Hacking & Phreaking

Andrew Winokur
 Myth: Hackers
are evil people who want
to do nothing more than destroy
 Fact: The
term “hacker” is a vague term,
that can represent many different ideas
People used huge mainframe computers hosted by
university facilities; originally used to push programs
beyond their design (e.g. MIT hacking electrical
trains to allow them to perform faster
First Bulletin Board System (BBS) was created where
large corporations, universities, and governments
could connect to. Nicknamed MAC for MultipleAccess Computers
John McCarthy hacked/crashed the MAC system,
which created a following
• Even corporations would hack the Bulletin Board
System, committing industrial espionage
• The administrators of the MAC would encourage
this behavior
• This sense of freedom to do whatever one
wanted augmented with the seemingly endless
challenges of finding new ways to break
something started the hacker culture
Different type of hacker emerged called phone hackers or
“phreakers” (combination of the words “phone” and
Phreaking started by a blind child named Joe Engressia
By whistling a certain pitch on a phone, he realized he could
turn any recorded message off (due to telephonic systems
back then using a multifrequency system which relied on
certain pitches to function)
By whistling the right tones at the right time, Joe Engressia
could place free calls anywhere in the world
Later on, a man named John Draper found a whistle in a
Captain Crunch cereal box which could reproduce the exact
pitch (2600 kHz) needed to place a free call
John Draper appropriately nicknames himself Captain
Crunch, and call other phreakers in the world about his
discovery, inspired invention of phreaking boxes
The Blue Box was made by phreakers to emulate
any multifrequency pitch
Joe Engressia and Draper were later
arrested, but the publicity from this
made phreaking even more popular
Around this era, the amount of practicing hackers
increased exponentially due to two reasons:
• Personal Computers finally being made available to the public
at a reasonable price
• Movies such as Wargames both glorifying hacking and making
it look easy
Hacking groups began to form such as the 414s
(accused of 60 computer break-ins), Legion of
Doom, and Germany’s Chaos Computer Club
2600: Hacker Quarterly is released
Government begins taking precautions against
cybercrime, formed Comprehensive Crime Control
Act (gives Secret Service jurisdiction over credit card
and computer fraud)
Government also created the Computer Fraud &
Abuse Act (declared it a crime to break into
computer systems)
Government formed the Computer Emergency
Response Team (CERT) in 1987, which handles
computer security incidents
1990’s and beyond…
The 1990s and beyond have been full of both big an small
hacker attacks. These attacks have ranged from breaking
into and defacing Web sites to attacking the United States
Department of Defense’s computers 250,000 times
Hacking was still being glorified in this period with the 1995
film Hackers , although many hackers did not seem to
approve of this movie
Script Kiddies become rampant on the Internet, giving
hackers a bad reputation
In the hacking hierarchy, a Script Kiddie is often seen
as the lowest position in the totem pole as far as respect
and skill is concerned
A Script Kiddie is usually a juvenile who run scripts or
programs developed by others to attack computer
systems and networks
A Script Kiddie is always considered malicious and
often defaces or “tags” websites much like a graffiti
artist tags a train or a wall. Script Kiddies are also
known to use viruses, worms, backdoors, and trojan
One of the most popular programs that Script Kiddies use is
Sub7, a backdoor program
A backdoor allows one to bypass normal
authentication and allow access into the system from the
Sub7 allows one to do things such as keylogging, changing
system settings, loading obscene websites, webcam
capturing, and many other things
Due to Script Kiddies’ acts, much of the world’s population
assimilates them into the category of a hacker. This has
brought on an ill reputation towards hackers and has
unfortunately become the stereotype of what a hacker is.
Black Hat hackers became the most publicized kind of
Unlike a Script Kiddie, hackers are experts in breaking
into computer systems and often create their own tools
or scripts
Along with website vandalism, Black Hat hackers also
use technology for credit card fraud, identity theft, and
intellectual property theft
White Hat hackers, on the other hand, are the “ethical”
hacker who focuses on securing and protecting IT
Many White Hat hackers are often hired by companies
to test the integrity of their systems
Grey Hat hackers are those who follow an ambiguous
guideline and fall between being destructive or not.
Jonathan James, who became the first juvenile to be sent to prison
for hacking
James installed a backdoor into a Defense Threat Reduction
Agency server, which allowed James to view confidential emails
and capture employee usernames and passwords
James also cracked into NASA computers, stealing software worth
about $1.7 million. James was charged only with spending six
months under house arrest with probation
Kevin Mitnick is another famous hacker who was so famous that he
had two movies made after him: Freedom Downtime and
Mitnick was convicted for breaking into the Digital Equipment
Corporation’s computer network and stealing software
Tim Berners-Lee, created the World Web Consortium and
senior consultant at MIT. Was caught for hacking mischief
at Oxford University
Richard Stallman is another White Hat hacker who
eventually would go on to create The GNU Project, a free
operating system
Stallman worked at MIT’s Artificial Intelligence Labs and
was notorious for removing computer access restrictions.
Whenever a password system was installed, Stallman
would hack it, remove the passwords, and send a message
to everyone on the system saying that the system has
been removed.
A cryptographic attack is a way of getting around a
system by trying to decrypt data without prior
access to a key.
• Brute Force Attack
 Systematically attempt to crack a password using
every possible key. Depending on the length of the
password, this can take from as little as a few hours to
year length spans
• Dictionary Attack
 Using a text file full of dictionary words being loaded
into a cracking application such as L0phtCrack
DoS attacks attempts to deny legitimate access to one’s
DoS attacks do not retrieve or alter data and are broken
down into two types, but rather shut down company servers
Denial of Service attacks can be broken down into one of
two categories:
• Denial of Service by saturation consists of flooding or
“saturating” a machine with requests so it can no longer
respond to actual requests
• Denial of Service by vulnerability exploitation
involves exploiting a flaw in the remote system, making it
 Ping
of death
 Fragment
Ping of Death is one of the oldest network
attacks. So old that no recent systems are
vulnerable to it anymore
The Ping of Death involves creating a data packet
whose total size exceeds the maximum
authorized size (65,536 bytes)
When the packet is sent to a system with a
vulnerable TCP/IP stack, it will cause the system
to trash
The fragment attack exploits the fragmentation principle of
the IP protocol
• The IP fragments large packets of data into several IP packets,
each with their own identification number and sequence
• The recipient reassembles the smaller data packets back into
the large packet based on the offset values they contain
Fragment attacks involve inserting false offset information
into fragmented packets causes a system to crash due to
empty or overlapping fragments
Most recent systems aren’t vulnerable to this attack
An old DoS attack dating back to 1997, which
sends a packet with the same IP address and port
number in both the source and destination fields
of IP packets
The name of this attack originates from the name
given to the first distributed source code that
made it possible to implement this attack,
A DoS attack which relies on network saturation
A SYN flood involves sending multiple SYN requests by using a
host with a nonexistent or falsified IP address to the victim, who
tries to respond back to the IP address, waiting for confirmation
that never arrives
The victim’s connection table eventually fills up waiting for
replies and any new connections are ignored
Although newer Operating Systems manage resources better,
they are still vulnerable to this type of DoS attack
A SYN flood is unique from other DoS attacks in that it can be a
gateway to other attacks such as disabling one side of a
connection in TCP hijacking or by preventing authentication
between servers
Other Hacking Techniques
Because many DoS attacks have been prevented
through TCP/IP protocol fixes, hackers have turned
to exploiting the application layer instead,
specifically targeting web applications
Some of these attacks consist of:
 URL manipulation
 Cross-site scripting
 SQL command injection
URL Manipulation
A URL can usually be split up into five distinct parts: protocol,
password, server name, port, and path
By changing any of these parts, it is possible to access data you
normally wouldn’t have known about
 http://www.wiu.edu/users/yk106/CS484.html
It is often up to White Hat hackers to provide countermeasures
against such vulnerabilities
Cross-site Scripting
Cross-site scripting target websites that dynamically display user content
without checking and encoding the information entered by users
XSS works by inserting malicious code into a website under the guise of
a trustworthy source. When the user clicks on the link, it allows hackers
to recover data exchanged between the user and the website the user is
interacting with
Example: Hackers coding a display form to fool a user and get him or
her to enter authentication information
It is usually up to the White Hat hacker or web page designer to make a
website secure from XSS. This is done by verifying the format data
entered by users and encoding displayed user data by replacing special
characters with their HTML equivalents
SQL Injections
SQL Injections are attacks against websites that use relational
databases such as MySQL, Oracle, DB2, etc
If the web page designer does not verify parameters passed in an
SQL query, a hacker could easily gain access to and modify anything
he or she wants in the database
By inserting certain characters in an SQL query, it is possible to either
link together several SQL queries or simply ignore the rest of a query
Again, it is up to the designer to provide countermeasures. Some
things that they can do to prevent such attacks are to avoid accounts
without passwords, keeping the privileges of used accounts to a
minimum, and verify the format of input data and presence of special
SQL Injections Continued
ORIGINAL: INSERT INTO employee (fname) VALUES('Michael');
INJECTION: Michael');DROP TABLE employee;
TURNS INTO: INSERT INTO employee (fname)
VALUES('Michael');DROP TABLE employee;');
Throughout the history of computer development, hackers have
always been at the forefront of what is possible and have always
tried to push what is thought to be impossible
With each new technological development comes a wave of
hackers ready to push the envelope. The general opinion of
hackers gets a bad rap in light of the media exposure to Black
Hat hackers. As a result, the term “hacker” receives scorn from
the general public and is often used in conjunction with other
words like “virus” and “malware”.
As a result, the term “hacker” becomes a general label for all the
things bad that come from our computers. This must be
corrected. If it were not for our real hackers, many of our
current technological developments would have yet to be
developed and those technologies that we take for granted
would simply not exist.

similar documents