The glory days of hacking have ended. Once upon a time, clever amateurs roamed the Internet taking down The Man - scoring free long distance, r00ting gov servers, phreaking and cracking and hacking. But the landscape has changed. More than ever, there is money to be made on the Internet. More than ever, people are working to protect their investments in the Internet. Not to say big business doesn't still get hacked all to hell - but it's gotten a lot harder. The stakes are higher. Hacking has turned pro.

Which leaves the script kiddies, those seeking vengeance, and the plain bored looking for something to pass the time. How do I make an impact on the 'Net?

The Internet is a castle made of sand. We all live in it. It was never made for this. It's central infrastructure, it's protocols, it's hardware and software, was never constructed to withstand the pounding from over 8 million full time nodes, and more users than can realistically be counted.

So it is easy - it is painfully easy - to wreak havoc, to disrupt and destroy, to throw a net.tantrum. It's called a DoS - Denial of Service attack. I don't like you. You insulted me, or your company made a product that is better than mine, or I heard from a friend that you don't like cats, so I want to hurt your business. Simple, just launch a fraggle, smurf, pepsi, boink, bonk, teardrop, ping of death, or winnuke at your servers. See ya, wouldn't want to be ya.

The tools have stupid names, but the results are not frivolous. They can, and do, cost companies millions of dollars in measurable downtime and data loss. Perhaps there is elegance in the simplicity of the attacks, if art can be found in breaking things, but the complications, moral and ethical and structural and personal, extend beyond the act itself - why, just like art.

Before I start talking about the attacks, let me refresh you on the basics. Real fast now, don't worry, I won't geek out on you too much. We all talk on the Internet using the Internet Protocol (IP). On top of IP, we use either the Transmission Control Protocol (TCP/IP), or the User Datagram Protocol (UDP/IP). Both have similar parts, namely, they identify:

  1. The host that the data is going to (Destination Address)
  2. The host that the data came from (Source Address)
  3. The port that the data is going to (WWW, email, FTP, etc)

Remember that I said they identify. They don't authenticate. They do not prove that the packet you receive came from where it says it did. When I send you a web page that looks like it came from Microsoft, that's known as spoofing. Happens all the time. You never find out who actually sent you the web page. If you aren't careful, you never notice that the page isn't legitimate. Sucks to be you.


OK, I explained how these things work. If you aren't quite sure how to write a program that will build these packets, have no fear. There are plenty of places out there on the Internet that will provide you with an easy to run program that will do it for you. Just download, install, and run, run, run.

And who wrote these programs? Some of them are criminals. A very few are old school hackers who miss the glory days. Most of them are people who, as coincidence has it, provide some product that will protect you against the script that they wrote. If 12 year olds the world over are running their script against you, then maybe you will buy the product to protect yourself.

I told you. The landscape has changed. Hacking has turned pro.

5 Links To Make You Think
  1. The China Matrix
  2. The Artchive
  3. Christy's Garden of History
  4. ISS's X-Force
  5. People for the Ethical Treatment of Software