Hacking the Hacker
eBook - ePub

Hacking the Hacker

Learn From the Experts Who Take Down Hackers

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Hacking the Hacker

Learn From the Experts Who Take Down Hackers

About this book

Meet the world's top ethical hackers and explore the tools of the trade

Hacking the Hacker takes you inside the world of cybersecurity to show you what goes on behind the scenes, and introduces you to the men and women on the front lines of this technological arms race. Twenty-six of the world's top white hat hackers, security researchers, writers, and leaders, describe what they do and why, with each profile preceded by a no-experience-necessary explanation of the relevant technology. Dorothy Denning discusses advanced persistent threats, Martin Hellman describes how he helped invent public key encryption, Bill Cheswick talks about firewalls, Dr. Charlie Miller talks about hacking cars, and other cybersecurity experts from around the world detail the threats, their defenses, and the tools and techniques they use to thwart the most advanced criminals history has ever seen. Light on jargon and heavy on intrigue, this book is designed to be an introduction to the field; final chapters include a guide for parents of young hackers, as well as the Code of Ethical Hacking to help you start your own journey to the top.

Cybersecurity is becoming increasingly critical at all levels, from retail businesses all the way up to national security. This book drives to the heart of the field, introducing the people and practices that help keep our world secure.

  • Go deep into the world of white hat hacking to grasp just how critical cybersecurity is
  • Read the stories of some of the world's most renowned computer security experts
  • Learn how hackers do what they doā€”no technical expertise necessary
  • Delve into social engineering, cryptography, penetration testing, network attacks, and more

As a field, cybersecurity is large and multi-facetedā€”yet not historically diverse. With a massive demand for qualified professional that is only going to grow, opportunities are endless. Hacking the Hacker shows you why you should give the field a closer look.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Hacking the Hacker by Roger A. Grimes in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2017
Print ISBN
9781119396215
eBook ISBN
9781119396222
Edition
1
Topic
Computer Science
Subtopic
Cryptography
Index
Computer Science

1
What Type of Hacker Are You?

Many years ago, I moved into a house that had a wonderful attached garage. It was perfect for parking and protecting my boat and small RV. It was solidly constructed, without a single knot in any of the lumber. The electrical work was professional and the windows were highā€quality and rated for 150 mph winds. Much of the inside was lined with aromatic red cedar wood, the kind that a carpenter would use to line a clothing chest or closet to make it smell good. Even though I canā€™t hammer a nail straight, it was easy for me to see that the constructor knew what he was doing, cared about quality, and sweated the details.
A few weeks after I moved in, a city official came by and told me that the garage had been illegally constructed many years ago without a permit and I was going to have to tear it down or face stiff fines for each day of nonā€compliance. I called up the city to get a variance since it had been in existence for many years and was sold to me as part of my housing purchase. No dice. It had to be torn down immediately. A single day of fines was more than I could quickly make selling any of the scrap components if I took it down neatly. Financially speaking, the sooner I tore it down and had it hauled away, the better.
I got out a maul sledge hammer (essentially a thick iron ax built for demolition work) and in a matter of a few hours had destroyed the whole structure into a heap of wood and other construction debris. It wasnā€™t lost on me in the moment that what had taken a quality craftsman probably weeks, if not months, to build, I had destroyed using my unskilled hands in far less time.
Contrary to popular belief, malicious hacking is more maul slinger than craftsman.
If you are lucky enough to consider a career as a computer hacker, youā€™ll have to decide if youā€™re going to aspire to safeguarding the common good or settle for pettier goals. Do you want to be a mischievous, criminal hacker or a righteous, powerful defender? This book is proof that the best and most intelligent hackers work for the good side. They get to exercise their minds, grow intellectually, and not have to worry about being arrested. They get to work on the forefront of computer security, gain the admiration of their peers, further human advancement in the name of all that is good, and get well paid for it. This book is about the sometimes unsung heroes who make our incredible digital lives possible.

NOTE

Although the terms ā€œhackerā€ or ā€œhackingā€ can refer to someone or an activity with either good or bad intentions, the popular use is almost always with a negative connotation. I realize that hackers can be good or bad, but I may use the terms without further qualification in this book to imply either a negative or a positive connotation just to save space. Use the whole meaning of my sentences to judge the intent of the terms.

Most Hackers Arenā€™t Geniuses

Unfortunately, nearly everyone who writes about criminal computer hackers without actual experience romanticizes them all as these uberā€smart, godā€like, mythical figures. They can guess any password in under a minute (especially if under threat of a gun, if you believe Hollywood), break into any system, and crack any encryption secret. They work mostly at night and drink copious amounts of energy drinks while littering their workspaces with remnants of potato chips and cupcakes. A school kid uses the teacherā€™s stolen password to change some grades, and the media is fawning on him like heā€™s the next Bill Gates or Mark Zuckerberg.
Hackers donā€™t have to be brilliant. Iā€™m living proof of that. Even though Iā€™ve broken into every single place where Iā€™ve ever been hired to do so, Iā€™ve never completely understood quantum physics or Einsteinā€™s Theory of Relativity. I failed high school English twice, I never got higher than a C in math, and my grade point average of my first semester of college was 0.62. That was composed of five Fs and one A. The lone A was in a water safety class because I had already been an oceanfront lifeguard for five years. My bad grades were not only because I wasnā€™t trying. I just wasnā€™t that smart and I wasnā€™t trying. I later learned that studying and working hard is often more valuable than being born innately intelligent. I ended up finishing my university degree and excelling in the computer security world.
Still, even when writers arenā€™t calling badā€guy hackers superā€smart, readers often assume they are because they appear to be practicing some advanced black magic that the rest of the world does not know. In the collective psyche of the world, itā€™s as if ā€œmalicious hackerā€ and ā€œsuper intelligenceā€ have to go together. Itā€™s simply not true. A few are smart, most are average, and some arenā€™t very bright at all, just like the rest of the world. Hackers simply know some facts and processes that other people donā€™t, just like a carpenter, plumber, or electrician.

Defenders Are Hackers Plus

If we do an intellectual comparison alone, the defenders on average are smarter than the attackers. A defender has to know everything a malicious hacker does plus how to stop the attack. And that defense wonā€™t work unless it has almost no endā€user involvement, works silently behind the scenes, and works perfectly (or almost perfectly) all the time. Show me a malicious hacker with a particular technique, and Iā€™ll show you more defenders that are smarter and better. Itā€™s just that the attacker usually gets more press. This book is an argument for equal time.

Hackers Are Special

Even though I donā€™t classify all hackers as superā€smart, good, or bad, they all share a few common traits. One trait they have in common is a broad intellectual curiosity and willingness to try things outside the given interface or boundary. They arenā€™t afraid to make their own way. Computer hackers are usually life hackers, hacking all sorts of things beyond computers. They are the type of people that when confronted with airport security are silently contemplating how they could sneak a weapon past the detectors even if they have no intention of actually doing so. They are figuring out whether the expensive printed concert tickets could be easily forged, even if they have no intention of attending for free. When they buy a television, they are wondering if they can access its operating system to gain some advantage. Show me a hacker, and Iā€™ll show you someone that is questioning status quo and exploring at all times.

NOTE

At one point, my own hypothetical scheme for getting weapons past airport security involved using lookā€alike wheelchairs with weapons or explosives hidden inside the metal parts. The wheelchairs are often pushed past airport security without undergoing strong scrutiny.

Hackers Are Persistent

After curiosity, a hackerā€™s most useful trait is persistence. Every hacker, good or bad, knows the agony of long hours trying and trying again to get something to work. Malicious hackers look for defensive weaknesses. One mistake by the defender essentially renders the whole defense worthless. A defender must be perfect. Every computer and software program must be patched, every configuration appropriately secure, and every endā€user perfectly trained. Or at least that is the goal. The defender knows that applied defenses may not always work or be applied as instructed, so they create ā€œdefenseā€inā€depthā€ layers. Both malicious hackers and defenders are looking for weaknesses, just from opposite sides of the system. Both sides are participating in an ongoing war with many battles, wins, and losses. The most persistent side will win the war.

Hacker Hats

Iā€™ve been a hacker my whole life. Iā€™ve gotten paid to break into places (which I had the legal authority to do). Iā€™ve cracked passwords, broken into networks, and written malware. Never once did I break the law or cross an ethical boundary. This is not to say that I havenā€™t had people try to tempt me to do so. Over the years, Iā€™ve had friends who asked me to break into their suspected cheating spouseā€™s cellphone, bosses who asked me to retrieve their bossā€™s email, or people who asked to break into an evil hackerā€™s server (without a warrant) to try to stop them from committing further hacking. Early on you have to decide who you are and what your ethics are. I decided that I would be a good hacker (a ā€œwhitehatā€ hacker), and whitehat hackers donā€™t do illegal or unethical things.
Hackers who readily participate in illegal and unethical activities are called ā€œblackhats.ā€ Hackers who make a living as a whitehat but secretly dabble in blackhat activities are known as ā€œgrayhats.ā€ My moral code is binary on this issue. Grayhats are blackhats. You either do illegal stuff or you donā€™t. Rob a bank and Iā€™ll call you a bank robber no matter what you do with the money.
This is not to say that blackhats canā€™t become whitehats. That happens all the time. The question for some of them is whether they will become a whitehat before having to spend a substantial amount of time in prison. Kevin Mitnick (https://en.wikipedia.org/wiki/Kevin_Mitnick), one of the most celebrated arrested hackers in history (and profiled in Chapter 5), has now lived a long life as a defender helping the common good. Robert T. Morris, the first guy to write and release a computer worm that took down the Internet (https://en.wikipedia.org/wiki/Morris_worm), eventually became an Association for Computing Machinery Fellow (http://awards.acm.org/award_winners/morris_4169967.cfm) ā€œfor contributions to computer networking, distributed systems, and operating systems.ā€
Early on the boundary between legal and illegal hacking wasnā€™t as clearly drawn as it is today. In fact, most early illegal hackers were given superhero cult status. Even I canā€™t help but be personally drawn to some of them. John Draper (a.k.a. ā€œCaptain Crunchā€) used a toy whistle from a box of Capā€™n Crunch cereal to generate a tone (2600 Hz) that could be used to steal free longā€distance phone service. Many hackers who released private information for ā€œthe public goodā€ have often been celebrated. But with a few exceptions, Iā€™ve never taken the overly idealized view of malicious hackers. Iā€™ve had a pretty clear vision that people doing unauthorized things to other peopleā€™s computers and data are committing criminal acts.
Years ago, when I was first getting interested in computers, I read a book called Hackers: Heroes of the Computer Revolution by Steven Levy. In the dawning age of personal computers, Levy wrote an entertaining tale of hackers, good and mischievous, embodying the hacker ethos. Most of the book is dedicated to people who improved the world through the use of computers, but it also covered the type of hackers that would be arrested for their activities today. Some of these hackers believed the ends justified the means and followed a loose set of morals embodied by something Levy called ā€œhacker ethics.ā€ Chief among these beliefs were the philosophies that any computer could be accessed for any legitimate reason, that all information should be free, and to distrust authority. It was a romanticized view of hacking and hackers, although it didnā€™t hide the questionable ethical and legal issues. In fact, it centered around the newly pushed boundaries.
Steven Levy was the first author I ever ...

Table of contents

  1. Cover
  2. Title Page
  3. Table of Contents
  4. Foreword
  5. Introduction
  6. 1 What Type of Hacker Are You?
  7. 2 How Hackers Hack
  8. 3 Profile: Bruce Schneier
  9. 4 Social Engineering
  10. 5 Profile: Kevin Mitnick
  11. 6 Software Vulnerabilities
  12. 7 Profile: Michael Howard
  13. 8 Profile: Gary McGraw
  14. 9 Malware
  15. 10 Profile: Susan Bradley
  16. 11 Profile: Mark Russinovich
  17. 12 Cryptography
  18. 13 Profile: Martin Hellman
  19. 14 Intrusion Detection/APTs
  20. 15 Profile: Dr. Dorothy E. Denning
  21. 16 Profile: Michael Dubinsky
  22. 17 Firewalls
  23. 18 Profile: William Cheswick
  24. 19 Honeypots
  25. 20 Profile: Lance Spitzner
  26. 21 Password Hacking
  27. 22 Profile: Dr. Cormac Herley
  28. 23 Wireless Hacking
  29. 24 Profile: Thomas dā€™Otreppe de Bouvette
  30. 25 Penetration Testing
  31. 26 Profile: Aaron Higbee
  32. 27 Profile: Benild Joseph
  33. 28 DDoS Attacks
  34. 29 Profile: Brian Krebs
  35. 30 Secure OS
  36. 31 Profile: Joanna Rutkowska
  37. 32 Profile: Aaron Margosis
  38. 33 Network Attacks
  39. 34 Profile: Laura Chappell
  40. 35 IoT Hacking
  41. 36 Profile: Dr. Charlie Miller
  42. 37 Policy and Strategy
  43. 38 Profile: Jing de Jongā€Chen
  44. 39 Threat Modeling
  45. 40 Profile: Adam Shostack
  46. 41 Computer Security Education
  47. 42 Profile: Stephen Northcutt
  48. 43 Privacy
  49. 44 Profile: Eva Galperin
  50. 45 Patching
  51. 46 Profile: Window Snyder
  52. 47 Writing as a Career
  53. 48 Profile: Fahmida Y. Rashid
  54. 49 Guide for Parents with Young Hackers
  55. 50 Hacker Code of Ethics
  56. End User License Agreement