Hackers, crackers, phreakers

You: Who are computer hackers?

Bot: Let me disagree with that. The fact is that initially, at the dawn of the computer era, the concept of a hacker had a completely different meaning. This was the name given to enthusiasts who had a great understanding of programming and the principles of functioning of computer systems. These were people who enjoyed exploring and empowering the new computer world. And Steve Jobs and Steve Wozniak, before the onset of the Apple era, jointly created a device that allowed free phone calls.

Hackers. They are treated differently, but more often with respect or even fear. New high-profile cases are attributed to the work of legendary hackers. Hacker x stole one hundred thousand dollars from a large bank. Hacker x illegally took possession of secret documents valued at several million dollars. The x hacker team has created and spread a new virus on the Internet that allows you to gain full access to the infected host or computer.

A hacker (from the English. Hack to cut) is an extremely qualified it-specialist person who understands the very depths of the work of computer systems. Now hackers are very often confused with computer crackers (from the English Crack breaking), this use of the word hacker is incorrect.

And finally, the smallest, but the most dangerous in terms of the scale of damage caused, are professional crackers. Professionals hack computer systems with the specific purpose of stealing or replacing information. This is always done for a selfish purpose, often the burglar executes the order from the outside. So, with their help, unscrupulous businessmen deal with competitors. This is how industrial and conventional espionage works. This is how panic is organized on the stock exchange. Consider the recent case of false reports of Barack Obama being injured following the hacked associated press Twitter account. Such attacks already require coordinated action by a group of executors.

The methods of attacks of pro-government groups are more and more sophisticated acting together with they come up with more and more complex moves. If intelligence is interested in a specific person, they can establish for outdoor surveillance and a circle of new acquaintances. And write a letter from a new friend. A person will open it, being sure that he knows the recipient and the links. The device will be infiltrated by spyware capable of spying, recording audio and infecting other computers with them.

Who exactly is a hacker named guccifer 2. 0 (guccifer 2. 0) is not known for certain. Perhaps this is one person or maybe a group of people. Some believe that the hacker Guchchifer 2.0 who carried out the cyberattack is just an attempt by the Russian special services to divert attention from their involvement in the hacking. However, after the research, it was proved that the guuchifer is not a Russian at all, but a Romanian.

Originally, the slang word to hack appeared. It meant the process of making changes on the fly to your own or someone else's program (it was assumed that the source code of the program is available). The verbal noun hack signified the results of such a change. It was considered a very useful and worthy thing not only to inform the author of the program about the error, but to immediately offer him a hack that fixes it. The word hacker originally came from here.

You: Tell us more about computer hackers - crackers?

Bot: The most famous (largely thanks to viruses and also to some journalists) and I must say the smallest part of crackers. Their main goal is to hack the system, followed by destruction and destruction. These include, firstly, fans of commands like rm -rf / del *. * format c: / u, etc. And secondly, experts in writing viruses or horses. It is only natural that the entire computer world hates vandal-cracker with fierce hatred.

The hacker is an unsociable computer hermit monk. It's not like that at all. As the interviews with hackers conducted by a student of the Faculty of Psychology of Moscow State University have shown, not all hackers are unsociable and have difficulty in communicating. A significant part of hackers have sufficiently developed social skills; they readily enter into direct and indirect communication.

A hacker can do anything. First, a hacker is always limited by the capabilities and availability of computer programs. Secondly, the hacker is limited by his own knowledge and skills. You can improve in this area all your life.

Fortunately, not all crackers are such inveterate and self-serving villains either. Among them, there are often just people with a peculiar sense of humor. Perhaps now even the majority. It is to them that we owe the appearance of funny pictures on the main pages of reputable sites. Or inscriptions by type.

Usually they do not cause important damage (except moral). Today on the internet this is the most widespread class of crackers who, by hacking into web servers, leave memories of themselves there. This also includes the creators of viruses with different visual and sound effects (music shaking the image on the screen, drawing all sorts of pictures, etc.). All this is, in principle, either innocent ventures of beginners or promotions of professionals.

Vandal crackers are much more troublesome. The behavior of this kind of crackers resembles a bully, proudly displaying an indecent word on a freshly painted wall. They are so self-asserting. The purpose of penetration for them is an attempt to deliver maximum trouble to the victim of the attack, up to the destruction of the system. Most often, beginners do this when they try their hand for the first time.

Teenagers (schoolchildren and students) who are passionate about information technology and possibly those who belong to the above varieties.

Robin Good, a hero who returns informational values ​​taken from them to informationally disadvantaged people.

You: Who are phreakers?

Bot: There are different opinions. There are people who think that phreakers are a subculture. I do not think so. Most of them correctly state that phreakers are a kind of hackers. These people know how to hack electronic systems and gain access to money and free calls from mobile phones. For this, after all, they hack into payphones, mobile phone networks.

If after reading this article you decided to become a phreaker, think you need it. If your motivation is earnings, then there are many other simpler and safer ways to earn a living. Well, if it's a thrill for you, then stop climbing porn sites and aninstal favorite toys. You will need to read a lot of materials on telecommunications, make friends with a soldering iron and master the almost forgotten word assembler. Read more, think, analyze, experiment. Go to the market and buy a peak there and learn how to program them and write programs for them (you still don't know what that is.). Buy or find Goldstein's books on the Internet, this uncle could explain the device of telephony operating in the CIS in simple and accessible language. Studying the iso7816 standard, almost all modern smart cards work on its basis. On the net you will always find people connected in one way or another with phreaking. Try to show them your skills and ask what they do.

In general, countering phreakers is a useless exercise. The cost of capturing a phreaker is commensurate with the losses incurred. IMHO the only sure way to reduce the number of telephone fraud is price policy regulation. When cdma was introduced, using the amps scanner became meaningless. Why risk it when cdma is practically a free service. IP-telephony appeared, making calls became cheaper and the number of illegal call points decreased markedly.

In Russia, such devices refused to work because K. They were locked under the SIM cards of the operator carrying out a preferential sale-action. After certain manipulations with the phone, the phreaker could make the phone accept any SIM cards. This is called an unlock and many are now doing just that. The original price of the unlock was up to 50 per piece, now it has dropped to 50 cents.

You: What do radio amateurs do?

Bot: Trying to understand which often leads to mental disability. In this case, the scheme will work clearly to perform the impossible and it will be possible to break it only with a hammer. All three parts will be used to their fullest, even their parasitic parameters will work for the good. For the sake of sports interest, he solves brain-carrying tasks that he does not really need in order not to lose qualifications. This is the only thing that makes him related to a radio amateur. Able to solve any problems, if necessary, by bombing the first electronic device that comes to hand as a donor. If he is not at hand, he can synthesize semiconductors in the kitchen with his bare hands. The elegance and simplicity of its solutions can be envied. They are in that life period when they do not need to prove anything to anyone and defend their place at the soldering iron. These are the alpha males of electronics. They are so cool that they don't even need to lead a herd of radio amateurs. When they appear and the first phrases, everyone already feels like shit. Local gurus longingly phalomorphize and take their own lives with a high-voltage discharge. Their decisions supertruj rarely explain this to them bored than add fuel to the fire. When you try to modernize his product, it stops working, which makes everyone shit with bricks in an attempt to understand what is wrong and what it is all about. Over time, his products become religion. Where it is necessary to do only from labor materials according to labor wills. Where the word guru is not analyzed but only honored and new facets are sucked from the finger. But the average radio amateur does not need to worry a little. Such encounters are no more frequent than encounters between polar bears and monkeys. For 5 is the second level. Their traces in tyrnets occur with the same frequency.

Let people do what they love. And what about collectives is correct, more of them need to be created through them, young people will come to the square. But why does a person need his own callsign. What's the difference. The main thing is the opportunity to work and what callsign does not matter. Vanity. This will be your name on qsl.

You: Computer Security & Penetration Tests

Bot: By order of a private organization, an agreement was concluded to conduct a penetration test of the infrastructure of the aforementioned organization. The study was carried out from the office of an expert institution using an external ip-address. During testing, at the first stage, the types of equipment used were identified using the router scan and nmap software. The service for this pool is delivered according to the adsl standard. This communication standard is outdated and carries a threat of denial of service. However, the use of this communication standard for the backup channel is acceptable. As a result of the analysis, port 9091 was found open via the tcp protocol. No other open resources have been identified. Other ports have the status of closed filtered or openfiltered, which makes their further use in penetration testing impractical. The identification of the services used on the ip-addresses provided by the customer has not been performed since the tested infrastructure is of a closed nature. The armitage tool and the metasploit vulnerability database were used to ensure complete penetration testing and vulnerability analysis. During the verification, no vulnerabilities were identified on the customer's resources.

Most industry standards specify the minimum frequency of penetration testing. For example pci dss regulates their conduct every six months. In addition to periodic checks, penetration tests will be re-run after any significant changes to the IT infrastructure. The network topology has changed. We switched to the equipment of another vendor. Migrated to a new wasp. Have connected.

Well, if so, accept my apologies. The article is really good plus I put it, I even wanted to test it, but I have all routers under openwrt. Usually, there are almost no author's good articles, and if there is little that reaches the top. I started writing about 3 years ago. It takes a lot of time and a shit will be doused. Publish on habr :).

Now any system administrator should be able to conduct a full-fledged security testing in an amicable way. One vulnerability scanner is not enough for this. To dive deeply into working with nmap openvas metasploit, etc. is not at all interesting for an ordinary administrator.