Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

A hacker is a person who is knowledgeable enough about some computer system to be able to exploit that system in some way. This has both good and bad connotations. A hacker might work long hours to learn about a system, and then come up with some way to make that system do something it wasn't designed to do. Unfortunately, the more modern definition of a hacker is someone who illegally breaks into a system. Based on that description, the opposite of a hacker is a "good citizen."

Related to hacking is cracking (breaking encryption schemes), spoofing (masquerading as another user to gain access to a system), sniffing (listening to traffic on a network to gain useful information), and phreaking (illegally gaining access to phone lines). These activities are performed by internal malicious users and the underground community of pranksters, hardened criminals, industrial spies, and international terrorists who want to break into your systems for profit and pleasure. John O'Leary of the Computer Security Institute says that "the biggest problem with the hacker threat is that hacking is fun!"

It is believed that hundreds or even thousands of unemployed computer experts have begun to attack systems around the world. They are especially skilled at break-ins. In 1994, a Russian hacker cracked Citicorp's electronic funds transfer system more than 40 times and managed to transfer millions of dollars into other accounts. He was eventually arrested, but Citicorp apparently never figured out how he broke into the systems. A large British bank has reportedly been paying ransom to a hacker that has proved on several occasions that he has the power to bring down their information system.

Bill Hancock is a security analyst who has been paid to break into companies and systems in order to find their weaknesses. His exploits are outlined in the April 1996 issue of Network Security magazine (http://www.elsevier.com/locate/netsec). In one case, he showed up at the computer room with network hardware in hand. Employees helped him into the communication closet where he was able to install phone taps. In another case, he walked into a company's branch office claiming to work for the corporate office. He asked for some space where he could get work done before a plane flight. They gave him a spare office that had a live network connection. He hooked a network analyzer into the connection and monitored traffic on the network. In another case, he created a fake user ID with a "magnetic strip" made of electrical tape. Then he waited for someone to enter a secure area and entered with them as they held the door.

One of the most basic hacking techniques is portscanning, a technique that is used to discover the services being offered by a host. The hacket uses an automated program that attempts to make a connection to every one of the TCP ports available on a system. A response from any port indicates that it is active. The hacker sees active ports as doors that can be opened so that attacks can be stages. See "Ports."

Part of being a hacker, cracker, or spoofer is gaining information about a target company and its computer systems. A popular trend among hackers is to get a job as a janitor at the target site they intend to attack. While on-site, information can be collected to help in the attack, such as information stored on desktop computers or passwords left on sticky notes!

The following RFCs provide important information about protecting sites and systems against hacker attacks. Also see "Firewall" and "Security" for additional RFCs and Web links.

• RFC 1704 (On Internet Authentication, October 1994) describes authentication technologies that can protect systems.


• RFC 2196 (Site Security Handbook, September 1997) provides extensive information on security incident handling. See Section 5 in the RFC.


• RFC 2350 (Expectations for Computer Security Incident Response, June 1998) describes techniques for handling and reporting security intrusions.


• RFC 2504 (Users' Security Handbook, February 1999) provides users with information to help keep networks and systems secure.


• RFC 2827 (Network Ingress Filtering: Defeating Denial of Service Attacks Which employ IP Source Address Spoofing, May 2000) discusses filtering techniques to prohibit attacks.


• RFC 3013 (Recommended Internet Service Provider Security Services and Procedures, November 2000) discusses security requirements that the Internet community expects of Internet service providers.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.