What separates a "newbie" and an "experienced" hacker is defined by two ideas: finding/researching security flaws in a target system, and hiding one's location. For many, its a simple matter to hack a computer - run a scanner, get an exploit, and break in. But alas, this is (ironically) the least secure methods of hacking. You leave your IP address all over your actions, and its a simple matter of asking your ISP "who was where on this date".
So what would make a hack (more) professional? A professional would do all they could to keep themselves from being traced. Once you're caught, that's Game Over. You're in the slammer for life, and there's very little you can do about it. So experienced hackers employ a few trick to hide their location; Lets examine them:
There's two ways of hiding yourself on the 'net. The first way is through phone bouncing and the second is through computer/box bouncing. Imagine this example:
Joe Hacker was payed by Company Y to hack into company X. Joe doesn't want to live in a jail and "drop the soap," so he tries to hide his location. He will do the following things (in this order)
1. Find a good spot to connect his laptop to the phone network. Laptops are portable and allows Joe to flee the scene if anyone suspicious comes along. The phone network lets Joe connect to a phone-based ISP. The phone network also allows Joe to do a few other tricks...
2. Fire up a wardialer and search a block of phone numbers. When you call a phone number, often you'll get a ringing noise on the other end (duh). But sometimes companies will leave certain phone numbers for outgoing phone calls, so when Joe calls one number, he can then call another number immediately. Its the same idea as using your phone card to call one place after another. Joe is also a smart kid - he'll scan 800-numbers so that he can call anywhere in the world, without having to pay long-distance bills.
3. Find a free ISP-account (such as NetZero) to use for their 1st hacking attempts. Joe would like to have tons of cracked ISP-accounts for later, but he can't hack the ISP without being on the internet. Problem? No, because certain ISPs, such as NetZero, let you on for free, giving Joe the time he needs to safely find a few vulnerable computers and hack into other ISPs.
4. Scan the internet for vulnerable computers and anonymous proxies. These serve to hide Joe's IP address over the internet, else Joe's target may call Joe's cracked ISP, which in turn calls Joe's phone company, and then things get much harder for Joe. So by using computers to bounce his packets off of, Joe can effectively hide himself on the internet.
---Note--- Joe bounces his call around the phone network to hide his "real" location. Joe bounces his attack around the internet to hide his "virtual" location. Tu comprendes?
5. Carry out the hack. Joe has effectively hidden himself on the internet, and now carries out his attack on Company X. Its game over, because tracing Joe would reqire assitance from the ISP, the phone company, and possibly the police in Joe's area (quite a massive undertaking).
In conclusion, what do we learn from Joe's actions? We learn that being completely anonymous on the internet is impossible, but we can get pretty close to it. Such a hack would require skill in areas other than computing, such as phones (called "phreaking"). Learning this much requires skill, no questions asked. But most importantly, we learn that covering your tracks is all important. Once you're compromised, its Game Over. You can't come back from something like that.
August 23rd, 2002, 02:34 PM
A professional hack is rewriting your linux kernal to do SMP with a dual AMD motherboard. A professional hack is getting samba to play nice with XP home edition.
What you are talking about is not professional at all. Its still criminal, just done with more skill.
August 23rd, 2002, 02:39 PM
You my friend, are in idiot. I'm really sick of idiots like you, coming to this site, giving Newbies a bad name. Did you even read the Newbie FAQ? Don't you know this site is ANTI-hacking. Just like souleman said, what you're describing is criminal and not professional. I hope this post gets deleted.
August 23rd, 2002, 03:01 PM
Read Newbie FAQ before posting.
August 23rd, 2002, 04:02 PM
I'm ashamed of the comments I've recieved from this post. Its all how you interpret it. Is not "Hacking Exposed" (a great read) just a book of 'sploits? Is Kevin Mitnick just a low down criminal? Is anyone who dares point out how something could be done be considered a "menace to society"? Why do police have bomb squads? They're teaching people how to make bombs! Yet from learning how to make bombs, they learn how to disassemble them. That was my aim for this post. For all of you to understand how hackers operate, and how to shut them down.
I also admire the audacity of those who try to slam me. For example:
"You give newbies a bad name"
Isn't newbies a bad name in and of itself? Aren't you already putting them down by using that word? Aren't newbies a bad thing, and not a good thing? Because I've never met a newb with a "good name." Why don't you tell me about one?
I'm deeply sorry if I've offended anyone, but what can I do? But keep the stupid pointless, "lets all jump on the bandwagon and bash someone" quotes to yourselves.
August 23rd, 2002, 04:06 PM
Dude.. You seriously do give newbies a bad name. Now.. from one person to another, Delete the thread. Please. So that you won't be negged to a bann. I'm just trying to give you advice. Btw, whining about it will only make it worse.
August 23rd, 2002, 04:09 PM
If you really meant no harm by this post, then here's a little advice. When you write something like this, write it from a defensive point of view. You're post doesn't explain what steps can be taken to prevent attacks of this nature. You're wording in this post also gives the impression that you are promoting hacking attacks of this nature.
As far as "Hacking Exposed" is concerned, I love that book. Yes it does show exploits but it also lists measures that can be used to prevent them.
August 23rd, 2002, 04:16 PM
Here's the thing, in my opinion. The thing is well written, however this is providing information to aid in illegal activity. This site is here to prevent such illegal activities from occurring. When you, a newbie in relation to this site, have posted an article condoning illegal activities it holds you in a negative light. I'm not impressed. I can strip apart and rebuild my kernel for SMP and BPF. I can rewrite bits of code to increase the support for unsupported hardware types for a FreeBSD server. In my opinion, this is power. What you are describing is the act of a common criminal. You want to impress someone, write an in depth report on how to prevent the above steps from ocurring. Then perhaps it will be better recieved in the community. As it stands right now, this aids one in their efforts to learn the brick count of a 6' x 6' cell and nothing more.