Difference between revisions of "Re-defining and Understanding True Hacking"

From Hacker Innovation: Redefinition and Examination of Outlaw Sources of Generativity for Future Product Development Strategies (2014) by Mike Pinder
Jump to: navigation, search
(2. Computer Hobbyist Hacker (primarily hardware))
Line 135: Line 135:
 
'''Examples of Computer Hobbyist hacking by changing '''hardware''' components:'''  
 
'''Examples of Computer Hobbyist hacking by changing '''hardware''' components:'''  
  
* Product Hacking
+
* '''Product Hacking'''
 
**Musical instrument hacking ! SLABS touch pads
 
**Musical instrument hacking ! SLABS touch pads
 
***GuitarBot
 
***GuitarBot
Line 161: Line 161:
 
***Smartphone controller
 
***Smartphone controller
  
 +
'''Examples of Computer Hobbyist hacking by changing the software component:'''
 +
 +
* Mod Chip Development
 +
**TiVo
 +
**Microsoft XBOX, Sony PlayStation, Nintendo Wii
 +
** Microsoft Kinect hacking15
 +
**Nintendo Wii-mote hacking
 +
*Single Board Computers
 +
**Arduino hacking
 +
** Raspberry Pi hacking
 +
* Google Nexus Q hacking
 +
* OUYA games console hacking
 +
* Oculus Rift DK2
  
 
== Footnotes ==
 
== Footnotes ==

Revision as of 14:09, 30 August 2014

Hacker mind-sets

In order to understand the hacker mind-set and ethical underpinnings, it is vital to establish the underlying beliefs that ground attitudes towards capitalism and the wider modern economic system surrounding it.

The network society in which hackers fundamentally operate, organise, innovate and disrupt can be traced back to through proceeding scientific revolutions and emerged at a very specific moment in history. Thomas Kuhn describes technological paradigms as a conceptual pattern that sets standards for performance by organising the available range of technologies around a nucleus that enhances the performance of each [Kuhn, 1962]. In his view the industrial revolution firstly enabled humans to generate power and distribute energy via human ingenuity and artefacts without being solely dependent upon the natural environment in its existing natural state. Energy generation in this sense enables activities by powering-over nature and overcoming the limiting conditions of own individual existence. Water, steam, electric and nuclear power allowed for new forms of production, consumption and social organisation for the evolving industrial society. The avant-garde today being the post-industrialist knowledge economies found in the West in which hacking primarily functions.

The industrial society is comprised of factories, corporations, bureaucracy, and the phasing-out of traditional agricultural labour in place of large-scale urbanisation; international transportations systems, centralised social systems, mass-media and-mass communications. The rise of mass communications and the Internet in particular made fundamental changes to the control of knowledge and information and have challenged the way in which wealth, power and meaning is generated. Information processing, communication and innovation technologies (computer micro chips, network connectivity and associated costs) essentially impact upon the industrialist paradigm itself; specifically on how the generation, control and application of knowledge occurs.

The value in the Internet today comes from linking-up of artefacts in the virtual and real world into new combinations, built upon and extending the configurations of its original architect in modular forms. This re-combinatorial and reconfigurable nature of intellectual property artefacts provides a key source of innovation in the post industrialist networked society. The process of innovation is also subject to recombination and reconfiguration, particularly in the latter stages of the product life cycle (PLC) via acts of hacking to create new artefact combinations or arrangements that in turn support further spirals of meaningful knowledge and information for the system as a whole. The hacker entity freely facilitates this recombination and reconfiguration irrespective of prior intellectual property rights and law that are perceived as a perverse abstraction unto itself; a concept claiming private ownership rights over nature, whether supported and justified by post-industrialist legal regimes or not. In this sense, the configuration of social structures supporting the organisational arrangement of human relationships to production, consumption and power (framed by culture) is unrestrictedly subverted, distorted and reconfigured by hackers.

Information society

The information driven society was partly invented and developed by a culture of open data sharing, collaboration and cooperation found within ARPAnet experiments and scientific as well as academic research communities. Researchers were free to examine others findings as well as test and further develop others ideas. Self professed hackers designed and built the technologies underpinning the Internet (Unix, Linux, communications protocols, sockets and layers) that make the Internet work and they believed in simply building things for societal value, not destroying them as the popular media would have us presume. Hacker ethics originating at MIT in the generative context, only to have meaning subverted by continued usage referring to computer criminals in the early 1980’s when students broke into rooms that housed campus mainframe computers in order to test out new programs and written code. They believed in freedom of information and voluntary mutual help. In their eyes, legal and institutional barriers only prevented a good solution to a creative problem from being found and simply forced people to re-invent wheels. They believed a solution to a problem should not have to be solved twice and intellectual property and private ownership rights simply create barriers to creative problem solving, resulting in epistemological and idealistic confrontations with the establishment, culminating in a spectrum of hackers acts along an illegal-to- legal dimension.

Hacker culture is a fundamental concept grounded in a specific set of ethical foundations that underpin the networked, post industrialist society and is embedded in a set of cultural beliefs, values and general world economic view. Whilst widely misinterpreted in popular culture, hackers can provide vital sources of innovation that are instinctively and habitually disregarded as simply disruptive, illegal, dangerous and irrelevant to organisations activities.

A wider contextual understanding of hacker activities is needed, devoid of misleading popular connotations and bias, to draw attention to the ways in which hacking acts can generate sources of important value for the innovating firm. By demonstrating how hackers can be vitally beneficial to firms, not simply disruptive and counter productive, it is hoped that general attitudes and policymaking will reflect the subtly changing attitudes to hacker activities already slowly taking place. In so doing should allow both private ownership and open ownership property regimes to exist more complimentarily in a mutually beneficial and reciprocal relationship towards the same goals.

Hackers ethics, passion and the roots of work

The underlying roots of hacker ethics and mind set can be traced back to direct challenges to the idea of the protestant work ethic (Weber, 1905). Weber argued that the capitalist spirit is found in the implicit obligation individuals feel towards undertaking productive work, enforced by religion and God. Members of society are made to feel obliged to work and to find contentment in professional working activities as one’s natural God given duty. For hackers, motivations to work are entirely different. The driving force behind value creation in life comes from the passion to create artefacts of great social value, rather than merely for money and capital generation. The same ideals and vision carefully crafted and communicated to consumers by large innovative corporations who go to great lengths (and cost) to emphasise corporate social responsibility and a wider societal purpose in the world. It has long been established that firms who understand consumer’s driving passions (legal or illegal), are far better suited to creating relevant innovations and value, if they are closely aligned and directly connected to underlying consumer passions.

Basic work ethics and organisational factors for hackers do not originate primarily from work or capital gain per se, but from passion and desire to create something socially valuable. This explains the predominant view of firms such as Microsoft as the enemy of hackers with its focus on wealth generation, closed code, proprietary systems and appropriation rents from its patent portfolio and strict licensing model (in spite of a recent strategic shift towards financing and encouraging the development of Open Source software). For hackers, when profit, growth and wealth generation are the dominant focus for a firm, passion is no longer the central driving force behind innovation and creation, therefore something to be entirely wary of. Hackers also believe that innovators should directly profit from their socially beneficial efforts, but not profiting from closed information to others.

The term hacker has a broad and general definition that spans the illegal to legal dimension but essentially encompass all hacker classes as an expert or enthusiast of any kind [Himanen, 2001]. This term generally applies to anyone with a passionate interest in any domain in the information age. Unlike most typical users who see computers, networks and devices as black boxes that can enhance productivity; hackers see computers, networks and devices as sources of entertainment just like any other personal hobby. They are driven to understand and master a technology because it personally interests them and provides pleasure, joy and excitement, not merely as something that reduces uncertainty in performing a desired task in the workplace [Rogers, 1995].

[Hackers are] people who love and understand the technology they use. These are people who can "hack" together a solution to a problem with a soldering iron and a few paper clips. People who modify operating systems because they don't like the way they work [Robson, 1999].

Hackers have a strong sense of play; are prepared to take risks in exploring a technology and care deeply and passionately about their interests.[1] As Burrel Smith of Apple stated: ‘you can be a hacker carpenter... It has to do with craftsmanship and caring about what you’re doing.”

Apple is an example of a habitually innovative and disruptive firm, marketing itself upon core countercultural ethics, similar to those found in hacker communities. Technology in their eyes should be used for your own purposes outside the control of large firms. Apple wishes to outwardly express its image as a group of freethinking rebels, troublemakers and technological radicals, akin to popular hacker culture. This may have reverberated with consumers when Apple was fighting against market domination by the likes of Microsoft and IBM, but becomes somewhat contradictory when it is now Apple who dominates markets as the most valuable company in history. The philosophy behind the hippy chique becomes hippy control freak within closed systems, gated communities, centralised control and vertically integrated products that lock users into proprietary platforms. Rather than echoing radical rebelliousness, vertically integrated software and hardware screams instead, proprietary claims to private ownership and ‘a firm knows best’ attitude most strongly detested within hacker ethics.

By adopting a closed strategy, firms like Apple lock out the possibility for social product development inherently generated within the network society. There is no desire to be more responsive to the external environment because the environment does not know yet what it wants and Apple intuitively does. This has been made clear one successful and dominant design product launch after another. Firms like Apple however are somewhat rare and demonstrates an uncanny ability to develop truly radical unknown innovation for consumer needs that do not yet exist. The hacker ethic is sacrificed in order to create a seamless and simple mass-appealing interface, but in so doing resists any form of user empowerment and flies in the face of the fundamental nature of networked information technologies themselves. Habitual behaviour by industry innovation leaders deliberately closes-off external boundaries in the competitive landscape, dismissing it as externally generated noise that serves only to blur internal creative vision and direction in the fuzzy front end of the design and innovation process as it only creates fragmentation. However for those firms more at the bleeding edge of innovation leadership, external ideas, resources and hacking have the potential to provide vital waypoints, design trajectories and market direction to help reduce uncertainty in innovation management. 

Extant hacker typology

Currently understood hacker types and sub types will now be discussed in order to distinguish potentially generative innovation sources for firms and brief case studies giving real world examples.

The extant typology of hacking within literature provides a slightly broader conception of popular understandings into three hacker types:

  1. Computer Security Crackers
  2. Computer Hobbyist Hackers
  3. Enthusiast Programmer Hackers

Pressures to differentiate one form of hacking initially emerged with the introduction of new laws and legislation seeking to criminalise activities involving computer cracking acts, resulting in three types above.[2] Within these categories several sub-categories classify the actual type of activity performed along an illegal to legal dimension and spans from data theft and mere property vandalism to state sponsored hacking and IP regime infringements.[3]

The three types or classes define cracking or hacking in a pejorative, negative, illegal and destructive light, based on stereotypical profiling in popular media and culture. It is rarely used in a positive, innovative and generative sense. Hacking acts are instinctively and implicitly assumed to be counterproductive and solicited with selfish and destructive or politically motivated intentions that serve countercultural or even extremist views in the pursuit property theft or disturbing the establishment in some way: entirely negative consequences of the structure and nature of a competitive market-driven economy.

1. Computer Security Crackers

The first class defines a person who seeks-out weaknesses in computer security systems in order to exploit them and is motivated by financial gain or as a stimulating personal challenge by a third party to a computer system or network infrastructure. More accurately known in computing circles as a cracker, this type consists of several sub-groupings including: black hats, grey hats and white hats. All classes involve some form of criminal behaviour via intrusion, theft, or otherwise causing disruption to a computer and/or a network in some way.

Security cracker sub-types

Black-hat (cracker)

This sub-group is deemed the most disruptive and involves someone who intentionally violates computer security for personal gain by destroying or stealing data and/or rendering a network inoperable by its authorised users. Example tactics for black hat hacking include, writing of malicious code, deploying viruses, trojans, use of bot nets, rootkits, denial of service attacks (DDoS), remote file inclusions, spyware or other means to illegally infiltrate security systems with the intention of causing harm to it.

Further sub-classes of black hat crackers include:

  • Elite (l33t) or rogue hackers – skilled hackers engaged in general malicious hacking through malicious means and intentions.
  • Neophyte or ‘newbie’ – someone who attempts hacking with little or no understanding of the underlying technology used.
  • Script kiddie – a non-expert crackers who uses the tools of others (with little or no working knowledge) to perform hacking acts.
  • Spammers, adware and social engineering crackers (phishers, cyber criminals, fraudsters and organised criminal gangs.
  • Corporate spies – competitor intellectual property and competitive information gathering
  • Blue hats – a security expert cracker brought in to the firm to find security holes before a product or service is launched to the general public.

Black hat hackers are typically the source of demonisation in popular media and wider culture. For example, in a recent BBC Television adaptation of the Sherlock Holmes novels, the archenemy character, Moriarty is portrayed as a hacker and cyber-criminal mastermind, claiming the ability to “...open any door, anywhere with a few tiny lines of computer code... There is no such thing as a private bank account now” [BBC, 2012]. Playing on the illegal computer security black hat end of the stereotype extreme and inline with popular media usage, such contemporary hacking portrayals reinforce the general perception of cracking and hacking involving potential national security breaches, threats to privacy and personal data theft. These portrayals play upon a mysterious and unknown (zero-day) set of black box elite programming skills and capabilities to manipulate and exploit security weaknesses in computer systems for personal financial gain, that are as yet unknown security holes and weaknesses to administrators. Actual methods and practices are rarely revealed or explained and are left open to factual scrutiny (and generally superfluous to the narrative). There is however, an assumption that computer weaknesses can and do exist and are freely and easily exploitable by anyone in possession of the appropriate black box skills needed to compile and deploy devious and destructive code for a desired outcome.

Black-hat institutional hacking

Hacking in the computer security cracker sense, is not merely confined to cyber criminals, vandals and data thieves, but also applies to hackers of legitimised origins in activities commonly undertaken by nation states, governments and security agencies around the world; even international media organisations.

Lawful interception, as it is often labelled, refers to sanctioned and authorised cracking by government sponsored security agencies, for example:

  • UK Global Communication Head Quarters (GCHQ); MI5; MI6.
  • US National Security Agency (NSA); Central Intelligence Agency (CIA);
  • Federal Bureau of Investigation (FBI)
  • Bahrain National Security Apparatus (NSA)
  • Israeli Institute for Intelligence and Special Operations (MOSSAD)

Institutional hacking includes: surveillance and spying of citizens and nation states by cracking digital devices, computers and smartphones by intercepting or hijacking emails, instant messages and chat service monitoring (Skype, Google Talk and other IP telephony services), bugging conversations, GPS tracking; even deploying viruses and spyware in some cases.[4]

Black hat case study: Iran’s nuclear enrichment program

One such high profile case recently emerged in the now proven state-sponsored, multi-governmental deployment of a super-virus using cracker tactics similar to those found within underground, mystical cracker groups that occasionally emerge in the public domain.

In January 2010, nuclear investigators from the International Atomic Energy Agency (IAEA), reported on the state of uranium enrichment in Iran and the anomalous number of component malfunctions, failures and replacements within its facilities. Investigators found that centrifuges used in the enrichment process were being replaced well above the rate that was expected during the normal component working-life expectancy.

In June 2009 a digital worm virus labelled: Stuxnet by Microsoft was deployed by an unknown organisation or group of crackers and was later discovered upon reverse engineering, to be the most sophisticated piece of malware ever written and was dubbed the world’s first cyberweapon [Sharma, 2012].

The virus was written with several stolen driver certificates stolen from device manufacturers in Taiwan with the intention of targeting industrial control software for motors, valves and switches in a broad range of assembly line systems, gas pipelines and water treatment plants made by the Siemens corporation. At first it appeared a simple case of industrial espionage, but on deeper inspection by various anti-virus firms, a plethora of complex data and complex hidden commands were revealed. Particularly of interest was the way in which the virus stored its data in RAM (Random Access Memory) rather than the hard drive by actually modifying the operating system files themselves, making it nearly impossible to detect.

Once the virus’s reporting servers were located and traffic re-routed to servers at anti-virus firms, the extent of the infection started to emerge, with a focus on Iran with the highest number of Stuxnet infections. It also emerged that the virus was initially spread by USB storage sticks at five different organisations within Iran and not via the Internet as is usually the case. Deeper inspection revealed the virus had 400 attacker controller remote configuration commands and had an inbuilt self-shutdown date of June 24th 2012. After the virus checked if the particular Siemens software was installed, it decrypted the system file payload to install its operational functions.

Stuxnet worked by intercepting commands between machinery and operating computers and replacing commands with its own as well as disabling automatic alarms and masking it’s actions to other operating computers. It was designed for sabotage and hid its own tracks in the process and was the first time digital code had been found to cause actual physical damage, crossing the boundary between virtual and real world, usually only found in fictional movies.

It eventually emerged that the virus targeted a specific coding value ‘2C CB 00 01’ before it decided to attack, hidden within two manufacturer reference codes for specific frequency converters occurring in just two hardware components that increase or decrease the spin of centrifugal device motors. This in effect allowed Stuxnet to destroy the centrifuges used for the enrichment of uranium used in nuclear weapons development and led to delays, estimated to around 2015, before Iran will reach full nuclear enrichment capabilities. The sheer complexity of the virus, insider knowledge and vast resources needed to develop the 15,000 lines of skilled code (that only a handful of people are trained to use and develop); to execute commands within a propriety manufacture developed programming language, on two specific and different devices suggested and was later admitted as multi-governmental involvement driven by a common World political agenda between the US and Israel.

Other forms of black hat hacking such as these could create power blackouts by permanently damaging generators, cause oil and gas pipelines to explode, ground aircraft, disrupt water supplies, distribution systems or other critical infrastructure. These attacks can happen at the interface between the virtual and physical worlds via computerised controllers, similar to those targeted by Stuxnet. Although Stuxnet achieved its goal of delaying Iran’s nuclear enrichment processes, it also put the virus and accompanying code into the public domain. Other crackers could in theory at least, hack the virus and modify it for deployment into other computer controller environments around the world, particularly in the west, where Internet dependent infrastructure technologies are commonplace.

Whilst clearly an extreme black hat cracking case, the Stuxnet history demonstrates one of the most complex cases of illegal cracking to date and is a far cry from any form of generative hacking that could help drive firm innovation efforts.

Governmental cracking in Germany

In 2011, a group called the Chaos Computer Club cracked state spying software programs allegedly used by the German authorities; pitting underground hackers against state sponsored hackers directly in combat with one another. It was later revealed that a trojan horse capable of spying on Internet communications, placed files on an infected machine and reported back to a central server in the United States.[5] If it transpires that such code was deployed to compile criminal evidence to be used in legal proceedings and prosecutions, this would violate German constitutional law and severely breakdown the boundary between government and democratic society.

In the anti-terrorism age, governments have vested interests in keeping computers open to security vulnerabilities as it allows easier access by intelligence agencies to spy on its members of society, raising fundamental questions about constitutional and individual rights.

News international phone hacking/cracking

Another example security data theft cracking or ‘hacking’ as it was labelled, featured extensively in the media through 2011 and 2012 with controversy in what became known as, the Phone Hacking Scandal involving The Sun and News of the World newspaper’s owned by News International.[6] These were in fact acts of black hat cracking, not hacking but involving information data theft from various celebrities’ mobile phone voicemail boxes via malicious means and unauthorised caller ID-spoofing. This was simply achieved by news reporters disguising an originating caller ID, using freely available tools to match that of the desired voicemail box, simply by obtaining the correct phone number of the target. By using factory default PIN codes (if a user code was in place at all), reporters could gain legitimate access to listen to voicemails. Sensational and highly private conversations, information and stories were then reported and written in the press accordingly to the utter surprise of those targeted.

Various forms of institutional cracking are not merely confined to underground deviant groups and individuals working in organised gangs, but also apply to public institutions and legitimately empowered organisations throughout society.

Cracking acts to access private data fall under the black hat cracker definition by the nature of attempting to circumvent security measures in order to steal information by acting maliciously. Such reckless scandals serve only to distort popular perceptions of the full spectrum of hacker activities disregarded all as deviant and highly illegal acts to be punished by the full extent of the law. Under these popular extremes it is hard to see and no wonder to imagine hacking as anything potentially useful or widely beneficial to society as a whole.

Grey-hat hackers

This group lies between black hats and white hats and are seen as skilled hackers (also known as elite’s, leet’s, l33t, 1337[7]) and security researchers, sometimes acting illegally and other times legitimately. These crackers autonomously search for vulnerabilities in computers, networks, products and services and may sometimes notify owners for direct financial reward for fear of going public. Grey hats scan the Internet for security holes and then charge owners a fee for notification about what to fix in order to become more secure.

White-hat hackers

White hats break into computer networks, not for malicious reasons, but for testing purposes. These hackers are known as ethical (good) hackers who provide network security information and advice on penetration testing and protection against other malicious hackers seeking to gain unauthorised entry or access. Firms employ white hats (sometimes called blue hats) to find security holes in their computer systems in order to make them more secure to other hacker attacks.

2. Computer Hobbyist Hacker (primarily hardware)

The second class involves a person who heavily modifies the software or hardware component of his or her own computer system. This group differs from the Computer Security grouping in many ways; primarily as acts of hacking are executed to one’s own possessions, rather than that of a third party. Here the purpose is to modify, rebuild, add features or improve a device some way. Hobbyist hacking requires high-levels of computer knowledge and is regarded by peers as ‘elite’ due to the complexity of writing circuit level code, drivers or firmware.

Well known computer hobbyist hackers include Steve Wozniak and Steve Jobs who helped create the personal computing industry based on hardware and software hacking of existing computer components within their parents garages. Job’s famously hacked a quote originally by Pablo Picasso saying, “lesser artists borrow, great artists steal” to “good artists copy, great artists steal,” referencing the often illegal use of other owners IP and the re-combinatory nature of artistic works and commercial design methods that also follow closely with the hacker legal dimension.[8]

Examples of Computer Hobbyist hacking by changing hardware components:

  • Product Hacking
    • Musical instrument hacking ! SLABS touch pads
      • GuitarBot
      • Commodore64
      • Atari 2600
      • Children’s electronic drum pad hacking
    • IKEA furniture hacking
    • Toyhacking
      • Quadrotors
      • Furby
      • Nerf Guns
    • Bicycle hacking
    • Vacuum cleaner hacking
      • Rhoomba mods
    • Nintendo Wii-Mote hacking
      • Industrial crane controller
      • Lawn mower controller
      • Head tracking
      • Radio controlled car controller
      • Protractor measuring tool
      • Graphical visual interaction sensor
      • PC game controller
      • Finger tracking and image browser
      • DJ music controller
      • Smartphone controller

Examples of Computer Hobbyist hacking by changing the software component:

  • Mod Chip Development
    • TiVo
    • Microsoft XBOX, Sony PlayStation, Nintendo Wii
    • Microsoft Kinect hacking15
    • Nintendo Wii-mote hacking
  • Single Board Computers
    • Arduino hacking
    • Raspberry Pi hacking
  • Google Nexus Q hacking
  • OUYA games console hacking
  • Oculus Rift DK2

Footnotes

  1. Impassioned hackers who care deeply about the technologies they use and develop, ironically, are key attributes employers search for when interviewing potential candidates because it increases the likelihood
  2. United States Federal Computer Fraud and Abuse Act 1986.
  3. For an overview of the current hacker typology, please see diagram
  4. It emerged in 2010, when activists raided state security offices, that a UK based firm called Gamma International had offered ‘security services’ to Hosni Mubarak’s regime in Egypt, allowing intrusion software to be deployed to enable authorities to monitor communications technologies such as Skype.
  5. The World from Berlin: Electronic Surveillance Scandal Hits Germany, Spiegel Online, retrieved April 10 2012, available at: http://www.spiegel.de/international/germany/0,1518,790944,00.html.
  6. Or if termed in the correct definition: The Phone Cracking Scandal.
  7. l33t speak – an alternative alphabet used by hackers as a substitute cipher to circumvent bulletin board word filters by replacing letters with numbers as a form of symbolic encryption.
  8. This group also includes artistic work where artist-hackers subvert technology by modifying artefacts for different purposes, functions or expressions entirely, by creating works that can achieve tasks that were not originally intended by designers. As artistic works generally have no functional purpose in a design sense, other than to refer to themselves and society, artistic hacking tends to form a loophole along the legal to illegal dimension.

References

  • [Kuhn, 1962] ^ Kuhn, T. (1962). The structure of scientific revolutions. Chicago, The University of Chicago Press.
  • [Weber, 1905] Weber, M. (1905). The Protestant Ethic and the Spirit of Capitalism Munich.
  • [Himanen, 2001] ^ Himanen, P. (2001). The Hacker Ethic and the Spirit of the Information Age. New York, Random House.
  • [Rogers, 1995] ^ Rogers, E. M. (1995). Diffusion of Innovations. New York, The Free Press.
  • [Robson, 1999] ^ Robson, G. (1999). "How to Become a Hacker in 2473 easy lessons." Retrieved

March 20, 2012, from http://users.telenet.be/mydotcom/library/index.htm.