internet) and, thanks to its constant spreading routine, blocks over 6,000 networked government and university computers. In the same year, an inadequately secured computer system succeeded for the first time in relieving the First National Bank of Chicago by US $ 70 million. A little later, the hacker Kevin Mitnick , alias condor , is arrested for secretly monitoring the e-mails of security staff at MCI Communications and Digital Equipment Corporation (DEC). Eight months in solitary confinement and another six months in Half Way House are the result of his act. After that, he is said to have penetrated the Pentagon network several times , largely with the help of social engineering . He is also charged with breaking into the NSA system and penetrating the NORAD network, although he himself has always denied the latter. He was considered the most wanted person in the US for more than five years, until he was arrested again by the FBI in 1995 and initially held for two years without a trial. Also in 1988, Kevin Poulsen was accused of tampering with telephone systems. However, a successful indictment did not come until 1993 in which he and two of his friends, Ronald Austin and Justin Peterson, were accused of manipulating numerous radio sweepstakes between 1990 and 1993. The trio took control of all of the radio station's phone lines, ensuring that only their own calls got through, winning two Porsches, $ 20,000, and some trips. Kevin Poulsen then spent five years of his life in prison.

1990–1999 The emergence of worms and viruses increases rapidly during this period. In 1993 the first DEFCON , an annual hacker conference, started in Las Vegas . In the mid-1990s, the US Federal Audit Office reported that hackers attempted to access Defense Department files an average of 250,000 times a year. According to their report, about 65 percent of the attempts are successful. In 1997, a 15 year old Croatian youth broke into the computers of an air force base in Guam, USA. A group of hackers to Natasha Grigori , founder of antichildporn.org first time to use their skills in the hacking story to the distribution of child pornography to pursue targeted and pass on their information to the guardians of the laws. In 1998, two hackers were sentenced to death by a court in China. The first organized, politically motivated hacker attacks took place in the USA at the end of the 1990s.

2000–2005 At the beginning of 2000, DDoS attacks become popular, a variant of DoS that is automatically carried out by several computers at the same time. Politically motivated hackers deface the websites of the Indian and Israeli governments to draw attention to the repression in Kashmir and Palestine. Exposed to constant hacker attacks, Microsoft interrupts its development and for the first time sends over 8,000 programmers to a training course designed to avoid programming weak points in the future.

2015–2016 The spread of IOT devices opens up the possibility for attackers to create bot networks of unprecedented size. Due to a lack of or missing security mechanisms, IOT devices (including IP cameras , smart home devices, ...) can be attacked fully automatically and infected with malware . In contrast to PCs - the usual victims of malware - these devices are mostly unattended by users, which means that the malfunction of the devices is rarely recognized. These distributed bot networks are great for DDoS attacks. This method was followed by the attack on Dyn's network .

Hacker magazines

A number of underground magazines have been set up since the 1980s to exchange information among hackers . Examples are 2600 magazine and the now only irregularly published Phrack . This development was pushed by the Phreaks of the early 1970s, who passed their information on in illegal underground magazines such as TAP .

However, there are also magazines that are completely legal. A well-known German-language magazine is Datenschleuder, which is published irregularly by the Chaos Computer Club .

See also


  • Thomas Ammann, Matthias Lehnhardt, Gerd Meißner & Stephan Stahl: Hackers for Moscow. German computer spies in the service of the KGB. Wunderlich, Reinbek 1989, ISBN 3-8052-0490-6 .
  • A. Curic: Computers, Hackers, Pioneers. The pioneers of our digital world. Lingen Verlag, Bergisch Gladbach 1995.
  • Suelette Dreyfus : Underground. Tales of hacking, madness, and obsession on the electronic frontier. Mandarin, Kew / Australia 1997, ISBN 1-86330-595-5 .
  • Boris Grondahl: Hacker. Rotbuch-Verlag, Hamburg 2000, ISBN 3-434-53506-3 ( Rotbuch 3000 TB 3007).
  • Katie Hafner , John Markoff : Cyberpunk. Outlaws and Hackers on the Computer Frontier. Simon & Schuster, New York NY a. a. 1995, ISBN 0-684-81862-0 ( A Touchstone Book ).
  • Pekka Himanan: The Hacker Ethics and the Spirit of the Information Age. Riemann, Munich 2001, ISBN 3-570-50020-9 .
  • Egmont R. Koch , Jochen Sperber: The data mafia. Computer espionage and new information cartels. Rowohlt Verlag, Reinbek near Hamburg 1996, ISBN 3-499-60247-4 ( Rororo 60247 rororo non-fiction book ).
  • Armin Medosch , Janko Röttgers (Ed.): Netzpiraten. The culture of electronic crime. Heinz Heise Verlag, Hannover 2001, ISBN 3-88229-188-5 ( Telepolis ).
  • Kevin D. Mitnick , William L. Simon: The Art of Deception. Human risk factor. mitp Verlag, Bonn 2003, ISBN 3-8266-0999-9 .
  • Denis Moschitto , Evrim Sen : Hackerland. The scene's log. 3rd updated and expanded edition. Tropen-Verlag, Cologne 2001, ISBN 3-932170-29-6 .
  • Denis Moschitto, Evrim Sen: Hackertales. Stories from friend + enemy. Tropen-Verlag, Cologne 2000, ISBN 3-932170-38-5 , website .
  • Glyn Moody: Rebel Code. Linux and the open source revolution. Allen Lane, London et al. a. 2001, ISBN 0-7139-9520-3 (Also: Penguin Books, London 2002, ISBN 0-14-029804-5 ).
  • Tamás Polgár ( Tomcat ): FREAX. The brief History of the Computer Demoscene. Volume 1. CSW-Verlag, Winnenden 2005, ISBN 3-9810494-0-3 .
  • Clifford Stoll : Cuckoo's Egg . The hunt for the German hackers who cracked the Pentagon. 5th edition, updated new edition. Fischer-Taschenbuch-Verlag, Frankfurt am Main 2001, ISBN 3-596-13984-8 ( Fischer 13984).
  • Ed Skoudis: Counter hack. A step-by-step guide to computer attacks and effective defenses. Prentice Hall PTR, Upper Saddle River NJ 2002, ISBN 0-13-033273-9 .
  • Ed Skoudis, Tom Liston: Counter hack reloaded . Prentice Hall, Upper Saddle River NJ 2006, ISBN 0-13-148104-5 .

Web links

Individual evidence

  1. see Hacker (PDF; 3 MB) - presentation slides by Frank Kargl (CCC Ulm, 2003) which give an overview of the roots and history of the hacker movement from the point of view of the CCC.
  2. Timeline: The US Government and Cybersecurity. In: The Washington Post , April 14, 2006.
  3. see David Bailey: Attacks on Computers: Congressional Hearings and Pending Legislation . In: 1984 IEEE Symposium on Security and Privacy. 1984, p. 180, doi: 10.1109 / SP.1984.10012 .
  4. Jeremy Agnew: The Old West in Fact and Film: History Versus Hollywood . McFarland, 2012, ISBN 978-0-7864-6888-1 , p. 131.
  5. Since jargon file 2.1.1 of 1990, the term cracker, and not hacker, has been used in academic hacker culture for someone who maliciously breaks or switches off security barriers ( CRACKER: One who breaks security on a system. Coined c. 1985 by Hackers in defense against journalistic misuse of HACKER ... ).
  6. See The Kids are out to play. In: Telepolis .
  7. a b c d e see Boris Grondahl: Hacker. ISBN 3-434-53506-3 .
  8. see Jonas Löwgren's lecture notes on Origins of hacker culture (s) ( Memento from January 16, 2013 in the Internet Archive )
  9. Ron Rosenbaum: Secrets of the Little Blue Box ( Memento of the original on 14 October 2007 at the Internet Archive ) Info: The archive link is automatically inserted and not yet tested. Please check the original and archive link according to the instructions and then remove this notice. . In: Esquire Magazine . October 1971 ( online ( Memento of the original from December 16, 2007 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this note. ).  @1@ 2Template: Webachiv / IABot / www.webcrunchers.com @1@ 2Template: Webachiv / IABot / www.webcrunchers.com
  10. see Report Warns of Security Threats Posed by Computer Hackers . In: The New York Times . May 23, 1996.
  11. ^ Flashpoint - An After-Action Analysis of the Mirai Botnet Attacks on Dyn . In: Flashpoint . October 25, 2016 ( flashpoint-intel.com [accessed November 11, 2016]).