Hacker Motivations Revisited
The true hacker is motivated by her or his de-sire to learn, to understand, to cleverly and harm-lessly outwit.
Others who use hacker techniques might do so because they have a desire to learn about their competitor's secrets; to understand why they keep getting underbid every time; or to cleverly outwit the company or individual who they feel owes them something, and enact revenge upon them.
So let's see what we have here. There is the free-thinking, computer-enthusiast hacker, the eco-nomic espionage hacker, the politico-espionage hacker, the out for revenge cracker, and finally, the hacker for hire. Most often these assorted infiltrators will have breached security with a low-level account. This is because accounts with low security clearance are the most prevalent, and many hacker tricks focus on the naive user who is more prone to having a low-level account.
The hacker for hire and the hacker spies will have target computers, perhaps even specifically-targeted people in mind. They will want to go after either a particular username/password combina-tion, or any access big enough to allow covert entry into their target's account.
Vandals and revenge hackers obviously would love to attain higher access than what they came in on, but unless they are sufficiently skilled, they will probably opt for the quick hit-and-run. That is, they will be content to break in under any password, do whatever damage is possible, send some nasty e-mail, and leave.
Probably they will continue com-ing back over and over again until they are either arrested or shut out for good. If these "hackers" do have targets in mind (like the president of the com-pany or whomever) they will most likely settle happily into whatever lower-level role they find themselves in. If they have any skills or
computer know-how though, watch out.
The true hacker may or may not want to take the hack all the way to the top. He or she may feel it is not worth the effort for the amount of work that seems necessary to increase a low system access to a higher one. This isn't giving up, it's being practi-cal. If the knowledge to be gained seems minimal or available elsewhere, there's no point in wasting time trying to get it. Or, the hacker may not feel se-cure enough in his knowledge of the computer, its users, or operating system to feel confident in his ability to achieve higher access. This is a valid feeling, and an intelligent one; if the hacker realizes he is somehow ignorant, then he can stop and do what is necessary to learn what he does not already know. If something like this comes up it's probably only a matter of research to put the hacker back on the track toward superuser status. As the hacker BrainMan put it: I know the computer will be there for a long time to come. I like hacking, but I also like exploration. Sometimes I feel I'd rather wait for another day to do the exploration, the bookwork or social engineering, that will get me into an account, and I'd rather do some real exploration of a computer right now.
Besides increasing one's status in the system, a hacker has many options to choose from once in-side. A hacker may:
• Read the documents that are available, and run the programs.
• Download files.
• Notify the system administrator of the presence of a security problem.
• Learn about the computing environment.
• See if other computers may be contacted from this one.
• Cover his ass.
Or a hacker might simply log off and never return.
If you have managed to work your way into some data that you feel might have market value, you might consider selling that data and thereby fund your next big computer purchase. I recom-mend strongly against doing so. Becoming a spy -for anyone - becomes a serious and dangerous business. It also helps to further
degrade the image of the hacker in the public's eye, and will serve only to make matters worse for hackers in the long run - and you in the short run - if you are caught.
Although most courts and CEOs would dis-agree, I personally believe that there is no harm done in reading through whatever files are on a system, so long as no one is hurt in the process. At least, I don't think reading private files is a crime any worse than hacking one's way in, in the first place. You will have to construct your
own set of ethics to guide you; I sincerely hope those ethical constraints are based firmly on the principles of the hacker ethic that both opens and closes this book. Logging off and never returning is something the more fanatic and paranoid hackers tend to do. It is akin to B & E without the E, and I can not see how they can
morally condone the "B" (breaking in) while shunning the "E" (entering). I suppose the hackers who disconnect without system interaction do it either because all that matters to them is get-ting in, or because they are intensely seared of dis-covery.
The other options I mentioned - increasing status, helping the sysops, and the learning - all require different degrees of familiarity with the computer system you have entered. Let us think about where you might find yourself, and what should you do when there.
To begin with, the account you have hacked yourself in with can be a single user account, a group account, root account, or "special account."
If it's a root account, congratulations! You now have the ability to do whatever you want. The root account is held by the system administrator (or one of several "sysadmins"). It may also be called by different names: avatar account, god account, sysadmin, superuser, demigod account, sysop ac-count, or admin. Or you may never even know you've gotten into the root until you find you can do stuff only the Computer Gods high upon Mount Input/Output should be able to do.
A "group account" is one used by many people. It might be a departmental or store account, where everyone in a particular store or department can log in under the same name/pass combo. Depend-ing on the situation' those who are of a certain rank or job may have their own shared account. For ex-ample, many companies
like to set up limited ac-counts for secretaries, typing pool or temps. Other group accounts appear in places where terminals are available to a number of employees, but where employees have differing levels of security clear-ance. Thus, all may be able to search a database, but only those who log in with a certain password can enter new data, or can change the way the da-tabase is structured.
"Special accounts" include guest or demo ac-counts that allow one to take a sneak peek before subscribing to a service. They may be testing ac-counts put in by system programmers. Special ac-counts may also take one directly to a program, rather than logging you to an operating system prompt. Programs are set up this
way for tutorial purposes, to dispense information, or so access to a particular application may be more freely available. If the account you've managed to hack is a special account, you might have to break out of it illegally and enter the operating system if you expect to in-crease your access level.
In any case, before any action can be taken you must understand what kind of access you have, what privileges you're entitled to, and how they can be exploited to your advantage. This may mean you'll need an intimate knowledge of the machine and its software. Before we can proceed there's one teeny weeny concept
you must have full compre-hension of. I've just mentioned it twice now - the operating system.
