Anti-hacking School

Lesson 2

By Boris Loza, PhD, CISSP

Hello again!

In this second lesson we are going to learn how hackers can be categorized. What are their variants, or rather, specific species? You will learn how hackers classify themselves based on their special interests, knowledge, and beliefs. Although hackers’ intentions remain the same – to illegally break into computer systems - they pursue different targets and use different methods to achieve their goals:

"Specialization"

- CARDER - An individual who specializes in stealing and selling credit card information from the Internet.
- PHREAK - An individual who uses his/her knowledge of the telephone system to make calls at the expanse of another person. Phreak is short for phone phreak (freak spelled with a ph, like phone is).
- PHRACKER - An individual who combines phone and computer hacking.
- CRASHER - An individual who enjoys breaking into computers and destroying them.
- CYPHER-PUNK - An individual who attempt to break codes and foil security systems.
- SAMURAI - A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic locksmith.
- SNEAKER - An individual hired to break into places in order to test their security (member of a so-called Tiger Team).

Knowledge

- SCRIPT KIDDIES - The lowest form of cracker; script kiddies do mischief with scripts and programs written by others, often without understanding the exploit they are using. Used by people with limited technical expertise using easy-to-operate, preconfigured, and/or automated tools to conduct disruptive activities against networked systems. Since most of these tools are fairly well-known by the security community, the adverse impact of such actions is usually minimal.
- LAMER - In hacker culture, a lamer is one who scams codes off others rather than doing cracks or really understanding the fundamental concepts.
- UBERHACKER - The highly technical and very capable hacker. Uberhackers are very skilled hackers, very advanced, capable and use more technical ways of getting into systems.

Beliefs

- HACKTEVIST - An individual who combines hacking with political activities.
- CYBERTERRORIST - Somebody who uses Internet and the information and Communication Technologies to disrupt computer networks. They can be considered a kind of hackers acting for a political or religious cause.

Also, hackers could be divided by what "hats" they wear. A WHITE HAT is someone who professes to be a "good guy," although how they define "good guy" might be open to interpretation. A BLACK HAT is usually understood to be a "bad guy," which usually means a lawbreaker. Someone other than the black hats themselves usually bestows the black hat appellation. Few hackers consider themselves black hats, as they usually have some sort of justification for their criminal activities. A GREY HAT is someone who falls in between, because he or she doesn’t meet the arbitrarily high white hat ideals.

Why are all the hackers so concerned over names and titles? Some theorize that the name game is a way to hide from the real issue of the ethics of what they are doing.

Now that we have some idea about what the various types of hackers are, we will continue our lesson with some practical stuff. Following many requests from end-users we will learn how we can protect ourselves from e-mail spam (also known as junk e-mail) that is used by all groups of hackers mentioned above to break into computers. For example, by sending junk e-mail, an attacker can find computers with vulnerable versions of Microsoft Outlook or Outlook Express applications that will allow him/her to read files and execute arbitrary code on the victim machines.

Defending from Spam (Junk) E-mail

First off we need to define what E-mail spam is. E-mail spam usually pertains to unsolicited commercial messages sent in bulk by people you don't know (synonym - junk e-mail).

Some spammers will argue that email spam is not any different than traditional junk mail, but there is one undeniable difference...cost. The cost of sending junk mail through conventional means is very real, including postage costs paid by the sender. The cost of sending email spam is very small, and people other than the sender pay most of the costs. ?

We will use the Microsoft Outlook feature – Message Filter. To start the message filter click Tools then choose Rules Wizard (examples are for Microsoft Outlook 2002 running on Windows XP. There is the same procedure for Microsoft Outlook running on Windows NT and Windows 2000):

Computer Security and Identity Theft Prevention: Anti Hacking School Lesson 2

You will now see a window like this one. Click the button that says New.

When this screen comes up make sure the first option that says Check Messages When they Arrive is selected, than click Next.

On this screen you specify the conditions you want Outlook to check for in messages. You can decide to filter out all messages that come from specific addresses (usually spam/junk e-mail comes from one time sender), or contain specific words in the message header or the message body. We will configure our e-mail filter to look for specific words in the subject.

On this screen choose the option that reads With Specific Words in the Subject or Body, and than click the link that reads Specific Words, indicated below with a red arrow:

Click the Add button:

Now type the word(s) you want the Outlook Message Filter to look for. These words can be:

ACCEPT CREDIT CARDS

Find Information About Anyone

We GUARANTEE response

BUILD A BUSINESS

Hidden Secrets About Your Neighbors

bad credit

INTERNET SPY

Millions Grew Younger 10 to 20 Years

Pay off everything

Million Potential Buyers

ANYTHING ABOUT ANYONE

UNIVERSITY DIPLOMAS

SATELITE T.V. SYSTEM and so on

Now your screen should look like the one below, click Next to continue:

On this screen you will choose what you are going to do with e-mail that contains words you’ve specified on the previous step.

We will choose the option that reads Move it to the Specified Folder and then click the link at the bottom that reads Specified indicated with a red arrow. On the next screen click New and fill in the name of the folder as SPAM and click OK.

Finally, your screen should now look like this. Click Next.

On this screen you can specify any exceptions you want to apply to the rule.

If you want to apply the exception, click on the link and fill in the exception list (the same way we did for the previous links). Click Nex and click Finish to save your changes.

You will now see that your filter is active. Click OK to close the window.

You may choose to use other options of the Message Filter. Be creative, try different options, and don’t forget to periodically review and delete all messages in the SPAM folder!

Happy e-mailing! See you at my next lesson.

Regards,

Boris Loza