Related
Recommended

Hacking For Regular IT People - Why Do We Hack?

networkcanuck
4 minute read time

Previously, I discussed the origins of the word “hacking” and the motivations around it from early phone phreakers, red-boxers, and technology enthusiasts.

Today, most hackers can be boiled down to Black Hats and White Hats. The hat analogy comes from old Western movies, where the good guys wore white and the bad guys wore black. Both groups have different reasons for hacking.

Spy vs. Spy

The White Hat/Black Hat analogy always makes me think of the old Spy vs. Spy comic in Mad Magazine. These two characters—one dressed all in white, the other all in black—were rivals who constantly tried to outsmart, steal from, or kill each other. The irony was that there was no real distinction between good or evil. In any given comic, the White Spy might be trying to kill the Black Spy or vice versa, and it was impossible to tell who was supposed to be the good guy or the bad guy.

Black Hat hackers are in it to make money, pure and simple. There are billions of dollars lost every year to information breaches, malware, cryptoware, and data ransoming. Often tied to various organized crime syndicates (think Russian Mafia and Yakuza), these are obviously the “bad guys” and the folks that we, as IT professionals, are trying to protect ourselves and our organizations from.

The White Hats are the “good guys," and if we practice and partake in our own hacking, we would (hopefully) consider ourselves part of this group. Often made up of cybersecurity and other information security professionals, the goal of the White Hat is to understand, plan for, predict, and prevent the attacks from the Black Hat community.

Not Always Black or White

There does remain another group of people whose hacking motivations are not necessarily determined by profit or protection, but instead, are largely political. These would be the Gray Hats, or the hackers who blur the distinction between black and white, and whose designation as “good or bad” is subjective and often depends on your own point of view. As I mentioned, the motivation for these groups is often political, and their technical resources are frequently used to spread a specific political message, often at the expense of a group with an opposing view. They hack websites and social media accounts, and replace their victims’ political messaging with their own.

Groups like Anonymous would fall into this category, the Guy Fawkes mask-wearing activists who are heavily involved in world politics, and who justify their actions as vigilantism. Whether you think what they do is good or not depends on your own personal belief structure, and which side of the black/white spectrum they land on is up to you. It’s important to consider such groups when trying to understand motivation and purpose, if you decide to embark on your own hacking journey.

What’s in It for Us?

Because hacking has multiple meanings, which approach do we take as IT pros when we sit down for a little private hacking session? For us, it should be about learning, solving problems, and dissecting how a given technology works. Let’s face it: most of us are in this industry because we enjoy taking things apart, learning how they work, and then putting them back together. Whether that’s breaking down a piece of hardware like a PC or printer, or de-compiling some software into its fundamental bits of code, we like to understand what makes things tick, and we’re good at it. Plus, someone actually pays us to do this!

Hacking as part of our own professional development can be extremely worthwhile because it helps us gain a deep understanding of a given piece of technology. Whether it is for troubleshooting purposes, or for a deep dive into a specific protocol while working toward a certification, hacking is one more tool you can use to become better at what you do.

Techniques you use in your everyday work may already be considered “hacks." Some tools you may have at your disposal may potentially be the same tools that hackers use in their daily “work." Have you ever fired up Wireshark to do some packet capturing? Used a utility from a well-known tool compilation to change a lost Windows password? Scanned a host on your network for open ports using NMAP? All of these are common tools that can be used by the IT professional to accomplish a task, or a malicious hacker trying to compromise your environment.

As this series continues, we will look at a number of different tools—both software and hardware—that have this kind of utility, and how you can use these in a way that will improve your understanding of the technology you support, as well as developing a respect for the full spectrum of hacking that may impact your business or organization.

There are some fun toys out there, but make sure to handle them with care.

As always, "with great power comes great responsibility." Please check your local, state, county, provincial, and/or federal regulations regarding any of the methods, techniques, or equipment outlined in these articles before attempting to use any of them, and always use your own private, isolated test/lab environment.

  • There are lots of hackers available online who promise to hack any digital machine. But most of these hackers are not reliable and I suggest everyone not be in their trap.

    If you are searching for spying on any digital device, you can do it by some famous software installations. Get some knowledge about them from flexispy review, which is monitoring software. For any questions and suggestions, you can comment here. 

  • Hey tallyrich, thanks for taking the time to read and comment. I absolutely agree that the term "hacking" has various meanings for different people. I outline this in the first post of this series Hacking for Regular IT People - History and Origins. I hope you have a chance to check that one out as well and comment. Thanks for the feedback!

  • I have read on multiple occasions from multiple sources that the correct term is "crackers". Hacker is defined in RFC 1392: Internet Users' Glossary:

    hacker

      A person who delights in having an intimate understanding of the

      internal workings of a system, computers and computer networks in

      particular. The term is often misused in a pejorative context,

      where "cracker" would be the correct term. See also: cracker.

    cracker

      A cracker is an individual who attempts to access computer systems

      without authorization. These individuals are often malicious, as

      opposed to hackers, and have many means at their disposal for

      breaking into a system. See also: hacker, Computer Emergency

      Response Team, Trojan Horse, virus, worm.

  • Words mean different things to different people. If you are with a group of security professionals hacking can mean the "bad guys" trying to get into your network or what you do on the inside of your network to research what is possible and fix/mitigate what you find. However, used in general conversation with less technical people I'd guess that most of them would immediately go to the bad connotation. It's always best to keep your audience in mind when you are speaking/writing. To that end I would guess that most of us here understand the context.

    Unfortunately I would imagine that many of us stay so busy that we don't do as much "hacking" as we should and that is a part of the reason that we get caught by vulnerabilities so often. (speaking in generalities) With a little research one will find that infections or intrusions often happen via exploits that have been out with patches available for many years. For example I remember an SQL issue that shut down many businesses across the country some 10 or so years ago. The patch had been published many months earlier, but at that time SQL patching seemed daunting to many so it got neglected. People were busy, etc. Fortunately patching for just about everything has gotten easier - which is a double edged sword - easy patching leads to more things being patched and kept up to date, Yeah, but it also leads to complacency in that we rely too much on the "tool" and just expect it to be working. What was that last version of ransomware? How many people got caught by that - even though the patch was released a couple of months earlier?

    Point is this article highlights some things that we need to keep in mind and make sure we are diligently, and regularly checking for issues.

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.