A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.^[1] The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country's laws is actually software cracking. Black hat may refer to: Black hat, a malicious computer cracker Black Hat Briefings, a conference focusing on computer and information security trends BlackHat, a Cuban non-profit project related to computer sciences and new technologies Fear of a Black Hat, a 1994 mockumentary about the evolution of American rap... This article describes how security can be achieved through design and engineering. ... A Whitehat, also rendered as White hat or White-hat, is, in the realm of Information technology, a name that describes a person who is ethically opposed to the abuse of Computer systems. ... Richard Matthew Stallman (born March 16, 1953), often abbreviated rms,[1] is an American software freedom activist, hacker,[2] and software developer. ... In a security context, a Hacker is someone involved in computer security/insecurity, specializing in the discovery of exploits in systems (for exploitation or prevention), or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge. ... Copy prevention, also known as copy protection, is any technical measure designed to prevent duplication of information. ... Computer software (or simply software) refers to one or more computer programs and data held in the storage of a computer for some purpose. ... Software cracking is the modification of software to remove protection methods: copy prevention, trial/demo version, serial number, hardware key, CD check or software annoyances like nag screens and adware. ...

Terminology

Use of the term "hacker" is mostly limited (as is "black hat") to some areas of the computer and security field and even there, it is considered controversial. Until the 1980s, all people with a high level of skills at computing were known as "hackers". A group that calls themselves hackers refers to "a group that consists of skilled computer enthusiasts". The other, and currently more common usage, refers to those who attempt to gain unauthorized access to computer systems. Over time, the distinction between those perceived to use such skills with social responsibility and those who used them maliciously or criminally, became perceived as an important divide. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the common usage remains ingrained. Hackers vs. Crackers^[2] The former became known as "hackers" or (within the computer security industry) as white hats, and the latter as "crackers" or "black hats". The general public tends to use the term "hackers" for both types, a source of some conflict when the word is perceived to be used incorrectly; for example Linux has been criticised as "written by hackers". In computer jargon the meaning of "hacker" can be much broader. Social responsibility is an ethical or ideological theory that an entity whether it is a government, corporation, organization or individual has a responsibility to society. ... A Whitehat, also rendered as White hat or White-hat, is, in the realm of Information technology, a name that describes a person who is ethically opposed to the abuse of Computer systems. ... This article is about computer hacking. ...

Usually, a black hat is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many black hats hack networks and web pages solely for financial gain. Black hats may seek to expand holes in systems; any attempts made to patch software are generally done to prevent others from also compromising a system they have already obtained secure control over. A black hat hacker may write their own zero-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, black hats may work to cause damage maliciously, and/or make threats to do so as extortion. An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). ... (Redirected from 0 day) Zero day or 0day refers to software, media, or information that is obtained either slightly prior to or on the day of the official release. ... Extortion is a criminal offense, which occurs when a person either obtains money, property or services from another through coercion or intimidation or threatens one with physical harm unless they are paid money or property. ...

Methods

Techniques for breaking into systems can involve advanced programming skills and social engineering, but more commonly will simply be the use of semi-automatic software. Common software weaknesses exploited include buffer overflow, integer overflow, memory corruption, format string attacks, race conditions, cross-site scripting, cross-site request forgery, code injection and SQL injection bugs. Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. ... In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security. ... In computer programming, an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code. ... This article needs to be cleaned up to conform to a higher standard of quality. ... Format string attacks are a new class of vulnerabilities discovered in June of 2000 previously thought harmless. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. ... Cross-site request forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. ...

Notable crackers and computer criminals

This article does not cite any references or sources. (September 2007) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

Note that many of these individuals have since turned to fully legal hacking.^{[citation needed]} Image File history File links Question_book-3. ...

• Mark Zbikowski — In his senior year at Roeper, c. 1973/4, Zbikowski became known as one of the earliest computer crackers, after cracking the security system on Wayne State University's MTS (Michigan Terminal System, developed at University of Michigan) mainframe for his own amusement. According to Zbikowski, when he offered to show the university how to fix the security leak, university officials threatened prosecution and offered him a job during the same meeting.
• Jonathan James (also known as c0mrade) made unauthorized copies of software controlling the International Space Station's life sustaining elements, and intercepted thousands of electronic messages relating to U.S. nuclear activities from the Department of Defense. Sentenced at age 16, he was the youngest cybercriminal ever incarcerated in the United States.
• Dark Avenger — Bulgarian virus writer that popularized polymorphic code in 1992 as a means to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
• Markus Hess — A West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
• Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into giving out $10 million. To this day, the method used is unknown, but can be speculated.
• Robert Tappan Morris — In 1988 while a Cornell University graduate student, he was the writer of the first worm, Morris Worm, which used buffer overflows to propagate.
• Nahshon Even-Chaim (also known as Phoenix) — Leading member of Australian hacking group The Realm. Targeted US defense and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He and fellow Realm members Electron and Nom were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.
• Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.
• Kevin Mitnick - Mitnick was convicted in the late 1990s of illegally gaining access to computer networks and stealing intellectual property.
• Jon Murdock (also known as Xtasy) — In 2004, Murdock was convicted on multiple counts of cyber-terrorism, Internet fraud, and was then prosecuted for allegedly causing over $12,000,000 in online theft from thousands of stolen PayPal and e-gold accounts. After Murdock's release in 2006 at the age of 19, he was then indicted on another 17 counts of high-tech fraud and was linked to numerous underground "cracking communities" and forums. Murdock will be released from prison in 2008, following a 5-year probationary period.
• David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars' worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.
• Celestino Canto — Creator of the celey Trojan & online theft from thousands of stolen PayPal and e-gold accounts.^{[citation needed]}

Mark Zbikowski aka Mark J. Zbikowski aka Zibo is a Microsoft Senior Software Designer. ... For College in Nebraska, see Wayne State College. ... The University of Michigan, Ann Arbor (U of M, UM or simply Michigan) is a coeducational public research university in the state of Michigan. ... Jonathan James (b. ... ISS redirects here. ... The United States Department of Defense, abbreviated DoD or DOD and sometimes called the Defense Department, is a civilian Cabinet organization of the United States government. ... Dark Avenger (also known as Eddie) was the pseudonym for a famous computer virus writer from Sofia, Bulgaria. ... In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. ... Year 1992 (MCMXCII) was a leap year starting on Wednesday (link will display full 1992 Gregorian calendar). ... Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). ... An Intrusion Detection System or IDS is a software tool used to detect unauthorised access to a computer system or network. ... Markus Hess, a West German citizen, was a computer prodigy and particularly effective hacker. ... West Germany was the informal but almost universally used name for the Federal Republic of Germany from 1949 until 1990, during which years the Federal Republic did not yet include East Germany. ... The armed forces of the United States of America consist of the United States Army United States Navy United States Air Force United States Marine Corps United States Coast Guard Note: The United States Coast Guard has both military and law enforcement functions. ... This article is about the KGB of the Soviet Union. ... Clifford Stoll (or Cliff Stoll) is a U.S. astronomer, computer systems administrator, and author. ... Vladimir Levin is the handle of the mathematician who is alleged to be the mastermind of the Russian cracker gang that stole US$10 million from Citibanks computer system. ... Citibank is a major international bank, founded in 1812 as the City Bank of New York. ... Robert Tappan Morris (born 1965) is an associate professor at the Massachusetts Institute of Technology. ... Year 1988 (MCMLXXXVIII) was a leap year starting on Friday (link displays 1988 Gregorian calendar). ... Cornell redirects here. ... A computer worm is a self-replicating computer program. ... The Morris worm or Internet worm was one of the first computer worms distributed via the Internet; it is considered the first worm and was certainly the first to gain significant mainstream media attention. ... Nahshon Even-Chaim (b. ... Electron was the computer handle of Richard Jones, a member of an underground hacker community called The Realm. ... Kevin Lee Poulsen (far right), pictured circa 2001 with Kevin Mitnick and Adrian Lamo Kevin Lee Poulsen (born 1965 in Pasadena, California, U.S.) is a former black hat hacker. ... SecurityFocus. ... Kevin David Mitnick (born October 6, 1963) is a controversial computer cracker and convicted criminal in the United States. ... In March of 1999, David L. Smith, a 31-year old New Jersey programmer, released the Melissa virus in Aberdeen Township, New Jersey. ... The Melissa worm, also known as Mailissa, Simpsons, Kwyjibo, or Kwejeebo, is a computer worm that also functions as a macro virus, hence making it a multipartite virus. // History First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propogating from... The Federal Bureau of Investigation (FBI) is a federal criminal investigative, intelligence agency, and the primary investigative arm of the United States Department of Justice (DOJ). ...

See also

• Computer crime
• Computer insecurity
• Computer security
• Grey hat
• Hacker (computer security)
• Hacker definition controversy
• Internet troll
• List of convicted computer criminals
• Phrack
• White hat
• Blue Hat

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. ... Many current computer systems have only limited security precautions in place. ... This article describes how security can be achieved through design and engineering. ... A Grey Hat in the computer security community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. ... In a security context, a Hacker is someone involved in computer security/insecurity, specializing in the discovery of exploits in systems (for exploitation or prevention), or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge. ... The terms hacker and hacking have controversial definitions. ... A Do not feed the troll image In Internet terminology, a troll is someone who comes into an established community such as an online discussion forum, and posts inflammatory, rude, repetitive or offensive messages designed intentionally to annoy or antagonize the existing members or disrupt the flow of discussion, including... This article or section does not cite its references or sources. ... Phrack is an underground ezine made by and for hackers that has been around since November 17, 1985. ... A Whitehat, also rendered as White hat or White-hat, is, in the realm of Information technology, a name that describes a person who is ethically opposed to the abuse of Computer systems. ... Blue Hat is a term used to refer to outside computer security consulting firms that are employed to bug test a system prior to its launch, looking for exploits so they can be closed. ...

External Links

XSS Hacker Dictionary: Blackhat Hackers

References

1. ^ http://www.djmnet.org/lore/why-hack.txt
2. ^ http://catb.org/~esr/faqs/hacker-howto.html#what_is