How Hackers Work

Introduction to How Hackers Work

Thanks to the media, the word "hacker" has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there's no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community.

Hackers from around the world gather at camps to
practice their hobby and trade tips.

The term computer hacker first showed up in the mid-1960s. A hacker was a programmer -- someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers -- they saw the potential of what computers could do and created ways to achieve that potential.

A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug -- a section of bad code that prevented the program from working properly -- hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they'd happily do for free.

As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning -- a person using computers to explore a network to which he or she didn't belong. Usually hackers didn't have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.

In fact, that's still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious -- they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.

In this article, we'll explore common techniques hackers use to infiltrate systems. We'll examine hacker culture and the various kinds of hackers as well as learn about famous hackers, some of whom have run afoul of the law.

Hackers and Crackers
Many computer programmers insist that the word "hacker" applies only to law-abiding enthusiasts who help create programs and applications or improve computer security. Anyone using his or her skills maliciously isn't a hacker at all, but a cracker.
Crackers infiltrate systems and cause mischief, or worse. Unfortunately, most people outside the hacker community use the word as a negative term because they don't understand the distinction between hackers and crackers.



The Hacker Toolbox

The main resource hackers rely upon, apart from their own ingenuity, is computer code. While there is a large community of hackers on the Internet, only a relatively small number of hackers actually program code. Many hackers seek out and download code written by other people. There are thousands of different programs hackers use to explore computers and networks. These programs give hackers a lot of power over innocent users and organizations -- once a skilled hacker knows how a system works, he can design programs that exploit it.

The ILOVEYOU Computer Virus was a malicious program
that plagued computers worldwide and caused millions of dollars in damages.

Malicious hackers use programs to:

* Hack passwords:There are many ways to hack someone's password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack,meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, program that inserts common words into password fields.
*Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system's hard drive. A hacker might install a virus by infiltrating a system, but it's much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
* Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim's computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone's identity.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
*Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker's system. The hacker can secretly control the victim's computer, using it to commit crimes or spread spam.
*Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages -- the Internet's equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won't be able to read it.

Hacker Hierarchy
Psychologist Marc Rogers says there are several subgroups of hackers -- newbies, cyberpunks, coders and cyber terrorists. Newbies are hackers who have access to hacking tools but aren't really aware of how computers and programs work. Cyberpunks are savvier and are less likely to get caught than a newbie while hacking a system, but they have a tendency to boast about their accomplishments. Coders write the programs other hackers use to infiltrate and navigate computer systems. A cyber terrorist is a professional hacker who infiltrates systems for profit -- he might sabotage a company or raid a corporation's databases for proprietary information [source: Knittel and Soto]



Hackers Culture

Individually, many hackers are antisocial. Their intense interest in computers and programming can become a communication barrier. Left to his or her own devices, a hacker can spend hours working on a computer program while neglecting everything else.

Computer networks gave hackers a way to associate with other people with their same interests. Before the Internet became easily accessible, hackers would set up and visit bulletin board systems (BBS). A hacker could host a bulletin board system on his or her computer and let people dial into the system to send messages, share information, play games and download programs. As hackers found one another, information exchanges increased dramatically.

Some hackers posted their accomplishments on a BBS, boasting about infiltrating secure systems. Often they would upload a document from their victims' databases to prove their claims. By the early 1990s, law enforcement officials considered hackers an enormous security threat. There seemed to be hundreds of people who could hack into the world's most secure systems at will .

There are many Web sites dedicated to hacking. The hacker journal "2600: The Hacker Quarterly" has its own site, complete with a live broadcast section dedicated to hacker topics. The print version is still available on newsstands. Web sites like Hacker.org promote learning and include puzzles and competitions for hackers to test their skills.

Super Phreak
Before computer hackers, curious and clever individuals found ways to manipulate the phone system in a phenomenon called phreaking. Through phreaking, these individuals found ways to make long distance calls for free or sometimes just played pranks on other telephone users.



When caught -- either by law enforcement or corporations -- some hackers admit that they could have caused massive problems. Most hackers don't want to cause trouble; instead, they hack into systems just because they wanted to know how the systems work. To a hacker, a secure system is like Mt. Everest -- he or she infiltrates it for the sheer challenge. In the United States, a hacker can get into trouble for just entering a system. The Computer Fraud and Abuse Act outlaws unauthorized access to computer systems [source: Hacking Laws].

Not all hackers try to explore forbidden computer systems. Some use their talents and knowledge to create better software and security measures. In fact, many hackers who once used their skills to break into systems now put that knowledge and ingenuity to use by creating more comprehensive security measures. In a way, the Internet is a battleground between different kinds of hackers -- the bad guys, or black hats, who try to infiltrate systems or spread viruses, and the good guys, or white hats, who bolster security systems and develop powerful virus protection software.

Hackers work together to create "mashups" of
Yahoo applications at Yahoo Hack Day 2006.

Hackers on both sides overwhelmingly support open source software, programs in which the source code is available for anyone to study, copy, distribute and modify. With open source software, hackers can learn from other hackers' experiences and help make programs work better than they did before. Programs might range from simple applications to complex operating systems like Linux.

There are several annual hacker events, most of which promote responsible behavior. A yearly convention in Las Vegas called DEFCON sees thousands of attendees gather to exchange programs, compete in contests, participate in panel discussions about hacking and computer development and generally promote the pursuit of satisfying curiosity. A similar event called the Chaos Communication Camp combines low-tech living arrangements -- most attendees stay in tents -- and high-tech conversation and activities.

Hackers and the Law

In general, most governments aren't too crazy about hackers. Hackers' ability to slip in and out of computers undetected, stealing classified information when it amuses them, is enough to give a government official a nightmare. Secret information, or intelligence, is incredibly important. Many government agents won't take the time to differentiate between a curious hacker who wants to test his skills on an advanced security system and a spy.

Laws reflect this attitude. In the United States, there are several laws forbidding the practice of hacking. Some, like 18 U.S.C. § 1029, concentrate on the creation, distribution and use of codes and devices that give hackers unauthorized access to computer systems. The language of the law only specifies using or creating such a device with the intent to defraud, so an accused hacker could argue he just used the devices to learn how security systems worked. Concern about hackers reaches up to the highest levels of
government. Here, former Attorney General
Janet Reno testifies about hacker activity.


Another important law is 18 U.S.C. § 1030, part of which forbids unauthorized access to government computers. Even if a hacker just wants to get into the system, he or she could be breaking the law and be punished for accessing a nonpublic government computer [Source: U.S. Department of Justice].

Punishments range from hefty fines to jail time. Minor offenses may earn a hacker as little as six months' probation, while other offenses can result in a maximum sentence of 20 years in jail. One formula on the Department of Justice's Web page factors in the financial damage a hacker causes, added to the number of his victims to determine an appropriate punishment [Source: U.S. Department of Justice].

Other countries have similar laws, some much more vague than legislation in the U.S. A recent German law forbids possession of "hacker tools." Critics say that the law is too broad and that many legitimate applications fall under its vague definition of hacker tools. Some point out that under this legislation, companies would be breaking the law if they hired hackers to look for flaws in their security systems [source: IDG News Service].

Hackers can commit crimes in one country while sitting comfortably in front of their computers on the other side of the world. Therefore, prosecuting a hacker is a complicated process. Law enforcement officials have to petition countries to extradite suspects in order to hold a trial, and this process can take years. One famous case is the United States' indictment of hacker Gary McKinnon. Since 2002, McKinnon fought extradition charges to the U.S. for hacking into the Department of Defense and NASA computer systems. McKinnon, who hacked from the United Kingdom, defended himself by claiming that he merely pointed out flaws in important security systems. In April 2007, his battle against extradition came to an end when the British courts denied his appeal [Source: BBC News].

Hacking a Living
Hackers who obey the law can make a good living. Several companies hire hackers to test their security systems for flaws. Hackers can also make their fortunes by creating useful programs and applications, like Stanford University students Larry Page and Sergey Brin. Page and Brin worked together to create a search engine they eventually named Google. Today, they are tied for 26th place on Forbes' list of the world's most wealthy billionaires

Black Hat Hackers

Thanks to Hollywood, black hat hackers have become the iconic image of all hackers around the world. For the majority of computer users, the word hacker has become a synonym for social misfits and criminals. Of course, that is an injustice created by our own interpretation of the mass media, so it is important for us to learn what a hacker is and what a black hacker (or cracker) does. So, let's learn about black hat techniques and how they make our lives a little more difficult. .What Is Black Hat Hacking?

A black hat hacker, also known as a cracker or a dark side hacker (this last definition is a direct reference to the Star Wars movies and the dark side of the force), is someone who uses his skills with a criminal intent. Some examples are: cracking bank accounts in order to make transferences to their own accounts, stealing information to be sold in the black market, or attacking the computer network of an organization for money.

Some famous cases of black hat hacking include Kevin Mitnick, who used his black hat hackers skills to enter the computers of organizations such as Nokia, Fujitsu, Motorola and Sun Microsystems (it must be mentioned that he is now a white hat hacker); Kevin Poulsen, who took control of all the phone lines in Los Angeles in order to win a radio contest (the prize was a Porsche 944 S2); and Vladimir Levin, which is the handle of the mastermind behind the stealing of $10'000,000 to Citigroup.

How To Defeat The Attempts Of A Black Hat Hacker

In order to survive in the World Wide Web, there are certain things that we need to know in order to endure. The first one is that each computer user is responsible for his machine and the data that it contains. It doesn't matter if a transnational spends hundreds of millions of dollars in IT security if an absent-minded employee downloads and installs unauthorized software or falls into the email scheme of black hat hackers.

Basic Knowledge :

So, the first thing that we need to know is that computers, and networks, are like houses. If they don't have the windows and doors properly secured, anyone can enter. There are thousands of hackers in the internet looking for computers with unsecured entrances. Even worse, they have programs making the search for them. If you consider that there are hundreds of millions of computers in the world, then it is highly probable that an important percentage of them aren't properly secured.

Firewall :

In order to secure our "house", we need to have a firewall installed and properly configured. A firewall is like a lock that assures that all the entrances to your computer are properly closed, so no one from the outside can access it..

Anti Virus Software :

Another useful piece of software is the antivirus. Antivirus have been around since the first personal computers since viruses have always existed. Unfortunately, the internet has generated a demographic explosion and now they wander, freely, through the net. There are several software packages in the market, so test the ones with which you feel more comfortable and stay with the one that is more convenient for you.

Regular Updates :

The next step is to update your operating system, especially if it is Windows XP. Ninety percent of the worldwide operating system market is owned by Microsoft. For that reason, it is the preferred choice for crackers in the entire world. They are constantly looking for ways to bypass the security of this operating system, looking for weaknesses of all kind (even in something as innocent as the Media Player). In order to stop them, maintain your operating system updated.

Education in Security Techniques :

Finally, if you are inside a company, assure yourself that the users are trained. They must be able to detect if they are being victims of cracker scam. It can be through the internet messaging system, an email or even an innocent looking PowerPoint attachment sent by a friend. People are the last line of defense against black hat hacking.

Over time, black hat techniques have become more advanced and complex. Although there are computer software programs that can help a cracker in many ways, it is still a profession that requires a knack for computer software and hardware. So, as you may have noticed, black hat hackers will never disappear, which means that we need to have our computers, and our networks, prepared.

Adrian Lamo:

Adrian Lamo (born 1981) is an infamous former Black hat hacker and journalist, principally known for breaking into a series of high-security computer networks, and his subsequent arrest. Best known among these were his intrusions into The New York Times and Microsoft. He is also known for attempting to identify security flaws in computer networks of Fortune 500 companies and then notifying them of any found; while still illegal in many places without permission, this can be seen as a form of unsolicited penetration testing.



Personal :
Lamo was born in Boston, Massachusetts to Mario Lamo and Mary Lamo-Atwood. He spent his early childhood in Arlington, VA, until moving to Bogot?, Colombia around the age of 10. When his family moved back to the United States two years later, they settled in San Francisco, where Adrian lived until he tested out of High School a year early.

Dubbed the "homeless hacker" for his transient lifestyle, Lamo spent most of his travels couch-surfing, squatting in abandoned buildings and travelling to Internet cafes, libraries and universities to investigate networks, and sometimes exploit security holes. Despite performing authorized and unauthorized vulnerability assessment for several large, high-profile entities, Lamo refused to accept payment for his services. In the past, his lifestyle allowed him to travel up and down the coasts of the United States, often by bus, carrying all necessary possessions in a backpack.


Professional :
Since Lamo's sentencing, he has entered the early stages of a career as an award-winning journalist, studying at American River College, with writing, photography, and editorial work / collaboration appearing in Network World, Mobile Magazine, 2600 Magazine, The American River Current, XY Magazine, and others.

Lamo has interviewed personalities ranging from John Ashcroft, to Oliver Stone to alleged members of the Earth Liberation Front. Lamo also has a history of public speaking - he was a keynote speaker at a government security conference in 2005 alongside Bruce Schneier, and a panelist at the Information Security In the Age of Terrorism conference.

Lamo has shown signs of increased cooperation with media since his release from federal custody, including a podcast interview with Patrick Gray in Australia, and an April 2007 segment on 88.1 WMBR out of Cambridge.


Activities and techniques :
Adrian Lamo is perhaps best known for breaking into The New York Times internal computer network in February 2002, adding his name to confidential databases of expert sources, and using the paper's LexisNexis account to conduct research on high-profile subjects, although his first published activities involved operating AOL watchdog site Inside-AOL.com. The Times filed a complaint and a warrant for Lamo's arrest was issued in August 2003 following a 15 month investigation by federal prosecutors in New York.

At 10:15 AM on September 9, after spending a few days in hiding, he surrendered to the US Marshals in Sacramento, California. He re-surrendered to the FBI in New York City on September 11, and pleaded guilty to one count of computer crimes against Microsoft, Lexis-Nexis and The New York Times on January 8, 2004.

Later in 2004, Lamo was sentenced to six months' detention at his parents' home plus two years probation, and was ordered to pay roughly $65,000 in restitution. He was convicted of compromising security at The New York Times and Microsoft, and is alleged to have admitted to exploiting security weaknesses at Excite@Home, Yahoo!, Microsoft, MCI WorldCom, Ameritech, Cingular and has allegedly violated network security at AOL Time Warner, Bank of America, Citigroup, McDonald's and Sun Microsystems.

Companies sometimes use proxies to allow their employees access to the internet, without giving the internet access to their internal network. However, when these proxies are improperly configured, they can allow access to the company's internal network. Lamo often exploited this, sometimes using a tool called ProxyHunter.
Critics have repeatedly labelled Lamo as a publicity seeker or common criminal, claims that he has refused to publicly refute. When challenged for a response to allegations that he was glamorizing crime for the sake of publicity, his response was "Anything I could say about my person or my actions would only cheapen what they have to say for themselves." When approached for comment during his criminal case, Lamo would frequently frustrate reporters with non sequiturs such as "Faith manages" and "It was a beautiful day."

At his sentencing, Lamo expressed remorse for harm he had caused through his intrusions, with the court record quoting him as adding "I want to answer for what I have done and do better with my life."
As of January 16, 2007, Lamo's probation was terminated, ending a three-year period during which the U.S. District Court's ruling prevented him from exercising certain freedoms, including the ability to employ any privacy protection software, travel outside certain established boundaries, or socialize with security researchers.

DNA controversy :
On May 9, 2006, while 18 months into a two year probation sentence, Adrian Lamo refused to give the United States government a blood sample they demanded so as to record his DNA in their CODIS system. According to his attorney, Adrian Lamo has a religious objection to giving blood, but is willing to give his DNA in another form. "He went in there with fingernail clippings and hair, and they refused to accept it, because they will only accept blood," said federal public defender Mary French.

On June 15, 2007, lawyers for Lamo filed another motion citing the Book of Genesis as one basis for Lamo's religious opposition to the frivolous spilling of blood: "The Book of Genesis leaves unambiguous this matter. Therein, those who would spill the blood of man are rebuked as follows: 'Whoever sheds the blood of man, by man shall his blood be shed; for in the image of God has God made man.' Genesis 9:6 (New International Version)."

Lamo continued: "Under this admonition, not only would I be blinding myself to the direct instructions of scripture by shedding blood, but I would similarly be casting whomever facilitated this act into sin, multiplying my culpability," setting the basis for defense counsel Mary French to urge US District Court Judge Frank Damrell to exempt Lamo from the sampling entirely, or to order his probation officer to accept some other biological product in lieu of blood, as previously offered by Lamo.

On June 21, 2007, it was reported that Lamo's legal counsel had reached a settlement agreement with the U.S. Department of Justice granting Lamo's original request. According to Kevin Poulsen's blog, "On Wednesday, the Justice Department formally settled the case, filing a joint stipulation along with Lamo's federal public defender dropping the demand for blood, and accepting cheek swabs instead." Reached for comment, Lamo reportedly affirmed to Poulsen his intention to "comply vigorously" with the order.

Can You Hack It?
Can You Hack It?, a documentary covering Lamo's life and times, is slated for release under the care of Trigger Street Productions. Directed by Sam Bozzo, it features Apple Computer co-founder Steve Wozniak, TechTV personality Leo Laporte, and narration by actor Kevin Spacey. The film explores the practical and ethical themes of modern computer hacking, intertwining Lamo's story with those of controversial figures throughout history.

Jonathan James:

Jonathan James (born 11 May 1981), full name Jonathan Nicholas William James, raised in the university-town of Uppsala. Jonathan is an IT security professional, but is also a recognized music producer in the pop and hiphop genre (signed to Bonnier Music Group). His music production credits include music for San Quinn, Ya Boy, Shade Sheist, Redrum, D.N.A., The Jacka, Ron G and more.



In 1999 James released a software-package which guarded computers against backdoors and trojans like NetBus and Back Orifice. Later that same year he released Cassandra Gold, which could detect and remove the top 25 backdoors and trojans. Cassandra Gold was well received with a user-base of some 25 000 including the US Air Force, NASA, the U.K. Patents office.

In 1999 he collaborated with the FBI and Richard M. Smith (as well as Fredrik Bj?rck) in the hunt for the author of the Melissa worm, contributing to the conviction of worm-author David L. Smith.

Later, in 2000 Mr. James contested the findings of Fredrik Bj?rck (at that time, a computer-science researcher at Stockholm University). Bj?rck claimed that the ILOVEYOU worm was written and spread by a German exchange-student by the name of Michael living in Australia.
Bj?rck's accusation led to the confiscation of Michael's computers. James then began investigating the worm origins together with the FBI. The investigation concluded that the worm originated from the AMA Computer University and that Onel A. de Guzman was a contributing author of the worm. The findings later contributed to the arrests of Onel A. de Guzman and Michael Buen.

James founded an IT-security consultancy, which he later left due to dissent with the investors. He is currently finishing his degree in Education and political sciences as well as lecturing, developing strategies and tools for intelligence gathering purposes.

KEVIN MITNICK:

KEVIN MITNICK:

Kevin David Mitnick (born October 6, 1963) is a controversial computer hacker and convicted criminal in the United States.
Mitnick was convicted in the late 1990s of illegally gaining access to computer networks and stealing intellectual property. Though Mitnick has been convicted of computer related crimes and possession of several forged identification documents, his supporters argue that his punishment was excessive.

Mitnick served five years in prison, of which four and a half years were pre-trial, and eight months were in solitary confinement. He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially restricted from using any communications technology other than a landline telephone. Mitnick fought this decision in court, and the judge ruled in his favor, allowing him to access the Internet.
Mitnick now runs Mitnick Security Consulting, a computer security consultancy.




Early life :
Kevin Mitnick began social engineering or perhaps discovered his first engineerable situation at the age of 12. He realized he could bypass the punchcard system used for the Los Angeles bus system: by buying his own punch, he could get free bus rides anywhere in the greater LA area. Social engineering became his primary method of obtaining information, whether it be user names and passwords, modem phone numbers or any number of other pieces of data.

In high school, he was introduced to phone phreaking, the activity of manipulating telephones which was often used to evade long distance charges for his benefit..

Computer hacking :
Mitnick broke into his first computer network in 1979, when a friend gave him the phone number for the Ark, the computer system at Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC's computer network and copied DEC's software, for which he was later convicted. This was the first of a series of run-ins with the law..

Acts by Kevin Mitnick :
Using the Los Angeles bus transfer system to get free rides
Evading the FBI
Hacking into DEC system(s) to view VMS source code (DEC reportedly spent $160,000 in cleanup costs)
Gaining full admin privileges to an IBM minicomputer at the Computer Learning Center in LA
Hacking Motorola, NEC, Nokia, Sun Microsystems and Fujitsu Siemens systems

Alleged :
Stole computer manuals from a Pacific Bell telephone switching center in Los Angeles
Read the e-mail of computer security officials at MCI Communications and Digital
Wiretapped the California DMV
Made free cell phone calls
Hacked SCO, PacBell, FBI, Pentagon, Novell, CA DMV, USC and Los Angeles Unified School District systems.

Kevin Mitnick myths:
Hacked into NORAD
"Theft of... at least 20,000 credit card numbers from computer systems around the nation"
Ability to launch nuclear weapons by whistling into a payphone
Issued a false press release for Security Pacific Bank causing a $400 million loss in market capitilization
Changed a judge's TRW credit report
Wiretapped FBI agents
Turned off the utilities of an FBI agent
Vandalized many government, corporate and university computer systems.
Hacked into Tsutomu Shimomura's home computer
Harassed actress Kristy McNichol.

Controversy :
Kevin Mitnick's criminal activities, arrest, and trial were controversial, as was the journalism surrounding his conviction.
The controversy is highlighted by the differing views offered in two books: John Markoff and Tsutomu Shimomura's Takedown, and Bendelladj Hamza's The Fugitive Game. Littman made four notable allegations:

journalistic impropriety by Markoff, who had covered the case for the New York Times
overzealous prosecution of Mitnick by the government
mainstream media over-hyping Mitnick's actual crimes
Shimomura's involvement in the matter being unclear or of dubious legality
Further controversy came over the release of the movie Takedown, with Littman alleging that portions of the film were taken from his book without permission.

The case against Mitnick tested then-nascent laws that had been enacted for dealing with computer crime, and it raised public awareness of security issues involving networked computers. The controversy remains, however, as Mitnick is often used today as an example of the quintessential computer criminal although his exploits are less notable than his notoriety suggests.

Supporters of Mitnick have asserted that many of the charges against him were fraudulent and not based on actual losses.
Falsehoods have also surrounded Mitnick's exploits. For example, many mistakenly believe that Mitnick was once in the FBI's most wanted list. Federal prosecutor Kent Walker said in an interview with the New York Times that Mitnick " was arguably the most wanted computer hacker in the world, he allegedly had access to corporate trade secrets worth millions of dollars. He was a very big threat". The headline of the resultant article, "A Most-Wanted Cyberthief Is Caught in His Own Web," was later picked up by Associated Press, Time Magazine and Reuters, thus perpetuating the myth.

While Mitnick's actual actions may not have justified the level of official concern they received, the fact that his activities were criminal is not disputed. Mitnick's first adult criminal sentence was considerably shorter than is the norm today.
The film Freedom Downtime, a documentary that centers on the topics of Kevin Mitnick's incarceration in a maximum security prison, Miramax's film's screen adaptation of Takedown, and the "FREE KEVIN" movement, was made in 2001 by Emmanuel Goldstein and produced by 2600 Films.

Attacks on Mitnick's sites :
On August 20, 2006, Kevin Mitnick's site was defaced by Palestine PHP Emperor with offensive messages against him. The domain names defensivethinking.com, mitsec.com, kevinmitnick.com and mitnicksecurity.com displayed the vandalism for hours before the affected files were replaced.


Mitnick commented: The Web hosting provider that hosts my sites was hacked, fortunately, I don't keep any confidential data on my Web site, so it wasn't that serious. Of course it is embarrassing to be defaced-nobody likes it.

As a notorious figure, Mitnick has been targeted by hackers who wish to bolster their status and for people seeking to prove their abilities.
Zone-H reports that on one occasion, there was a struggle between different black hat and white hat hackers when some defacers put their nicks on Mitnick's site and fans replaced the vandalized copy with an original unmodified one. This went on for a full day.

Recent activity :
Kevin Mitnick is now a professional computer consultant (doing business as Mitnick Security Consulting, LLC), and has co-authored two books on computer security: The Art of Deception (2002), which focuses on social engineering, and The Art of Intrusion (2005), focusing on real stories of security exploits.

He co-authored (with Alexis Kasperavicius) a social engineering prevention training course and certification: CSEPS.
On August 20, 2006, a Syrian editor, Nidal Maalouf, accused Mitnick of stealing his domain name (Syria-news.com). He falsely claimed that Mitnick is the FBI's No.1 wanted person for illegal acts against a number of internet sites. Maalouf was interviewed by the local newspaper "Bourses & Markets", and the interview was quoted by Al-Ayham Saleh on his personal website.

Mitnick occasionally appears on the late night radio show Coast to Coast AM. He has also hosted the show, interviewing Steve Wozniak (on April 30, 2006) and others.

Mitnick has spoken at events: IAPP (International Association of Privacy Professionals) Privacy Academy in Las Vegas, October, 2005 (keynote speaker); National Youth Leadership Forum on Technology in San Jose, CA, in the summer of 2004; the Fifth H.O.P.E. in New York, NY, July, 2004 (keynote speaker); ITESM Monterrey Tec, in February 2003 (keynote speaker).

Kevin Mitnick was a "surprise guest" in the 40th TWiT podcast when he ran into Steve Wozniak by chance in Las Vegas. Wozniak was on the line with fellow TWiT hosts via Skype on his notebook computer, and Mitnick remained with Wozniak for much of the remainder of the show.
Kevin Mitnick appeared on "Thebroken", an online videozine marketing itself as 'borderline legal.' He appeared on the third episode of the show, but was given mention in the first.

Mitnick guest starred in a first season episode of Alias. The casting was an in-joke, since Mitnick played a CIA hacker. Due to the conditions of his parole, however, the computer he used in the scene was a prop.

Kevin Mitnick appeared on the South African actuality programme "Carte Blanche".

On 2 March 2007, the WELL declined his application for admission, refunding his membership fee.
Mitnick teamed up with John Walsh on the November 10, 2007 episode of America's Most Wanted on a segment on Edward Pena, another computer hacker.

ROBERT TAPPAN MORRIS :

Robert Tappan Morris (also known as rtm, born 1965 (age 42-43)) is an associate professor at Massachusetts Institute of Technology, in the Institute's department of Electical Engineering and Computer Science. He is best known for creating the Morris Worm in 1988, considered the first computer worm on the Internet. He is the son of Robert Morris, the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA)..

Robert Tappan Morris

The worm :

Morris created the worm while he was a graduate student at Cornell University. The original intent, according to him, was to gauge the size of the Internet.

He released the worm from the Massachusetts Institute of Technology (MIT) to conceal the fact that it actually originated from Cornell. Unknown to Morris, the worm had a design flaw. The worm was programmed to check each computer it found to determine if the infection was already present.

However, Morris believed that some administrators might try to defeat his worm by instructing the computer to report a false positive. To compensate for this possibility, Morris directed the worm to copy itself anyway, fourteen percent of the time, no matter the response to the infection-status interrogation.

This level of replication proved excessive and the worm spread rapidly, infecting several thousand computers. It was estimated that the cost of repair for the damage caused by the worm at each system ranged from $200 to more than $53,000.

The worm exploited several vulnerabilities to gain entry to targeted systems, including:
a hole in the debug mode of the Unix sendmail program,
a buffer overrun hole in the fingerd network service,
the transitive trust enabled by people setting up rexec/rsh network logins without password requirements...

Biography :

1987 - Received his A.B. from Harvard.

1988 - Released the Morris worm (when he was a graduate student at Cornell).

1989 - Indicted under the Computer Fraud and Abuse Act of 1986 on July 26, 1989 - the first person to be indicted under this Act.

1990 - Convicted and sentenced to three years of probation, 400 hours of community service, a fine of $10,050 and the cost of his supervision.

1995 - Founded Viaweb, a start-up company that made software for building online stores - with Paul Graham.

1998 - Viaweb sold to Yahoo, who renamed it software Yahoo! Store.

1999 - Received Ph.D. in Applied Sciences from Harvard.

1999 - Appointed as a professor at MIT.

2005 - Founded Y Combinator, a venture capital firm - with Paul Graham.

2006 - Awarded tenure.

2006 - Technical advisor for Meraki Networks.

His principal research interest is computer network architectures which includes work on distributed hash tables such as Chord and wireless mesh networks such as Roofnet.


Morris is a longtime friend of Paul Graham (Graham dedicated his book ANSI Common Lisp to him) and Graham named the programming language that generates the online stores' web pages RTML in his honor.

KEVIN POULSEN :

Kevin Lee Poulsen (born 1965 in Pasadena, California, U.S.) is a former black hat hacker. He is currently a senior editor at Wired News.

Kevin Lee Poulsen

Biography:-
Before segueing into journalism, he had a notorious career in the 1980s as a cracker whose handle was Dark Dante. He worked for SRI International by day, and hacked at night.
During this time, Poulsen taught himself lock picking, and engaged in a brash spree of high-tech stunts that would ultimately make him one of America's best-known cyber-criminals.
Among other things, Poulsen reactivated old Yellow Page escort telephone numbers for an acquaintance that then ran a virtual escort agency.

His best-appreciated hack was a takeover of all of the telephone lines for Los Angeles radio station KIIS-FM, guaranteeing that he would be the 102nd caller, and netting him a Porsche 944 S2.

When the FBI started pursuing Poulsen, he went underground as a fugitive. When he was featured on NBC's Unsolved Mysteries, the show's 1-800 telephone lines mysteriously crashed. He was finally arrested in April 1991.
In June 1994, Poulsen pleaded guilty to seven counts of mail, wire and computer fraud, money laundering, and obstruction of justice, and was sentenced to 51 months in prison and ordered to pay $56,000 in restitution. At the time, it was the longest sentence ever given for cracking. He also pleaded guilty to breaking into computers and obtaining information on undercover businesses run by the FBI.

Poulsen enjoyed brief celebrity in the tech world upon his release from federal prison, and was the subject of the book Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen, a work which Poulsen himself has decried.
Poulsen has reinvented himself as a journalist since his release from prison, and sought to distance himself from his criminal past. Poulsen served in a number of journalistic capacities at California-based security research firm SecurityFocus, where he began writing security and hacking news in early 2000.
Despite a late arrival to a market saturated with technology media, SecurityFocus News became a well-known name in the tech news world during Poulsen's tenure with the company and was acquired by Symantec. His original investigative reporting was frequently picked up by the mainstream press. Poulsen left SecurityFocus in 2005 to freelance and pursue independent writing projects. He became a senior editor for Wired News in June 2005, which hosts his recent (as of 2006) blog, 27BStroke6, which has since been renamed Threat Level.

In October 2006, Poulsen released information detailing his successful search for registered sex offenders using MySpace to solicit sex from children. His work identified 744 registered persons with MySpace profiles, and led to the arrest of one, Andrew Lubrano.