English has two distinct words "hack". By far the
older, cut savagely or randomly [Old English], goes back via Old English
"haccian" to a prehistoric West Germanic *khak-, also reproduced in German "hacken" and Dutch "hakken". It perhaps originated in imitation of the sound of chopping. "Hack", "worn-out horse" is short for "hackney" (as in "hackney carriage"), a word in
use since the 14th century in connection with hired horses. It is thought that this may be an adaptation of the name of Hackney, now an inner-London borough but once a village on the north-eastern outskirts of the capital where horses were raised before being taken into the city for sale or hire. Most rented horses being past their best from long and probably ill usage, "hackney" came to mean "broken-down horse" and hence in general drudge. This quickly became re-specified to "someone who writes for hire, and hence unimaginatively", which influenced the development of "hackneyed trite".
The modern sense of hacker, "someone who gains unauthorized access" [sic sic] to computer records, comes from a slightly earlier "one who works like a hack" - that is, very hard - at writing and experimenting with software.
- Dictionary of Word Origins, Bloomsbury Publishing Limited, London
The Hacker Trail
Amit SinghIntel Lab Document ILD0002
Indian Institute of Technology
New Delhi, India.
October 4, 1998
So that's a hacker
That's a piece of etymology for you, but as should be painfully noticed, the popular connotation of "hacker" is that of a digital criminal (and there I go again harping a clichéd tune - stubbornly digressing on the difference between a hacker and a cracker) ... Linus Torvalds is one of the ablest (known) hackers, and so is Prof Richard M Stallman, but I don't think they gain unauthorized access to computer records for breakfast. Huh.
The Internet, and related concepts, like the Cyber-world (sic), have given rise to cultures that our ancestors would have deemed incredible. Regardless of the usual racial / national / other differences, the Internet binds an overflowing number of people into the culture of the Net, among other things. Languages have yielded, with immense flexibility, and Net versions of them have evolved. In "Internet English", we have words like "hacker" and "cracker", and also like "wannabe" (or "wannabie"), "newbie", "script kiddy" and more! A place like IIT-D is just the right one to house vastly varying specimens of Cyber-Cultural beings. It is perhaps intellectually illuminating to look around oneself, and share views - views on people and their actives. Perhaps such a look-around also belongs in the agenda of a student of human psychology, but let's not get carried away. This document consists of some reflections on "newbies", "wannabies" and "crackers" inhabiting the Intel Lab (note that I do not wish to reflect on "hackers", simply because there are not many, if any, amongst us as of now). If this documents makes you more aware of your surroundings, both animate and inanimate, then the purpose is achieved. At this point, if you are worrying about the meaning of the terms I cited above, here are succinct definitions: a "newbie" is someone who's new to some aspect of computers (for example, a Linux newbie). A "wannabe" is someone who's trying his best to behave like a hacker, but isn't, yet. A "script kiddy" is someone who cracks using code written by others, often not even understanding a word of it. It may not come as a surprise that our Department has abundance of these kind of guys, and more.
As a volunteer for the betterment of computing facilities in the Department, I have often expressed my sentiments on hacking, and here they are again (yet again - sic): I believe that hacking is a commendable (not condemnable) and sophisticated activity, and even defeating the security of a system, which is certainly not exactly synonymous with hacking, is not bad, or wrong. It is the approach to hacking, the attitude, that makes all the difference. The computing world needs hackers - they are its most precious entities, at least as, if not far more important than the mighty Microsoft Corporation.
Let me give you an example (few of them, actually). A couple of years back, while I was working in the CSC, a CS student a year junior to me noticed that I was constantly leaving my seat and going over to talk to Harmanjit Singh, who was sitting a few rows away. The guy took his chance, and promptly created a .rhosts file with a "+ +" entry in my home directory. From Harman's terminal, where I was proving a point to Harman from within my account, I noticed the newly created .rhosts. I deleted the file as Harman pulled my leg on being a victim. Seconds later, the file was there again. Inflamed, I turned back to see a sheepish looking fellow slipping away. "Hold on a second, mister", I yelled, and the guy stopped. Needless to say, I gave him a piece of mind, and sincerely explained to him that it is perfectly all right to hack, but this activity was nothing short of a downright nauseating theft - a breach of trust - someone who's left his terminal for a minute obviously trusts the unseen guys around him, and this usually works out well. It appeared to me that the guy had understood me, and appreciated my point, perhaps. A few years later, today, the guy proved me wrong. Damn. As a senior year CS undergraduate, he does the shameful act of stealing the accounts of his batch mates, not by exceptional technical wizardry, but by a dirty trick. Here's how: the guy would look for terminals that users have left unattended - he would quickly go over, and from the victim's account, create a copy of the shell (say, /bin/sh) in his own account, where he's got a hidden but writeable directory. Then he would chmod the shell to be setuid. Thereafter, he just has to run that shell to access the victim's files. Sic. Sic. Sick! Oh yes, I have noted that sometimes our professors also leave their terminal unattended when they login at one of the Intel Lab computers (for a print-out, say). Why would he do that? Ask him, not me. But isn't it obvious that if the guy doesn't feel like doing, or cannot do an assignment, then he need not even request a "friend" for a copy of the assignment? He can always steal things himself, and pretend to be self-dependent all along. Etc. Well, he's got more than a dozen (I didn't count, really) such accounts. What's more, he's even got my suid shell (I would have killed you, boy, but I've turned ascetic as I'm leaving this place :-). Watch out, he may be your best friend.
This was an example of digital theft, that the guy, and others, would project as "hacking". It isn't. No way. Then there's the problems created by script kiddies. Wannabe hackers keep downloading code from the Net, code that demonstrates a vulnerability in the system, and possibly gains root. The only points that I would like to make are that:
- Doesn't it hurt your self-respect that you claim to be hacking, but in effect you are just running someone else's code blindly? Do you understand what the code does? Really? Are you sure?
- If you are really sure of what you are doing, then why have you left trails all over the place? Why is it possible for almost anyone to figure out what you've been trying?
Man, a hacker, or an accomplished cracker, hardly leaves trails (though all seem to get caught eventually). Practice on isolated systems till you get accomplished. Hacking is not something you learn by reading a hacking manual (if there's any) - did Mr. Tendulkar read the Illustrated Guide To Cricket?
To emphasize the "do-not-leave-any-trails" maxim, here's a brand
new example (real-life, of course). A guy just gained root privileges on an Intel Lab computer, and as is the tradition, he wanted to plant a setuid shell somewhere. In the course of his actions, he did a su to root (no, he did not have the root password, but he replaced /etc/passwd on the machine temporarily so that he could su successfully). He was careful in deleting several logs, but everyone gets tired, and in his efforts, he failed to note that when one does a su, the user-ids are logged, etc. So, this nailed him. (Those who do not understand why he needed to do a su if he already had root may think more about it!).
Let me tell you something: Dr Banerjee reads log files, among other things, for
breakfast, lunch, tea and supper, and it would be kind-of hard to escape his attention, since I don't even know what all logging he's got turned-on (not much of which goes to /var/log). Failed attempts at cracking, trails big enough for the short-sighted (hey, many of us are!) to see, and related stuff constitute some of the most uncomfortable matters to deal with, in my opinion. This document is perhaps a little confusing, and certainly unstructured, hmmm ..., well, you may try running indent or cb on it, eh :) When I was new to IIT-D, I was fascinated by the concept of Computing I was introduced to (I had no background whatsoever in Computers - I had been near a PC maybe a couple of times, just like that). Four years of Computing have taught me the following: if you have to hack, hack by all means, and help others; if you have to crack, do it with finesse, and don't leave trails - nothing is so bad as to make a fool of oneself in the end. I don't know why, but I am reminded of the lines from a popular song (maybe incorrect even - is it the one by UB40?):
Every hour of, every day I'm learning more.
The more I learn, the less I know about people.
The more I know, the less I want to look around.
Digging deep for clues, on higher ground.
Thanks to those who've had the patience to read so far.
LEGALESE
This document intentionally hides the identities of the persons whose activities are discussed. It is expected that the guys in question would not deliberately cause any further technical, ethical and moral harm to computers and people around them.