Who is a hacker
The word hacker is defined variously as; 

1. someone who makes furniture with an axe; 
2. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary; 
3. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming; 
4. A person capable of appreciating hack value, 
5. a person who is good at programming quickly; 
6. An expert at a particular program, or one who frequently does work using it or on it; as in “a UNIX hacker”; 
7. An expert or enthusiast of any kind.  One might be an astronomy hacker, etc.;
8. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations;
9. A malicious meddler who tries to discover sensitive information by poking around.  Hence “password hacker, “network hacker”. 
   
   

Hack Proofing Your Computer, Syngress Publishing, chapter 1.

As can be seen, we can drop definition (1).  And, today, definition (9) seems to be the description of choice for the persons who attempt to make unauthorized entries into one’s computer.  The term is further described variously as “cracker”, “script kiddie”, “phreak”, “white hat/black hat”, “hacktivism”, and/or  “grey hat”.   The good or semi-good definitions have gone by the wayside as the hacker term has become seen as unlawful or criminal.  Hackers are also seen as “magicians”, “security professionals”, “consumer advocates”, “civil rights activists”, and “cyber warriors”.  Any way the term is cut, it seems that the actions taken by that individual is unlawful or nearly unlawful.

Why do hackers do what they do?  
Most of the articles and books that cover this subject first try to justify hackers as persons who want to climb the mountain because it is there.  Top among the reasons is personal recognition.  Hackers want to be recognized for their work.  Recognition brings some form of fame, which can have financial rewards.  Even the criminal hackers have a need for recognition. And, for criminal hackers, financial gain is usually at the root of their reason for hacking.

Admiration is a close second trait that hackers seem to exhibit.  Some get into hacking because they admire others who can hack, a sort of role model.  Curiosity is another trait that can lead some into hacking.  The hacking in the case of curiosity comes from the fact that a program may be a certain way and the hacker wants to know why it is written that way.

Power and gain are traits that are shown by hackers in many cases.  The ability to hack is to further another end, power or financial gain.  Illegal wire financial transfers or selling stolen secrets are root causes for hacking.

Revenge is a special trait that can be exhibited by hackers.  The hacker or some other person known to the hacker may feel that they have been wronged by someone or some company.  The hack is to do something to that person or company that will extract satisfaction to the wronged individual.

One publication stated that it is fortunate that nearly all hackers of moderate skill or better hack for hackings sake.  These individuals tend to hack in a manner that does not harm or damage others.  Most intrusions do minimal damage and are nothing more than nuisances.  It is this group of hackers that the folk lore is written about and admired.  It is the lower end of the skill level that seems to cause the most damage.  The lower end hackers, or those less skilled, are the computer users who do damage.  The latest example was the “I Love You” e-mail virus.  The group responsible for this did not do any great break through in code development, but simply took advantage of the built-in scripting capability of Windows 95/98.  Microsoft made scripting the default as a method of ease of use.  The proper script code could direct other Windows applications to send the e-mail to others, especially from Outlook and Outlook Express.

Any discussion of why and what hackers do, leads to the core issue of what is right and wrong in that world.  And, from the reading I have conducted so far, the legal and moral issues from the hackers point of view are extremely fuzzy.  Legal right and wrong are pushed to the limit by hackers, who take advantage of the fact that something may be morally wrong, but not illegal.  They understand that laws are specific to a region, and the hacker may not live in that region.  Laws change constantly.  Legality may depend on one’s profession.  Legality may depend on contractual agreements.  And, finally, law enforcement is always lagging behind.  Hackers do not seem to have the same core values as the rest of us, especially in the moral area.  The above example of the “I Love You” e-mail virus shows this distinction between the moral and legal.  This virus originated in the Philippines, where there is no law  against persons who attempt to disrupt other computer users.  The virus affected many others where the laws do protect against such attacks.

Hackers appear at many levels.  Some of them just want to know how programs work and may even provide a good service by discovering programming bugs and helping to fix the bugs.  Malicious or criminal hackers have other agendas in mind.  This group causes incidents from obnoxious to destructive.  The obnoxious events just cause the computer to display things not generated by the user.  Destructive events include the recent “denial-of-service” attacks that caused EBay and Yahoo to shut down by crashing their servers.

Can Hackers Affect Me?
Am I likely to suffer such an attack on my personal computer or small business network.  In the recent past, the answer would have been not very likely.  Now, the answer is still not likely.  But, with the advances in connectivity technology and increased uses of uninterrupted, dedicated connections like DSL or direct cable, there is a very good chance that some form of hacking will be attempted against your personal computer or SOHO network.  Individual or small business users are just as likely to receive hacker attacks as anyone in the broadband direct connection environment.  An individual computer under the control of a remote user can have destructive results as that remote user uses the machine to send attacks to other locations.  And, this type of attack is possible from any remote computer having a broadband direct connection to the Internet. 

Fortunately, for most of us, taking some simple steps to protect our computer or network will be enough to protect against most attacks.  In general, these steps include changing a few operating system (OS) and browser settings, installing a good personal firewall, maintaining updated antivirus signatures, and using some common sense in the computer use.

The OS and browser setting changes include turning off the ability of the OS to do automatic scripting.  Perform a <Start> pull down menu to <Settings>, select the <Add/Remove Programs> icon, then select <Windows Setup> tab.  Scroll the <Assessories> check box, then select the <Details button>, scroll down until the <Windows Host Scripting> check box is found and uncheck it. This turns the Windows 95/98 scripting capability off and protects against the scripting viruses.  In Microsoft Internet Explorer (IE), select the <View> pull down menu, select <Internet Options>, then choose the <Security> tab and open the <Zones> pull down menu and choose <Medium> or <High> for each of the menu items.  This action must be repeated for each of the <Zone> items.  If any change is made, then at the end of the process select the <Apply> button.  Then click <OK> to save the new settings in IE.  These are two easy things that everyone can do and should do to secure against hacking.

Personal firewalls, applications that watch for intruders and alert the user, are available.  My February 2001 and March 2001 columns covered the best of these in detail.  The ones that seem to get the most coverage are Zone Labs ZoneAlarm 2.1, Symatec Norton Personal Firewall 2000 version 2, Network ICE BlackICE Defender 1.9, Sybergen Networks Secure Desktop 2.1, McAfee.com Personal Firewall, and Aladdin Knowledge System ESafe Desktop 2.2.  ZoneAlarm, free for personal use, and BlackICE Defender, $40.00 including one years updates, seem to be able to do everything necessary to protect against intrusion.

Installing a good antivirus program is another easy way to protect your computer.  My August 2000 and September 2000 columns covered the details of antivirus programs.  I recommend Norton Antivirus 2001 because of its ease of getting updated signatures.

Common sense in the use of the computer such as turning off file and printer sharing in Windows 98 if one is not on a network is a good protection practice.  Common sense includes virus checking of all floppy disks used in the computer.  Common sense includes keeping the computer in a relatively clean operating environment.  Common sense includes turning the computer off when it is not being used, especially if the computer is connected by a broadband connection to the Internet.

Hackers gain entry into a computer by using sophisticated automated scanning application tools that search the Internet for open computers.   These search tools find computers by locating its Internet Protocol (IP) address, the unique address in TCP/IP that identifies that computer on the Internet.  Dial-up IP connections are usually dynamic, meaning that the IP address from the ISP is different for each Internet logon.  Snooping programs can not be fast and broad searching enough to find these type IP addresses.  Broadband DSL and direct cable connections are sometimes “static” with constant assigned IP addresses.  As long as the broadband terminal adapter and computer are up and running that static IP address is exposed to the Internet.  There are exceptions to the static IP address, for example here in San Antonio, both the DSL and direct cable provider give dynamic IP addresses to the broadband terminal adapter which makes snooping very hard to do.

Once the snooping program has identified a IP address, then the snooper must find a way to get into the computer.  This is done by searching for the computer’s open or exposed ports or connection points.  The TCP/IP software and OS create ports to allow specific networking functions.  The TCP/IP FTP client uses port 21 and the TCP/IP Web access uses port 80 for example.  The snoop programs look for these “standard” ports for openings into the computer via the Internet.  Firewalls help to close these open ports.

Conclusion
This summary of hackers and unauthorized intrusion centers on closing the “windows” to keep those unauthorized users at bay from your computer or network.  Keeping hackers and Trojan horses, programs which when present open a computer for remote use, from your machine.