Computers & Technology >
Hacking
Get a Widget for this title
RSS FeedDoes it take a hacker to catch a hacker?
Results so far:
| Yes | 76% | 97 votes | Total: 127 votes | |
| No | 24% | 30 votes |
Yes
Write now
Print
Invite a writer™
Add to FavoritesI read a very well known and respected Linux publication regularly, I love the informative, timely and well researched articles that appear on their pages, but it was the editorial page that caught my attention the other day, they where describing that their site had been hacked, and there was a little light hearted banter in the editorial between the boss and the subordinate that administered the site, about the application of security patches and certain OS upgrades, that would have prevented the attack in the first place.
It was the white hackers or the authors and owners of the site and mag, that found out that there was malicious code inserted into their site by a black hacker, and not the ordinary net citizens, that regularly log into the site to catch up with the latest community gossip.
I use this analogy of white and black to illustrate that within the hacking community there are usually two distinct camps of people, the black hacker's are those that want to do harm, or are inquisitive to the point that they become a nuisance to site administrators, and the white hackers are comprised of the developers and community minded individuals, that consistently repair, patch, upgrade, inform and generally secure the underlying OS, that your computer hardware hosts, that makes computers manageable and usable for the rest of us.
I consider myself quiet experienced in the running of a computer and the peripherals that accompany it, but when it comes to deciphering the code that constitutes a DoS attack on someones site server, or home computer, (and I've tried to read a few of them,) it leaves me with an all too familiar blank look on my face, I have read with great interest how one hacker caught another hacker that had intended using his site to host bots that where to be used in a DoS attack on other internet servers, by tracing log files, traffic, his own ingenuity and some damn fine coding, to the point that he turned the tails on the (black) hacker so that he was the one that eventually got hacked.
Now if that was me and remember I consider myself quiet good, I would never have even realized that my site or system would have been comprised in the first place, you need someone who is familiar, intimate and fluent in the most inner working of computer languages to help guard those of us that are lees blessed in that department, so that we don't fall fowl to their dark machinations.
It would be interesting to see how Johnny_come_ordinary _net _citizen would handle or combat a VMBR on their system without the help, guidance or coding skill of a white hacker or developer to combat the malware infection, as the Mums or dads of the world wouldn't even know they've been infected, or a running a compromised system ,that is until they go to take some money out of the bank, and it's then and only then that they realize that all their hard earn savings have been stole, by the key logger, that's been inserted into their system, and it has been lodging and sending all that information, to the author of the VMBR malware, since their system first became infected.
How do they combat that? they can't, as usually they have just enough information to start a computer, and navigate a few certain sites, that family, friends or work colleges have told them they should visit, they blindly trust and believe that the security software that's been on their computer since the day they bought it will protect them even though it's never been updated, or the trial ware has just plain expired and their been running an unsecured system since.
No to catch a hacker (black or gray), you need hacker, to combat them. The recent SSL security issue within the Linux community would only confirm that. As to untrained eyes everything was fine security certificates appeared valid, and trustworthy and people could do and conduct business as usual, but it's only to the trained code ordinated eyes, did it become apparent (although painfully too late), that the code and the underlying security implications of the vulnerable certificates and the black hacking communities intentions to exploit them necessitated a quick and concise fix, but not by a community of untrained individuals, but rather by skilled hackers, who are passionate and dedicated to their craft.
Learn more about this author, Art Redwood.
Click here to send this author comments or questions.
No
It decidedly does not take a hacker to catch a hacker, while some exposure to the world of hacking or even a background as a hacker may aid someone to catch other hackers.
Criminal hackers, or crackers, use techniques such as social engineering and targeted phishing, known as "spear-phishing" to convince their targets to reveal information or allow them access to their systems. These deliberate acts are not so special that we need special schools to figure them out.
Even programming skills themselves are not required learning for people intent on a career in pursuing the crackers. In 2007, a public appeal went out from representatives at universities and computer security-related firms to request that criminal hacking techniques, such as the authoring of malicious code and computer viruses, not be taught in the classroom or be made required learning for students. There are several obvious motivations for this appeal; here are two:
The first reason was that such specialized knowledge is not required to pursue the criminal hacker. Because antimalware and antivirus procedures had been separately developed in proprietary methods by members of the computer security industry, there is therefore no need or connection to the knowledge and skills employed by real crackers.
The second reason was that there is a voluntary movement afoot to limit the proliferation of criminal hacking techniques, so the teaching of them would be off-message, immoral, and unethical in the computer security field.
The only way to make cracking uncool is to downplay it and to publicly disassociate the professionals from it so that consumers of computers and computer security products will continue to use such products and services with continued confidence. Without such disassociation, the professional computer and computer security industry, along with vocational and academic institutions that train new employees for them, will not remain profitable.
Does it take a hacker to catch a hacker? Hackers may be helpful to provide insight on the techniques employed by crackers, and even on their motivations for doing something at all. The criminal vision of crackers may be more accessible to hackers who can then direct appropriate responses to them. But empathy for, and actual capturing of, hackers are not the same thing, so we cannot ignore that non-hackers are the ones who routinely catch the hackers.
Law enforcement professionals, some with information technology backgrounds and many without, are usually the ones to catch the crackers after following money trails and patterns of social engineering revealed by Internet presences and websites and robot computer networks established by the crackers. Tracking down crackers on the anonymous Internet is a monumental feat that hackers can only provide some insight into, but will not have the resources available to law enforcement and Internet service providers who handle the bulk of the legwork of following the paths to crackers.
Learn more about this author, Raleigh Stout.
Click here to send this author comments or questions.
Difference of opinion? Debate now.
