It's 16 th July, 1995; Mr Nasir Khan Ghazi of Digicom sends the first ping to nelofer.erum.com.pk from Singapore , Cheers! The Internet is now a reality in Pakistan . Precisely 30 days later on the 15 th August, 1995, VSNL also launched its services in India . Following the news about the formation of Pakistan 's first ISP a mushroom growth of ISPs began as everyone decided to pitch in for cashing their hours at a rate that went up till Rs.100 an hour.
Prior to Digicom setting up its first international digital circuit link; The Agha Khan University and sdnpk.undp.org were already in the pool. The AKU set up an email exchange that made international calls on a day to day basis allowing its users to send and receive emails with a lag of up to 1 day. At the same time, undp.org had already started providing email services to the general public and corporate organizations, having a policy to charge them per KB of data exchanged, but neither of them was truly hooked to the international world using what maybe termed as “Internet”. Living in Hyderabad , I remember having to dial a long distance call to the UNDP servers in Karachi , using a Bell 1200 (1.2 kbps) and looking at a blue screen in Ms. DOS to check my email.
The news of Pakistan joining hands with the WWW spread fast among the local public, however the high rates of internet access in the country at that time made every individual think twice before deciding to go online. Even in homes counted as ‘techie'; the Internet was considered a privilege not everyone could exercise. Siblings would take turns to use those 5 hours their parents would buy them every month. Spending less time online and more time offline, trying to collect list of web-sites to visit was a normal phenomenon seen amongst nearly all the cyber-enthusiasts at that time.
Now, just as Pakistan started to get its feet damp to enter the ever-expanding internet world, its curious citizens; especially the youngsters found the most favorable conditions for germinating a sense of hacking amongst them selves.
After all, two Pakistani brothers; Basit and Amjad were also behind the making of the world's first computer virus ( © Brain) . The two had made the virus back in 1986, to prevent their copyrighted software from being pirated after distribution.
Expensive internet access rates, lack of places for self-enjoyment and getting off from school/work early; all became reasons for cultivating a thirst for Hacktivism deep in the youngsters of those days. To further fuel this fire, Pakistan at that time did not have any cyber laws in place nor was the newly formed PTA (Pakistan Telecommunications Authority) ready to form any technically advanced cyber squads to counter any online incidents comings their way. With all this, as the internet users grew in the country so did the black hats. It was common to see 1 in every 10 people trying to do something that might at some point seem unachievable and might impress their circle of friends.
Slowly as the internet user base in Pakistan moved towards maturity, these new additions to the hackers community started forming groups and could now be categorized based on what they were capable of. It may be noted that at this point in time most of the youngsters who were to become or had become so called hackers were either enrolled in courses like MCSE/CCNA or were mostly computer freaks taking short courses who started off with computers at an age when games like Dave and Digger on their XT/286 machines were as good as Counter Strike and Doom III on Pentium IV's played by today's burger kids.
Those were the times when individuals would put in every drop of blood into trying to find a bug by understand every line of open source server software they could find. They would experiment with every insane thing they can think of, and yes they did find flaws! But then, some tainted their knowledge (to be counted as Black Hats or crackers) while the others decided to play clean and help the internet community solve problems (counting them selves towards the White Hats).
However in today's world with search engines like Google and Clusty and the Internet having set-ups like Packet Storm, Zone-H and Security Focus, becoming a so called hacker has become as easy as tying your shoes. All that you need is a web browser, an Internet connection and the know how of finding your way in tons of information available.
With that, today many people from our country take much pride in calling them selves as one of the best hackers ever known (remember, they don't have to be evil). However, in the same land you'll also find people who just hate that word more than anything, but are equally capable or maybe even more.
Here we will just have a break up of the types of hackers found in this so called hacker's heaven, irrespective of them being a white or a black hat. The three categories discussed here are based on the capabilities, skills and proficiency of a typical hacker found in our country
- Desi Mohalla hackers (The novice)
- Script Kiddies (The crackers)
- Elite Hackers ( The coders)
Desi Mohalla hackers
The term “Desi Mohalla hackers”, may not be too Desi to the inhabitants of this category. Reason being their extensive reliance on information and tools made by many international hacking groups instead of trying to figure out some of their own or even trying to understand what goes behind those tools. They would at most do port scanning , looking for an already compromised machine using some popular hacking software like Netbus, Back Orifice or maybe Sub Seven. If they are knotty enough, they might go ahead and download a tool to carry on brute force (Trying every possible password combination) or dictionary attacks (Trying a combination of common passwords or a dictionary as password list) on random ftp, telnet or maybe even on your hotmails and yahoos till their horses tire.
Typically teenagers found on a vast scale in the sub-urban, far off rural areas of Pakistan who are the residents of this category are a privileged internet user, having a 24 hour Internet access and a lot of fan following for their “cool” stuff the can do. Besides showing off their skills by hijacking hotmail or yahoo accounts of their friends, these hobbyists love putting in their nose into every nasty hacking tool obtainable on the planet. With the passage of time, the transformation of these kids into more elite hackers is another story altogether.
If you get a chance to visit any of the Cyber Cafés in the country, especially those of Tando Allahyar, Hala, Dadu, Thatta, you would normally notice a geek with an un-shaved face which hasn't immersed in water for 4-5 days, sitting in the darkest corner of the café. With his eyes locked into the screen, at a first look, you might think of him as a cleaner hired by the café owner, but somehow he happens to be the administrator of that café and a most probably inhabitant of this community.
Target Audience |
Any vulnerable system they can get their hands on |
Cause |
A thinking of doing something for the society. Political, socio-economic or a religious cause |
They lack |
To find new vulnerabilities and the knowledge required to develop an exploit when vulnerability is found |
They have |
Basic programming skills (C++/Assembly/Computer Architecture) required to getting an exploit script or a proof of concept script running on a target machine. Also, are highly experienced in network programming and networking as a whole |
Favorite hacking tools:
- Netbus
- Whack-o-mole (Netbus Trojan horse)
- BackOrifice
- Sub Seven
How it worked:
The attacker would send a Trojan horse (An executable file) to the target machine by email or IM which if executed would either open up a game or simply do nothing. Upon the first execution the Trojan horse copies itself to the windows directory and makes the OS start it whenever it restarts. Upon every execution the Trojan horse would open a particular port (a backdoor) for communication with the hacker. The Trojan horse would also send an email to the attacker telling him/her of the target's IP address every time the user (target machine) came online.
The number of Desi Mohalla hackers in Pakistan was on the peek in mid 1998 when anti-virus software's could not identify Trojan horses of even the most popular hacking software. Lack of awareness for firewalls allowed these kids to operate un-detected for the life of the operating system. However the trend dropped with newer operating systems having all ports blocked by default.
Script Kiddies
Normally seen at the underground IRC channels like #darknet in old days; these Script Kiddies like the Desi Mohalla hackers rely on already made material to carry out their objectives. Having Packet Storm and Security Focus on the top of their favorites list in their web browser; these juvenile kids make it a habit visit these sites every morning even before they brush their teeth; curiously waiting for new exploits and vulnerabilities to either secure their servers against attacks arising from them or to have the pleasure in carrying out their evil objectives.
A recent (7 th December, 2004) example of such an incident was the defacement of Picassa's home page (Maintained by Google Labs) by one of the script kiddies who used the “PHPbb2” (http://packetstormsecurity.org/0411-exploits/phpbb.php.txt) exploit published on Packet Storm in October, 2004. At the time of writing this article, at least half a dozen of such exploits were available on Pack Storm. Furthermore, exploits to vulnerabilities that still haven't been publicly announced are normally seen on these websites. Although, the web site owners of these security sites target the scripts towards helping system administrator secure their server, at the same time they disclaim the responsibility of these scripts going in the wrong hands (100% of the times they do).
These so called “ Script kiddies ” wearing black hats may sound like some frail toddlers like the former category, but beware! They can be extremely mortal for any organization if proper security precautions are not exercised. There have been cases when millions of dollars in loss was encountered just because your so called toddlers wanted to have fun.
It may be surprising to note that an increasing number of hackers internationally continue to be categorized under this category due to their use of the trouble-free available exploit code as compared to the elite hackers who spend day and night researching on new vulnerabilities and developing exploits for them. The former renowned hacking groups from Pakistan, namely the GForce Pakistan, Pakistan Hackers Club of Dr. Nuker and Mr. Sweet, Silver Lords along with literally millions of international hackers are categorized in this category to a soaring degree. The reason for the increased crave to categorize so many Pakistani as well as international hackers into this category is due to the fact that no one wants to re-invent the wheel and stress on reusability.
If a hacker knows of some vulnerability in a system and can locate an exploit for it; it's most probable that he/she would abandon the quest of finding newer holes and exploits and use the ready made exploit. According to Marc Rogers; a behavioral sciences researcher in Winnipeg, Canada, hackers have a common philosophy in which they misread the consequences of their activities; often defending their side announcing that it's actually a service to the world (Pakistani's in particular). With such goals, the script kiddies like GForce and Dr. Nuker are usually not concerned with the path they follow to reach their goal of defacing Indian, Israeli and American sites; often trying to figure out shortcuts to compromise the target machines. Not to forget, they do succeed!
If these black hats were active in the US or any other developed country, I wouldn't be surprised to know that they didn't last a day owing to the level of professionalism exercised by the countering teams when compared to the un-planned way these local script kiddies plan intrusions. However an immense difference in their maturity can still be distinguished from the Desi Mohalla hackers.
| Target Audience | Any vulnerable system they can get their hands on |
Cause |
A thinking of doing something for the society. Political, socio-economic or a religious cause |
They lack |
To find new vulnerabilities and the knowledge required to develop an exploit when vulnerability is found |
They have |
Basic programming skills (C++/Assembly/Computer Architecture) required to getting an exploit script or a proof of concept script running on a target machine. Also, are highly experienced in network programming and networking as a whole. |
Favorite sites and Tools:
- PacketStormSecurity.net
- SecurityFocus.org
- Zone-h.org
- Cert.org
- NetCraft.com
- Nessus
- Lan Guard
The primary difference among the Desi Mohalla Hackers and Script Kiddies is their target audience and the tools they use. Instead of fully relying on the tools listed above, these hackers make it a point to visit a few websites at least once or twice a day to keep their ammo full.
Elite Hackers
As the name suggests, the word “Elite” says it all. Yes these are the most endangered species not only in Pakistan but even on Planet earth. You would see their commented names on top most of the C++/Perl exploit code found with script kiddies and on popular hacking software they build. Finding vulnerabilities, coding tools and building exploits are just a few games these warriors are good at playing. But, rarely would you see the citizens of this group engaged in using their self developed weaponry to attack and bring down a target them selves.
In the case of white hats, they keep them selves so occupied in securing and testing their own networks with their research that they hardly get time to know anything else in the world. And in case they happen to be a black hat, they do take the pleasure in making the exploit, however they rarely use it them selves. Instead they release the code in public to have their servants do rest of the work. Following a public release of any exploit, the hungry fishes (the script kiddies), rush to fetch the code and start attacks through out the world. And hence, releasing the tool in the market becomes destruction by itself, as they know the script kiddies would take care of the rest.
If you would like to find some of these souls, let me tell you its not very easy. Somehow, you think you have become lucky in finding ones email address, go ahead try your luck, who knows you might some day get a reply. Typically, in the US these are the 1990 MIT/Stanford graduates that know every bit about the machines we use. However, in Pakistan you would have to work a little hard to come across these elite souls, but yes they do exist! Some of the elderly graduates of 1990 from institutes like the Karachi University and University of Sindh tend to have come somewhat close to this category. However, most of these elite hackers as we call them have taken up positions as Security Advisors or Network Administrators in prestigious organizations.
An example of black hat elites is the Indian Snakes that knocked down the Pakistan 's Official Website (pak.gov.pk) for more than 4 days in June, 2002. In their case, the hackers actually made a variant of the original “Yaha” and called it “Yaha.E”. The virus was responsible for just sending a ping to “pak.gov.pk” from each PC it infected and spreading it self just like any other virus through email and IM. Within 10-12 hours of release, the virus was responsible for knocking down pak.gov.pk using one of the most sophisticated Distributed Denial of Service (DDOS) attacks ever. Going through the history of uptimes for pak.gov.pk at Netcraft.com back in 2002, it was seen that at the time of the attack, pak.gov.pk was hosted with Comsats. And after the initiation of the attack, more than 8 hosting companies were changed in 3 days but none could wake pak.gov.pk. Finally as the virus spread decreased with virus definitions being made available to end users, the site was once again able to breath after a 4 days coma. It then woke up on a system running FreeBSD at “Pro Hosters L.L.C”. (Currently the site seems to be faking its OS identity by showing Microsoft IIS 5 on a Linux machine… lolz wait till Bill Gates sees this, http://uptime.netcraft.com/up/graph/?host=www.pak.gov.pk)
Although difficult to locate, but the Elite class also exists in Pakistan which are not to be seen by everyone and normally remain on a low profile in all their activities. In June 2001, it was believed that a tool to exploit the most popular vulnerability ever; the Unicode directory traversal in Windows 2000 was created and released on Packet Storm by a Pakistani hacker. With the Nimda and Code Red viruses yet to come, the script kiddies had the best time ever in the history of hacking during this period. The default installation of Windows 2000 with IIS was left vulnerable to the hands of script kiddies . Big companies like Amazon shifted from Windows to Linux during this period. To further fuel the fire no patches were available from Microsoft till November, 2001 making this the highest ever hacking spree in the history of Pakistan . And then with this new Unicode hacking tool out in the public, hardly any Windows based machine was left un-touched.
In both the cases, it may be seen that the elite hackers normally are focused on developing the tools and exploits for the hacks rather than doing the hacks them selves. Most of the times such exploits are later used in some of the most reliable network scanners like Nessus and Languard to strengthen the network security of servers and PC across the globe.
Target Audience |
New systems, finding new vulnerabilities and flaws in almost all OS and routers, devices etc |
Cause |
Network Security, Research, Job or to simply build a following from the script kiddies |
They lack |
The ability to do nothing and just sit to watch the world… |
They have |
Programming skills (C++/Assembly/Computer Architecture) required developing an exploit script or a proof of concept script. Also have the creativity and the ability to think outside the box to find new flaws. |
Good at networking, mostly an all-rounder…
Favorite Tools (compilers):
- Perl
- CGI
- GCC, Shell
- Visual C++
- Java
The Hackers, be it ethical (white hat) or an evil (black hat), they both climb the same ladder in their quest to learn the unknown. And in the end it's just a matter of how they use their knowledge.
References
http://www.eeye.com
http://www.securityfocus.org
http://www.cert.org
http://www.packetstormsecurity.org
http://www.attrition.org
http://www.sans.org
http://www.defcon.org
Chowk
http://news.bbc.co.uk/1/hi/technology/3257165.stm
http://tlc.discovery.com/convergence/hackers/articles/psych.html
http://www.wbglinks.net/pages/history
//By Yasir Suleman Memon
//Published in Spider Internet Magazine (Janurary, 2005)
