Name: Hacking the Hacker
Rating: 4 (1 reviews)
Author: Roger A. Grimes

In this book, top ethical hackers discuss advanced persistent threats, public key encryption, firewalls, hacking cars, tools and techniques, social engineering, cryptography, penetration testing, network attacks, advice for parents of young hackers, the Code of Ethical Hacking, and much more.

Hacking the Hacker

Get things done, faster. Learn Agile/Scrum, Project Management, Freelancing and Outsourcing.

Workflow

Hacking the Hacker: Learn from the Experts Who Take Down Hackers

Preface

Many years ago, I moved into a house that had a wonderful attached garage. It was perfect for parking and protecting my boat and small RV. It was solidly constructed, without a single knot in any of the lumber. The electrical work was professional and the windows were high‐quality and rated for 150 mph winds. Much of the inside was lined with aromatic red cedar wood, the kind that a carpenter would use to line a clothing chest or closet to make it smell good. Even though I can’t hammer a nail straight, it was easy for me to see that the constructor knew what he was doing, cared about quality, and sweated the details.

What Type of Hacker Are You?

The most enjoyable career activity I do is penetration testing (also known as pen testing). Pen testing is hacking in its truest sense. It’s a human against a machine in a battle of wits. The human “attacker” can use their own ingenuity and new or existing tools as they probe for weaknesses, whether they be machine‐ or human‐based. In all my years of pen testing, even though I am usually given weeks to conduct a test, I have successfully hacked my target the majority of the time in around one hour. The longest it has ever taken me is three hours. That includes every bank, government site, hospital, and corporate site that has ever hired me to do so.

How Hackers Hack

Bruce Schneier

In the computer world, social engineering can be described as tricking someone into doing something, often detrimental, to themselves or others. Social engineering is one of the most common forms of hacking because it is so often successful. It’s often the most frustrating for the defender because it cannot be prevented using technology alone.

Social Engineering

Kevin Mitnick

Software vulnerabilities are susceptible weaknesses (i.e. “bugs”) in software, often from exploitable flaws written by the 6eveloper or inherent in the programming language. Not every software bug is a security vulnerability. The bug must be exploitable by an attacker to become a threat or risk. Most software bugs cause an operational issue (which may not even directly manifest themselves to the operator) or even cause a fatal interruption to processing but cannot be leveraged by an attacker to gain unauthorized system access.

Software Vulnerabilities

Michael Howard is infectious. He’s a great educator, an energetic speaker, and after nearly 20 years is as passionate about his computer security specialty, secure code, as he was in the beginning. It’s hard to be around him more than a few minutes without you wanting to help make the world more secure one line of code at a time. He first gained worldwide notice for co‐authoring Writing Secure Code ( https://www.amazon.com/Writing‐Secure‐Code‐Michael‐Howard/dp/0735615888 ) along with David LeBlanc and for being a significant part of the reason why Microsoft is hugely dedicated to writing more secure code. Howard, originally from New Zealand but now living in Austin, TX, has co‐written several books on writing more secure code and is a frequent blogger.

Profile: Michael Howard

When I called up Gary McGraw for an interview, he told me he just got through talking to a Catholic monk who was walking near his Shenandoah River property in Virginia. Within seconds he was talking about the intricacies of computer security. These sorts of otherwise unnatural paradoxes have been with McGraw his whole life. He started programming on his first computer, an Apple II+, in 1981, at age 16. He ended up going to college for an undergraduate degree in philosophy, and along the way became a classically trained musician. He even played twice at Carnegie Hall. Today, along with being one of the world’s best computer security experts, he loves to cook, garden, and mix new cocktails.

Profile: Gary McGraw

When I first started in computer security back in 1987, it was malicious programs (malware) that first caught my eye. The first computer viruses (for example Apple’s Elk Cloner and Pakistani Brain) were just showing up, although Trojans and worms had been around longer. Computer viruses were so unknown and almost rare that popular media pundits declared them to be hoaxes. That was until entire companies were taken down by them, and this was before the Internet was the Internet. Back then, computer malware spread via phone dial‐up bulletin boards and hand‐to‐hand as people copied each other’s software (both legally and illegally). Malware is still one of the most popular hacking methods.

Malware

I met Susan Bradley over 15 years ago, when I was selected as one of Microsoft’s early Most Valuable Professionals. The Microsoft MVP, as it’s known, is awarded to independent community leaders who show expertise in one or more Microsoft technologies and have broad interaction with end‐users, such as writing a regular blog, newsletter, or column. It was clear early on that Bradley was an MVP of MVPs. She is super smart, hard‐working, and forever helping not just end‐users, but MVPs. (We’re end‐users, too.) She was originally awarded her MVP in 2000 for Microsoft’s now discontinued Small Business Server (SBS) product, but she has broad and deeply technical Windows expertise. The annual MVP ( https://mvp.microsoft.com/en‐us/PublicProfile/7500?fullName=Susan%20Elise%20Bradley ) she has continued to get continually every year since is known as the Cloud & Datacenter Management MVP.

Profile: Susan Bradley

No one knows everything about Microsoft Windows. It’s tens of millions of lines of code. But for more than two decades, Mark Russinovich has come close. He’s the Chief Technology Officer of Microsoft Azure. C‐level officers (CEOs, CIOs, and so on) of companies are rarely people that still grok technology at the deepest levels, but Russinovich does. Rarely is there a smarter person in the room or someone who knows more about a feature. He’s very happy to be looking at code. I told him this during our interview, and he replied, “The details of the technology is what keeps me going!”

Profile: Mark Russinovich

Much of the underlying technology that makes the rest of computer security work involves cryptography. Cryptography has been around for eons, and it will be around long after we leave planet Earth for other hospitable planets. Personally, cryptography is the computer security genre that I love the most, even though after nearly three decades of being a crypto‐hobbyist I don’t consider myself a cryptography expert.

Cryptography

One of the things I’ve learned when talking to the best people in a particular field is that they tend to be good at multiple things. They aren’t just good at the thing for which they are known. They usually have intense hobbies they are obsessed with and are trying to “hack” a lot of problems, many of which have nothing to do with why they are famous. Martin Hellman, one of the original creators of public key cryptography, is a great example. While still being one of the world’s best cryptographers and thinking about how to solve the latest cryptography problems, he’s also a guy who likes to soar gliders, improve marriages, and stop nuclear wars … not necessarily in that order.

Profile: Martin Hellman

Intrusion detection is the art of detecting unauthorized activity. In the computer world, it means detecting unauthorized connections, logons, and resource accesses, or attempts at the same. Intrusion detection is part of the reason why nearly every computer device has an event‐logging system. The two have been forever linked since James P. Anderson’s groundbreaking 1980 paper called “Computer Security Threat Monitoring and Surveillance” ( http://csrc.nist.gov/publications/history/ande80.pdf ).

Intrusion Detection/APTs

Over the decades, I’ve come to believe that one of my few special talents in the world of computer security is detecting malicious hackers and their activities. I’m able to see a potential hacker threat and then figure out how that threat could be detected better and earlier to generate alerts. I still think I can do it better than anyone in the world, but for a while I felt like I had some original thinking on intrusion/anomaly detection. I even sort of got a big head about it. Then I found out about Dr. Dorothy E. Denning’s seminal IEEE paper on real‐time intrusion detection expert systems ( https://users.ece.cmu.edu/~adrian/731‐sp04/readings/denning‐ids.pdf ). It covered everything I thought I was doing original thinking on, except Dr. Denning wrote her paper in 1986, long before my own “discovery.”

Profile: Dr. Dorothy E. Denning

I’m a long‐time, big curmudgeon about almost all computer security products. It’s hard to be anything else after seeing malware and exploitation seemingly get easier over two decades, especially with almost every new security product failing to meet its initial hype. I get paid to review computer security products for a living, and I often get pitched as many as twenty new products a day. If I see one product a year that seems like it might actually do what it says it can do and might have a significant impact on reducing risk, I get ecstatic. I often go years without seeing a capable, interesting product. My criticism often applies to my employer’s products as well.

Profile: Michael Dubinsky

Firewalls are a great example of technology being a victim of its own success. Firewalls have worked so well at defending computers for three decades that the threats they were created to prevent have almost stopped even being tried. The bad guys are giving up! At least on those types of threats. Some experts have even argued whether firewalls are even necessary anymore, but most believe that firewalls, like anti‐malware scanners, are an essential item in anyone’s computer security base configuration.

Firewalls

As discussed in the previous chapter, William Cheswick is one of the original creators of the modern‐day firewall. He took over the management of the first documented firewall, invented the circuit‐level firewall, and if you say the word “proxy” in your computer security life, you have him to thank. Cheswick has more than a dozen patents and co‐wrote the first definitive book on firewalls, Firewalls and Internet Security: Repelling the Wily Hacker ( https://www.amazon.com/Firewalls‐Internet‐Security‐Repelling‐Hacker/dp/020163466X ) with Steven Bellovin in 1994. I was into firewalls before reading that book, but his book taught me much of what I know about firewalls today, and a dog‐eared version of it was on my office bookshelf for nearly two decades.

Profile: William Cheswick

I have been intrigued by computer security honeypots ever since I read Clifford Stoll’s 1989 book The Cuckoo’s Egg ( https://www.amazon.com/Cuckoos‐Egg‐Tracking‐Computer‐Espionage/dp/1416507787/ ), with his identification and capture of a foreign spy. Since then I’ve run up to eight different honeypots at a time tracking malware and hacker behavior. I’m frequently involved in professional honeypot projects, and I even wrote a book on them called Honeypots for Windows ( https://www.amazon.com/Honeypots‐Windows‐Books‐Professionals/dp/1590593359/ ). I believe that all companies should include one or more honeypots in their defenses.

Honeypots

“ Nothing makes me more frustrated than when a security geek says ‘you can’t patch stupid’”—Lance Spitzner

Profile: Lance Spitzner

Hacking passwords has always been a popular activity for cyber attackers, although the newer methods have evolved from simple password guessing. The Hollywood notion of the hacker is someone who sits in front of a logon screen and simply guesses the correct password out of thin air. Although this does happen, it is fairly rare. Real password hacking usually involves a lot more guesses or no guessing at all.

Password Hacking

Dr. Cormac Herley is an unintentional disruptor. He says things that challenge long‐standing dogma, which not everyone wants to hear, especially if they’ve invested millions of dollars and decades of resources into doing the exact opposite for years. Dr. Herley uses data mining to seek the truth. He’s even well aware that some of his contrarian views, backed by data, may take a decade or longer before people will even listen.

Profile: Dr. Cormac Herley

Today’s computing world works on wireless networking. It’s a rarity that anyone plugs in a network cable to their desktop or laptop computer, and no one does that for their cell phones and other computing devices, even though the wired world is faster and more secure. It is a wireless world—a world that hackers are constantly attacking.

Wireless Hacking

The previous chapter covered wireless hacking, and no one in the wireless hacking computing community is more respected than Belgium‐born Thomas d’Otreppe de Bouvette, the creator of Aircrack‐ng ( http://aircrack‐ng.org/ ). Composed of 16 different programs, Aircrack‐ng is the most popular, free, Wi‐Fi security‐auditing tool suite. D’Otreppe de Bouvette first released Aircrack‐ng in February 2006. Today, every Linux hacking distro includes it by default, and if you want to do wireless hacking or auditing, you probably either use Aircrack‐ng or used it before you paid for some commercial product that does similar things. Aircrack‐ng is so popular that it shows up in TV shows and movies ( http://aircrack‐ng.org/movies.html ) that are trying to realistically portray their actor as an uber‐cool wireless hacker. D’Otreppe de Bouvette has also created and released a wireless intrusion detection program called OpenWIPS‐ng ( http://www.openwips‐ng.org/ ).

Profile: Thomas d&rsquo;Otreppe de Bouvette

This chapter covers the requirements that make a hacker a legal, professional penetration tester, plus other hints that can help any pen tester’s career. In addition, I cover the most sought‐after certifications.

Penetration Testing

Riding in Aaron Higbee’s car is an experience only familiar to car tech geeks and ingrained engineers. He has enough externally connected computer equipment and gauges hooked to his car’s CPU brain and engine to easily qualify it as a car in a Back to the Future prequel. Those of us who have known him for a few years are not surprised. Higbee rarely does anything halfway. He’s either all in and fully enmeshed or not interested. It’s obvious that the “play hard or go home” motto plays a big part in his life.

Profile: Aaron Higbee

At 25 years old, Benild Joseph, from the Bangalore region of India, is one of the youngest people profiled in this book. But in his short career of only 8 years (as of our interview), he has built quite a track record for himself, and he diligently works to improve the computer security of his home country and region. He specializes in web application security and has discovered critical vulnerabilities in many popular web sites including Facebook, AT&T, Sony Music, BlackBerry, and Deutsche Telekom. Suffice it to say that he has distinguished himself. At present, he is the Chief Executive Officer for “Th3 art of h@ckin9,” part of the International IT Security Project (an initiative with support of the government of India) as well as acting as a board member of the Information Systems Security Association (ISSA) of India. He is listed as a “Top 10 Ethical Hackers in India” by Microsoft Social Forum and was named as one of “India’s 8 Most Famous Ethical Hackers” by Silicon India magazine. He frequently writes and teaches.

Profile: Benild Joseph

You can think you have the best computer security only to have your false sense of security taken away by matters beyond your control. Welcome to distributed denial of service (DDoS) attacks. What originally started as a single hacker overwhelming a server by sending way more traffic than it could handle has turned into an escalating war of multiple layers and dependencies, sent by groups and professional‐looking service providers. Today’s massive DDoS attacks often involve Internet‐connected home devices and send hundreds and hundreds of gigabits of malicious traffic per second. DDoS attacks are committed for many reasons, including revenge, exhortation, embarrassment, political purposes, and even gaming advantages.

DDoS Attacks

Brian Krebs opened his front door in the middle of preparing for a small dinner party only to be greeted by a S.W.A.T. team, complete with black tactical gear, assault rifles, and shotguns pointed at him. After they screamed at him not to move and frisked and handcuffed him, Krebs realized this was yet another day in his battle against hackers as the world’s premier Internet crime reporter and investigator. He has been diligently fighting spammers, skimmers, and hackers of all varieties for more than a decade. He has been part of several investigations and raids that have resulted in those same hackers losing millions of dollars and being arrested. In retaliation, hackers have sent all sorts of illegal contraband, including drugs and forged currency, along with multiple death threats to him and his family. A great recap of the SWAT incident can be found here: http://arstechnica.com/security/2013/03/security‐reporter‐tells‐ars‐about‐hacked‐911‐call‐that‐sent‐swat‐team‐to‐his‐house/ .

Profile: Brian Krebs

One of the most popular computer security jokes with multiple punchlines is, “If you want a secure computer, then:

Secure OS

Polish citizen Joanna Rutkowska came on the world’s computer security scene in a dramatic way. She announced in 2006 ( http://theinvisiblethings.blogspot.com/2006/06/introducing‐blue‐pill.html ) the ultimate rootkit malware program. A rootkit is a malware program that modifies the operating system in order to better hide from the operating system and any program using it. Rutkowska had discovered a method whereby a malicious program could hide in such a way that it could not be easily discovered by any known method, even if you knew about the malicious program and that it was on the operating system. She called her idea the “blue pill.”

Profile: Joanna Rutkowska

One of the sad facts of the computer security world is that even though everyone acts as if having safe and reliable computing is THE most important base feature to have in a computer, that really isn’t true. Users are far more interested in having the latest, cool, gee‐whiz feature, computer security be damned! Vendors and developers that spend too much time on security end up getting beaten to market by their competitors. Designers who make their devices and applications too secure end up being out of a job. You can architect security into a product as long as it doesn’t bother the customer, and that’s a difficult thing to do.

Profile: Aaron Margosis

In Chapter 2, “How Hackers Hack,” the various ways attackers try to exploit a computing device were discussed. These included physical attacks, zero‐days, unpatched software, social engineering, password issues, eavesdropping/man‐in‐the‐middle attacks, data leaks, misconfiguration, denial‐of‐service, user errors, and malware. All of these attacks can be accomplished on either the computing device itself or the network connecting to the computing device.

Network Attacks

Scientists say that if we ever meet an alien civilization the likely language used to communicate will be math, because math is the only truly universal language that is likely to be understood by advance civilizations. To understand what is going on with a networked computer, the only true way to understand it is to sniff the network. No one does that better than Laura Chappell. She is like Dr. Louise Banks (played by Amy Adams) in the 2016 movie Arrival or Dr. Ellie Arroway (played by Jodie Foster) in the 1997 movie Contact . She’s very intelligent, focused, especially good at what she does, and respected by her peers.

Profile: Laura Chappell

The world of computers is no longer just computers. It’s cars, houses, televisions, refrigerators, toasters, glasses, wristwatches, sneakers, lights, baby monitors, medical devices, and almost any other object that some salesman thinks will appeal to buyers more if it had a computer or sensor in it. Most of these items are connected to the Internet and have an Internet Protocol (IP) address. It’s known as the Internet of Things (IoT). Unfortunately, many, if not most, IoT devices are very insecure and can be successfully hacked—some quite easily.

IoT Hacking

Most people who recognize Dr. Charlie Miller’s name and his work know him as part of a hacker duo who can completely remotely control your car like a kid’s toy. For a few years if you saw a news report about hackers making a car or Jeep suddenly speed up or even run off the road, remotely, it involved Dr. Miller. A Wired magazine author described his experiences ( https://www.wired.com/2015/07/hackers‐remotely‐kill‐jeep‐highway/ ) with Dr. Miller and his partner in crime, Chris Valasek.

Profile: Dr. Charlie Miller

I was a guy who hated policies and procedures. I had no use for paperwork. All it does is slow you down. Or so I thought.

Policy and Strategy

As the previous chapter discussed, you cannot obtain real, long‐lasting computer security without policies and strategies. Some of the “invisible” heroes of computer security are the people who drive corporate and global computer security strategies. Jing de Jong‐Chen, Partner and General Manager, Global Security Strategy, Corporate, External and Legal Affairs Division at Microsoft, has devoted her professional life to pushing for better and more global interoperable computer security standards and cyber policy harmonization. She also serves as vice president of the Trusted Computing Group (TCG), a non‐profit, international, industry standards organization focusing on security technology innovations. She is a board advisor of the Executive Women’s Forum, an organization dedicated to promoting women in the security, privacy, and risk management professions. In addition, de Jong‐Chen serves as an advisor to the Digital Futures project of the Woodrow Wilson Center, which champions technology thought leadership to shape public policy development. She received the “Women of Influence Award” from the Executive Women’s Forum in 2014 for her professional contributions to cybersecurity. She holds a master’s degree in business administration and a bachelor of science degree in computer science.

Profile: Jing de Jong‐Chen

Threat modeling is the process at looking at all the significant and likely potential threats to a scoped scenario, ranking their potential damage in a given time period, and figuring cost‐effective mitigations to defeat the highest‐priority threats. Threat modeling is used in all sorts of industries and in our particular case planning computer security defenses. Threat modeling is used in the security development lifecycle (SDL) efforts when programming and reviewing software and across computer devices and infrastructure. Only by using threat modeling can a defender quantify threats, risks, and mitigations, and compare the implemented plan against the reality of what occurs.

Threat Modeling

One of my first encounters with Adam Shostack was at Microsoft when he was driving a new way of thinking around a type of problem. In this specific case, it was how to defeat the Conficker worm ( https://en.wikipedia.org/wiki/Conficker ). Conficker was a particularly nasty malware program that first appeared at the end of 2008. It had several ways of spreading (such as “vectors”), including guessing at weakly password‐protected file shares, a desktop.ini trick, patched software vulnerabilities, and via USB drives using Windows’s built‐in Autorun feature. Conficker was infecting millions of machines a year and was showing no signs of abating. Anti‐malware vendors were readily detecting it and Microsoft had put out several articles on how to stop it from spreading, but it was still prolific.

Profile: Adam Shostack

One bit of advice that has been consistent from almost every person profiled in this book is their belief that more and better computer security education is needed. No one thinks that any perfect technology solution will become available any time reasonably soon that will preclude people needing to be aware of computer security threats and how to handle them. Some computer security “experts” claim that it’s a waste of time trying to educate end‐users, but most serious security professionals know that education for end‐users and staff can only help.

Computer Security Education

I’ve known Stephen Northcutt for almost 20 years. He’s not only a vital part of the incredible computer security training organization, the SysAdmin, Networking, and Security (SANS) Institute, but he’s an indispensable person if you’re trying to locate a particular industry luminary. I don’t know how many times in my writing career that when I needed to speak to someone all I had to do was call Northcutt and he set up the introductions. Sometimes it seems he has met, and impressed, nearly everyone.

Profile: Stephen Northcutt

Many people, including the author of this book, believe that personal privacy, especially in digital age, should be a guaranteed, innate right of all human beings. Unfortunately, much of our digital and financial privacy is long gone. Internet search engines, online advertisers, and software vendors often know more about you than anyone besides yourself. A few years ago, an enraged parent visited Target because the store’s marketing department was sending unsolicited ads for baby supplies to his teenage daughter. He eventually had to apologize when he learned Target knew more about his daughter than he did ( http://www.forbes.com/sites/kashmirhill/2012/02/16/how‐target‐figured‐out‐a‐teen‐girl‐was‐pregnant‐before‐her‐father‐did/#d84bcce34c62 ).

Privacy

You’ve got to love a person who likes computers and cybersecurity and spends their free time hanging out performing aerial acrobatics at circuses for a hobby. The Electronic Frontier Foundation’s ( https://www.eff.org ) Director of Cybersecurity, Eva Galperin, is such a person. Working for EFF since 2007, she became their Director of Cybersecurity in 2017. Prior to EFF, she earned degrees in political science and international relations from San Francisco State University. Her work primarily focuses on providing privacy, free speech, and security for everyone around the world, along with examining malware that threatens the same. Galperin is now known around the world for her work in the field, writing about the malware she has come across, and speaking at security conferences like BlackHat ( https://www.blackhat.com/us‐16/speakers/Eva‐Galperin.html ).

Profile: Eva Galperin

Every day, millions of web sites and emails contain links to malware known as “exploit kits.” Malicious programmers (or programming teams) create exploit kits and then use them or sell them. An exploit kit usually contains everything a wannabe hacker can need in the exploit cycle, including 24∞7 technical support and auto‐updating to avoid getting caught by antivirus scanners. A good exploit kit will even find and maliciously modify otherwise innocent web sites to ensure it gets executed whenever visitors browse to the infected web site. All the attacker has to do is buy the kit, execute it, and send it along its way to find victim web sites.

Patching

Mwende Window Snyder has worked for a who’s‐who of industry powerhouses. Early on she worked at @Stake as the Director of Security Architecture. @Stake was a great vulnerability‐finding and computer‐security company that generated or acquired more than its fair share of computer superstars. It was eventually acquired by Symantec in 2004. Snyder went to work for Microsoft in 2002 and was a senior security strategist in the Security Engineering and Communications group. She was a contributor to the Security Design Lifecycle (SDL) and co‐developed a new methodology for threat modeling software. She also was a security lead on Microsoft Windows XP Service Pack 2, which was basically Microsoft’s first serious attempt at a secure‐by‐default operating system, and Windows Server 2003. She managed the relationships between security consulting companies and Microsoft and was responsible for its computer security community outreach strategy.

Profile: Window Snyder

I failed high school English—twice. In grad school, while doing a hospital administration internship, the writing of my first corporate report was so bad that the boss questioned out loud our nation’s entire education system. When I occasionally re‐read that report to remind me of where I started, it physically hurts me. Almost 30 years later, I’ve authored or co‐authored nine books and nearly 1000 national magazine articles on computer security, and I’ve been the InfoWorld magazine computer security columnist going on 12 years. All thanks to my brother (the first and best real writer in the family), my personal perseverance, and a slew of quality editors.

Writing as a Career

I’ve been a technical computer security journalist for almost 30 years. While I’m not the best writer, I do consider myself one of the better technical writers, in that I live and breathe my subject. When I read other computer security writers’ work, I don’t usually learn much. That changed when I was introduced to a new writer at InfoWorld magazine by our Editor‐in‐Chief, Eric Knorr. Eric was very excited about hiring her and I soon knew why. Like computer security journalist Brian Krebs (profiled in Chapter 29), Fahmida Y. Rashid is an incredible computer security researcher, although in a different way. I’ve yet to read a single article of hers where I do not learn something new. She groks her subject in a way that continues to surprise me for someone who isn’t doing computer security as their day job. She really understands the technical details and is able to ferret out the “BS” better than anyone in the game. She occasionally sends me technical questions about something she doesn’t understand, to which I almost always reply “I don’t know either,” but a few days later after more research, she is publishing an easy‐to‐understand explanation. She finds her answers somewhere.

Profile: Fahmida Y. Rashid

NOTE Some of this chapter originated from an article I wrote in 2016: “11 Signs Your Kid Is Hacking and What to Do About It” ( http://www.infoworld.com/article/3088970/security/11‐signs‐your‐kid‐is‐hacking‐and‐what‐to‐do‐about‐it.html ).

Guide for Parents with Young Hackers

If you do an Internet search for “hacker ethics,” you are more likely to find a glamorized version of so‐called “hacker rules” that embrace the idea that hackers can do anything they want, even perhaps without limits, in the pursuit of whatever they want. Best‐selling author Steven Levy’s 1984 book, Hackers: Heroes of the Computer Revolution ( https://www.amazon.com/Hackers‐Computer‐Revolution‐Steven‐Levy/dp/1449388396/ ), introduced the world to one of the earliest versions of hacker ethics ( https://en.wikipedia.org/wiki/Hacker_ethic ). In a nutshell, almost word for word, it said the following:

Hacking the Hacker

Details

Description

Creator

Roger A. Grimes

Content

Reviews

Frequently Asked Questions

Hacking the Hacker