Getting Inside The Criminal Mind - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Getting Inside The Criminal Mind

Learn to think like a computer hacker, and maybe you'll be better prepared to defend against them. Maybe. Jason Levitt looks at two books that purport to describe the art of hacking.

To learn about computer security, you can take courses at the System Administration, Networking, and Security Institute. But to learn to become a rogue computer hacker, living by your own rules and striking terror into the heart of the global industrial computer complex, you need to buy a book.

Over the last five years, a number of books have been released that purport to teach the tools and techniques of computer hackers--Halting the Hacker (Prentice-Hall, 1996) by Pipkin, and Hacker Proof (Jamsa Press, 1997) by Klander and Renehan, to name two--but the quality has recently improved.

In particular, two books have crossed my desk that have either Hack or Hacker in the title or subtitle (a prerequisite, I suppose) and each has merits. Hacking Exposed, Second Edition (McGraw-Hill, 2001), by Joel Scambray, Stuart McClure, and George Kurtz, and Maximum Security, Third Edition (Sams, 2001), by anonymous, are 700 and 860 page volumes respectively, stuffed with tips, techniques, and tools allegedly used by the hacker intelligentsia to make your life miserable.

Let's be clear about one thing: the goal of these books isn't to help you become a computer villain. Rather, they claim to help you understand the techniques used by computer hackers so that you're in a better position to test your defenses and protect against intrusions. Among other things, the books help you do "ethical hacking," which is the use of hacker tools and techniques to test the mettle of your security defenses (see my previous column for details).

Still, both books could be used as training tools for budding network system crackers. While it is easy to find Web sites with hacking tools that you can download and play with free, these books provide the guidance to understand the tools and to use them effectively.

This is a good thing. Some might view books about hacking as metaphorically handing out guns to teenagers at the local bookstore. But, clearly a lot of 45-year-olds need to learn about these things. Ultimately, the more widely the techniques are understood, the easier it will be to defend against them.

So just how easy is it to get inside the criminal mind? Let's take a look at the books and what they offer.

Hacking Exposed is the best book I've seen so far for learning hacking techniques. The book is authoritatively written, well organized, and includes specific techniques for Novell's NetWare, Unix system flavors, and the various Windows operating systems. The quality and depth of the information in this book is scary.

This book doesn't have a companion CD-ROM, which is probably just as well. CD-ROMs accompanying books are notoriously flaky and they tend to go stale rapidly. Instead, the authors have a Web site with lots of links to applications, security sites, and scripts mentioned in the book.

The "lead author" of Maximum Security is anonymous (a cute marketing gimmick?), but the inside cover lists 13 contributing authors. Despite its subtitle, A Hacker's Guide to Protecting Your Internet Site and Network, this book is less focused on hacking techniques. Instead, the authors try to provide the background for approaching site security, an ambitious undertaking.

Maximum Security discusses security issues at a higher level, with less detailed analysis of hacker tools and a more strategic, managerial tone. It also has interesting, brief, platform-specific sections on VAX/VMS, Macintosh, and Cisco routers and switches, as well as in-depth sections on Novell, Microsoft, and Unix flavors. Its CD-ROM contains a number of well-known tools for hacking, testing, and managing network security.

These two books can help you get inside the hacker mind, but at the rate new attacks are discovered and dissected, they'll need an update at least every six months. Still, there's no better way to start thinking like your enemy.

Are these books the equivalent of giving free weapons to the script kiddies of America? Share your opinion at Jason Levitt's Listening Post discussion forum.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll