Cracking

Summary

Cracking (also sometimes called "hacking", although this term has other meanings) is gaining unauthorised access to computers. It causes considerable damage to the confidence of those who depend on the system in question.

Mechanism

Weaknesses are often discovered in software. Sometimes security weaknesses are published before the vendor fixes or "patches" them. In some cases these weaknesses are not published at all but are used by their discoverer or associates to penetrate security. These weaknesses may be exploited via the Internet, allowing an attacker to read or alter files, or to commandeer the computer for his or her own ends.

There are many documented cases of crackers using commandeered machines with high-bandwidth connections, sometimes in military installations, to store and serve collections of digitised music or unlicensed software. Compromised machines may be used to attack others machines by spraying them with large amounts of traffic, or to send spam. There are also cases of espionage being conducted via cracked machines. [Cuckoo's Eggby Clifford Stoll, Pocket Books.]

Comment

Cracking is a very serious threat to machines which are not kept patched, and whose logs are not regularly checked for signs of unauthorised access. However the number of machines which a limited number of crackers can compromise is also limited; so this threat affects machines and the data on them more than the structure of the Internet. The incentives to protect machines against hacking fall on those who suffer if the machines are not protected.

Example Mitigations

Walled Gardens

Keep patching

Active monitoring systems

Design security into systems from start

More effort to prosecute offenders