Hacking, Cracking, and Other Malicious Behavior
Although most people have succumbed to using the term hacked when they refer to illegal intrusions, the term cracked might be more proper. Cracked refers to that condition in which the victim network suffers an unauthorized intrusion. There are various degrees of this condition. Here are a few examples:
-
The intruder gains access and nothing more (access being defined as simple unauthorized entry on a network that requires—at a minimum—a login and password).
-
The intruder gains access and destroys, corrupts, or otherwise alters data.
-
The intruder gains access and seizes control of a compartmentalized portion of the system or the whole system, perhaps denying access even to privileged users.
-
The intruder does not gain access, but instead forges messages from your system. (Folks often do this to send unsolicited mail or spam.)
-
The intruder does not gain access, but instead implements malicious procedures that cause the network to fail, reboot, hang, or otherwise manifest an inoperable condition, either permanently or temporarily. These type of attacks are usually classified as denial-of-service (DoS) attacks.
Modern security techniques have made cracking more difficult. However, the distance between the word difficult and the word impossible is still wide. Today, crackers have access to a wealth of security information, most of which is freely available on the Internet. The balance of knowledge between crackers and bona fide security specialists is not greatly disproportionate. In fact, it is arguable that each side possesses components that the other side lacks, which makes the balance all the more interesting.
This chapter shows that cracking is a common activity—so common that assurances from anyone that the Internet is secure should be viewed with extreme suspicion. To drive that point home, I will begin with governmental entities. After all, defense and intelligence agencies form the basis of our national security infrastructure. They, more than any other group, must be secure.