Hacking in the name of liberty? Many hackers exhibit behaviors that contradict their stated purposes that is, they fight for civil liberties and want to be left alone, while at the same time, they love prying into other peoples business. Many hackers call themselves civil libertarians and claim to support the principles of personal privacy and freedom. However, they contradict their words by intruding on the privacy and property of others. They often steal the property and violate the rights of others, but are willing to go to great lengths to get their own rights back from anyone who threatens them. The case involving copyrighted materials and the Recording Industry Association of America (RIAA) is a classic example. Hackers have gone to great lengths to prove a point, from defacing the Web sites of organizations that support copyrights to illegally sharing music by using otherwise legal mediums like Kazaa, Gnutella, and Morpheus. Go figure.

Planning and Performing Attacks Attack styles vary widely: Some hackers prepare far in advance of a large attack. They gather small bits of information and methodically carry out their hacks, as I outline in Chapter 4. These hackers are the most difficult to track. Other hackers usually the inexperienced script kiddies act before they think through the consequences. Such hackers may try, for example, to telnet directly into an organizations router without hiding their identities. Other hackers may try to launch a DoS attack against a Microsoft Exchange server without first determining the version of Exchange or the patches that are installed. These hackers usually are

Malicious users are all over the map. Some can be quite savvy based on their knowledge of the network and of how IT operates inside the organization. Others go poking and prodding around into systems they shouldnt be in or shouldnt have had access to in the first place and often do stupid things that lead security or network administrators back to them. Although the hacker underground is a community, many of the hackers especially advanced hackers dont share information with the crowd. Most hackers do much of their work independently. Hackers who network with one another use private message boards, anonymous e-mail addresses, hacker Web sites, and Internet Relay Chat (IRC). You can log on to many of these sites to see what hackers are doing. Whatever approach they take, most malicious attackers prey on ignorance. They know the following aspects of real-world security: The majority of computer systems arent managed properly. The computer systems arent

Attackers can often fly below the radar of the average firewall, an IPS, or access control system. This is especially true for malicious users whose actions are often not monitored at all, while, at the same time, they have full access to the very environment they can exploit. Most network and security administrators simply cant keep up with the deluge of new vulnerabilities and attack methods. These people often have too many tasks to stay on top of and too many other fires to put out. Network and security administrators may also fail to notice or respond because of poor time management and goal setting, but thats for another discussion. Information systems grow more complex every year. This is yet another reason why overburdened administrators find it difficult to know whats happening across the wire and on the hard drives of all their systems. Time is an attackers friend and its almost always on his or her side. By attacking through comp