Even though most technology terms are often very lame, hacker lingo is often amusing with origins in something a little more original and unique. In order to understand hackers, you must first understand the history, tools, and techniques which have paved the way for hackers.
Hacking was born in the early days of telecommunication. A hacker is considered a “phreak” if he or she manipulates or explores the software or hardware of telecommunication systems. From the fifties through to the new millennium, phreaking was not just a hobby, but a necessity for early hackers. The prices of long distance phone calls were steep, so phreaks would often manipulate the telecom companies to steal access codes and credits for more network time. These codes also served as a form of currency and may have been the inspiration for modern day crypto currencies such as Bitcoin.
Phreaking was the entry point to hacking as computers were first coming to the consumer market. Most hackers still hosted their conversations through telecom and used bulletin boards to post messages and share files. This allowed hackers to sharing secrets and connect with one another in person. Though modern telecom software is more secure today, phreaking still lives on through impersonation and manipulation of people within telecom companies. Most of the interest in modern day phreaking exists in only a “because I can” type of scenario.
Internet Relay Chat (IRC)
Entering the scene in the late eighties, and becoming very popular in the nineties, IRC quickly became the main form of communication between the early adopters of the internet. It is conceptually the same as modern day instant messaging or chat rooms, except the communication protocols and number of people involved in these chat rooms are much greater than you will find elsewhere. That statement is still true to this day, as IRC lives strong in the technical community, with popular channels still numbering in the thousands. IRC is mostly used by people in the technical industry, especially programmers and hackers.
Parsing, Ciphers and Obfuscation
Programmers rely on regular expressions (regex) to identify and parse patterns in text or other data. A regular expression allows a developer to specify a pattern and then run that pattern search over a payload and identify any matches. A simple example of this would be to say in plain English: Find me all words containing the letters “r,” “e,” “d” in that order and case. This would then match the bold characters only in the following sentence:
Fred likes go to bed after eating his bread. He also really loves the color red.
Through the development of more advanced matching formulas and algorithms, regex has evolved to become prevalent in many forms of programming, and subsequently hacking. With a more complex formula, newer information can be extracted and parsed, and machine learning algorithms can be created to start building intelligent systems that understand everything from human sentiment to hidden messages. Here is another example that matches the first letter of every word to show a hidden message:
Hello Iceland, does daytime end near morning, evening, suppertime? Suppers are good, eats.
Someone that happens across it without knowing the code might see just a weirdly formatted message perhaps dismissed as some internet troll, but shared between two people who understand the pattern, an entire subtext can be hidden. These simple ciphers are used by some of the more cryptic hackers to regularly obfuscate their communications, especially when talking through public channels. Likewise, security researches and government agencies try to create their own regex patterns to discover these “hidden in plain sight” ciphers and create smarter algorithms to decipher them.
I personally only use regex on a regular basis when it comes to scraping data from websites. Much of the data on the internet is available to digest in some way, but rarely is that data easily consumed or formatted nicely. My favorite project was for a media company that publishes daily arrest information and mugshots in a sleazy but amusing newspaper and website. This data is freely available on various county jail websites, but rarely as a database or flat files. Instead, I had to build out a scraping tool that relied heavily on regular expressions to parse different websites for the information, and then save that data to the server. Many times this involved parsing and reverse engineering many layers of obfuscation used by these government websites, as well as deciphering some of the authentication schemes and tokens used to verify that I was human.
When it comes to modern hacking, understanding psychology is almost as relevant and important as understanding hardware or software. Many attacks on individuals are executed without a single line of code or software. I define social engineering as the process of leveraging personal information about an individual with a selfish or malicious intent. Social engineering can be used for everything from resetting passwords on bank accounts to manipulating people to do what you want. Hackers see the human brain as a logical, and vulnerable system, much like a complex computer program. This allows them to use logic, reasoning and emotion to discover the weak points of an individual.
Hackers use social engineering tactics on a regular basis to gain certain privileges and advantages in everyday life. I have witnessed many situations where a hacker was able to persuade a business to give them their product or provide a service for free.
I have to admit, I am guilty of using social engineering on a regular basis, sometimes without any conscious thought. Often times it is for something harmless in everyday life. For example, when I go to a bar or club that is charging a cover, I will analyze the setting and the bouncer to ascertain what type of conversation will allow me passage for free. Many times, I have simply said, “I left my credit card at the bar” or “I already paid, I just came outside to have a smoke” and been ushered in without a second look. Most people do not attempt such simple things either because they are bound morally or they do not think about manipulating people and situations in this way.
Darknet is the underbelly of the publicly accessible internet. Akin to the tip of an iceberg, public domains and networks only account for a small percentage of the entire internet. Most servers, networks, and machines live unlisted and anonymous. A portion of this network is mapped out with private addresses and comprises what many call the “dark web” or “darknet.” It is here that the hackers, gangsters and black market traders roam freely under a cloak of anonymity. Many people come here to share secrets, buy and sell on the black market, hire hackers or assassins, and many other dark things. Stolen credit cards or user identity are one of the most common goods sold. Most crackers have no interest in executing further attacks on the victims, instead, they sell this data to others who may have a specific agenda or operation established. Some buyers seek out user authentication databases to test the same email address and password on other services. Others may be interested in using stolen data for extortion. Surprisingly, there are even a large amount of legitimate businesses that purchase data on the black market to send spam emails to try and sell a product or service.