Hacking and Attacking
There has been a definite and distinct evolution of hacking, cracking, and attacking. At one time, it was a compliment to be called a hacker because it meant you took the time to learn things about computers that others did not know and had the discipline and desire to find out what makes a computer tick. These people did not perform malicious acts, but rather were the ones called upon when really tough problems left everyone else scratching their heads.
As computers became more widespread as tools, this definition started to change. The new hackers took on a profile of geeky young men who would rather spend their time pinging computers all over the Internet than looking for dates. Even this profile has evolved. Girls and women have joined this once all-male club and are just as knowledgeable and dangerous as the guys. Hacking is on the rise, and the profile of an attacker is changing. However, the real change in the profile is that the serious attackers indulge themselves for specific reasons and have certain types of damage or fraud in mind.
The dangerous attacker is the one who is willing to do his homework. He will build a profile about the victim, find all the necessary information, and uncover many possible ways of getting into an environment before actually attempting it. The more an attacker knows about the environment, the more access points he has at his disposal. These are usually groups of determined and knowledgeable individuals that are hard to stop.
Another dangerous evolutionary pattern is that the tools available to hackers these days are easy to use. It used to take a certain skill set to be able to enter a computer through a port, reconfigure system files, find the hidden data, and get out without being noticed. Today, there are many tools with graphical user interface (GUI) front-ends that only require a person to enter an IP address or range, and then click the Start button. Some of these tools provide a quiet mode, which means the interrogations and exploit attempts will use methods and protocols that may not show up on intrusion detection systems (IDSs) or cause the user of that computer to recognize something is going on. These tools enable people to carry out sophisticated attacks even if they do not understand the tool or the attack itself.
The proliferation of tools on the Internet, the ease of use of these tools, and the availability of web sites and books describing exactly how to exploit vulnerabilities have greatly increased the hacker population. So, some attack tools whose creation may have required in-depth knowledge of protocol behaviors or expert programming skills are now available to a wide range of people who have not necessarily ever heard of Transmission Control Protocol/Internet Protocol (TCP/IP).
As more vulnerabilities are uncovered every week, many more people are interested in trying out the exploits. Some just want to satisfy their curiosity, some want bragging rights over other hackers, and some have distinct destructive goals to accomplish.
There is another aspect to hacking and attacking, though. It is natural to focus on the evil aspects, but hacking can also be looked at as a continuous challenge to the computing society to come up with better products, practices, and procedures. If hackers were not continually trying to break products, the products would not necessarily continue to evolve in the way they have. Sure, products would continue to grow in functionality, but not necessarily in security.
So maybe instead of looking at hackers as selfish individuals out to cause harm and destruction, they can be looked at as the thorn in the side of the computing society that keeps it on its toes and ensures that the next product will provide greater functionality, but in a secure manner.