Monday, November 14, 2005

Hacking Art or Science

By Mark Hinge (Thu, 29 Sep 2005 21:40:00 +0100) 1. Introduction

The argument regarding the principal nature of hacking - be it an art or a science is not a new one. This paper hopes to discuss both the meaning of the term “hack” and the underlying arguments for it being defined as an art or a science in reference to the base principles and basic methodologies of the discipline.

Ultimately the question is this: Does the creative thinking required to be a successful “hacker” outweigh the necessity for scientific process?

The dictionary [] defines the term “hacking” in a computer security context as:

1. Informal.
a. To write or refine computer programs skilfully.
b. To use one's skill in computer programming to gain illegal or unauthorized access to a file or network: hacked into the company's intranet.
The origin of the term however is a far more relevant issue than the “dictionary” definition itself – as is the subsequent media bastardisation of the exact definition of the term, all of which needs to be discussed before moving on to the main topic of this paper.

2. The Definition Of A Hacker

The term “hacking” in a computer science context was first coined in the 1960’s – and its continuing extended usage widely attributed to localised Massachusetts Institute of Technology (MIT) slang at the time, where in the very beginning the term “hack” was synonymous with the word “prank”. An early indication of the darker side of future hacking perhaps but never the less in reference to this origin “hacking” could basically and simply be defined as;

“Making a system, program or piece of hardware do something that it was not designed to do.”

Perhaps a good term to some up the meaning of “hacking” is “tinkering”. Under this broad definition it’d be quite possible to “hack” the toaster into cooking hotter than it was designed to do, or anything else as mundane; the description of the hardware modification involved would fall well within the constraints of the term – a good hack. With the exception of the rather circumstantial, not to mention retrospectively amusing ‘seed’ in the “prank” origin of the term; hacking previous to perhaps the early to mid 1980’s had no real demonised undertones, no media generated air of menace – all of which such additions and confusions of the definition have emerged as commerce and relatively un tech savvy and uneducated parties have had by nature of the changes in day to day life become more involved with areas of computer science and information technology in general, areas which at the origin of the term hacking were quite alien to the man on the street.

As touched upon briefly above, the mass mainstream media have given the term “hacking” a rather hard time since it’s initial outing in 1983 when American media outlets Newsweek and CBS News first used the term to refer to “computer intruders”. Although at this point even those in the computer community referred to such activity as "hacking" they surely did not intend for its usage to intone the purely illegal areas of wider “hacking” – areas that would later to be coined widely as “cracking” by the same underground community.

The upshot of this initial ‘definition by fire’ is a simple misunderstanding of the wider meanings of the term “hacking” by the mass media which perpetuates to this very day. While the educated underground community largely still consider the term “hacking” to be representative of the initial meaning of the phrase (ie. “making a system, program or piece of hardware do something that it was not designed to do”) the media have steamrollered the definition into focusing, for the most part, on ‘illegal entry into computer systems’. A small part of the broad definition of “hacking” which generally (perhaps largely due to the media bastardisation of the term “hacking”) is now referred to as “cracking” by the underground community at large.

The differences between the terms could perhaps be defined as:

Hacking: Making a system, program or piece of hardware do something that it was not designed to do.

Cracking: Gaining access to a system, program, server or piece of hardware via methods which bypass any security in place or give the ‘cracker’ inflated privileges within the targeted system, program, server or hardware.

The arguments about definition and scope of the term “hacking” aside, the important fact (in terms of this paper) remains that as far as the wider population are concerned “cracking” is either synonymous with the term “hacking”, or irrelevant in the face of the term “hacking”. To the man on the street “the hacker” has become an evil figure lurking in dark cellars surrounded by computer screens ready to steal credit card details online or deface websites – the media bastardisation is at this time complete and this is something the underground community now have to live with; not to mention a prime candidate for future more careful use of language both by specialised communities and the media who always eventually pick up on the slang used by such specialised communities.

Despite this, and as a historical lead on to the rest of this paper it is very interesting to note that the original definition of the term could also be applied to another group of individuals within society who have not been so demonised. Think carefully:

What are scientists doing if not making a system, program or piece of hardware do something that it was not designed to do? Where system, program or piece of hardware equals any area of science brought into question. This concept will be explored further later.

It is this comparison – between hackers and early scientists - which inspired this paper. Is original science just a retrospective redefinition of “hacking” – that is to say could the 1960’s term hacking be used to describe the thinking process behind the scientific revolution? Were the goals and methodologies of the original scientists similar in essence to those of the original “hackers” and does this suggest that “hacking” as we know it (be it art or science) is the first step along the road of discovery in terms of newly discovered disciplines?

Did those original hackers at MIT just design a slang term for the process of early developmental science? Personally, I think they probably did.

Conversely and moving onto the fundamental topic for this paper, despite it’s apparent similarities with the early stages of science is “hacking” in fact more of an art form than a true science; does the experimental and non-linear nature of “hacking” have more in common with artistic exploration than scientific process?

3. Basic “Hacking” Methodologies

From here on in, and having discussed at length the fate of the word “hacking” at the hands of the mass media, the phrase will now be used on that same media’s terms; “hacking” will now essentially become “cracking” also – this to save on later confusion and arguments as regard the meaning of the word in the context of this paper.

In essence the basic method for a “hack” can be defined fairly simply. The process, although never defined definitively, can be quite linear in it’s execution:

1. Approach a target.
2. Define possible attack vectors for acquired target.
3. Select most efficient attack vector.
4. Execute attack.

Although being mainly in reference to “Cracking” the above method can equally be applied to most if not all forms of ‘traditional’ hacking. Find a problem, find ways around the problem, choose the most efficient way around the problem; execute the hack. The nature of the “hack” makes no difference.

And although on occasion “hackers” may stray from this process, perhaps into the realms of what can be defined as “Voodoo Hacking” – a fun system which has no real process and is basically executed at random with the hope of producing at least some result, that result being the one you were striving to achieve or, in most cases, not.

As with the initial argument this very examination of the process has presented us with two sides of the coin; a very scientific approach and a random perhaps more artistic approach – both methodologies which all “hackers” have used at one stage or another during their own personal learning process I am sure.

But which is most representative of the overall tone of the discipline?

4. The Argument For Science

The mentality of curiosity necessary to succeed in scientific research is certainly equitable to that which is needed to succeed as “a hacker”, and although on the face of it making something “do that which it was not intended to do” is essentially unscientific - as mentioned earlier on in this paper some comparison can be drawn between that very foundation of “hacking” and scientific endeavour.

When the Wright brothers set out to create a flying machine, they were essentially setting out to make a solid object incapable of natural flight, fly; what real difference between that and our defined terms are there?

History is littered with such examples.

The existence of various patterns and the factor of, all be it non definitive, ‘set rules’ in the realms of “hacking” also makes it similar to conventional sciences on a fundamental level; no matter how many vulnerabilities and exploits we may find on, for example a Linux server, ultimately it is still a Linux server and still operates upon the set of rules that Linux servers operate upon; there are exceptions and later additions to these rules in terms of perhaps patches and discovered vulnerabilities’, but this process of discovery and amendment is no different to the process of scientific theory which are, from time to time, discredited, rethought or amended as we better our understanding of the subject matter.

Going as far as to put all of the above aside for a moment, the main argument for hacking being a scientific endeavour is as simple as a set basis from which to work. No matter what is being “hacked” it will without exception have a fundamental set of rules from which you can initially begin to work down “the hacking process” (as discussed earlier in the ‘Basic “Hacking” Methodologies’ section). You cannot “hack” thin air – you can create art from thin air.

5. The Argument For Art

A love of “hacking” (not to be confused with a love of the scene, which is something else entirely) is commonplace amongst self proclaimed hackers and professional Infosec workers alike. It’s true to say that unlike any other topic known to me the area of computer security requires a certain passion; one that many “hackers” would argue outweighs the passion required to participate successfully in any other technical activity – indeed a required passion is a trait “hacking” shares with many of the arts in stark contrast to the sciences.

Second to this is the indisputable fact that despite the existence of any rudimentary scientific process, creativity is without a doubt the key to success in hacking; more so than with any other conventional science. Thinking “outside the box” is the norm when discussing “hacking” issues; not a convoluted buzzword designed to inspire artificially fostered creative thinking.

Equally and again despite the theoretical existence of rudimentary scientific processes, patterns and rules within the realms of hacking it is often the case that these rules, more so than with only scientific discipline can be bent or even flat out broken. “Hacking” is a very mobile art in which definitions and rules change on a constant basis – so much so that it is still possible to achieve some levels of success without even being aware of said theoretical processes, patterns and rules in the first place (the afore mentioned ‘passion’ in some cases being enough) – a simple fact that makes “hacking” instantly very different from conventional sciences in which a base knowledge of the subject is crucial.

The question of style is always likely to float to the surface sooner or later when discussing hacking and it’s artistic or scientific definition. A hacker’s style and indeed the very substance of his work is almost always different from his peers. Two targeted hacks (not to be confused with script kiddie adventures) are rarely ever identical, and even less likely embarked upon with the same motive; it has been suggested that tracking repeat hackers (in particular those who deface websites) by their style (ie. choice of attack vector, time of execution, style of defacement and apparent motive) could prove an efficient way to ascertain a black hat’s future targets and even gather incriminating evidence against them. This is perhaps the most damning argument for hacking having become more of an art form than a science, could you claim the above for any conventional scientific discipline?

Or is it simply the case that in conventional science the rules are too rigid to allow for any real “style” in process?

6. Conclusion

All of the above is of course, just my opinion. The beauty of this argument is not only the depth at which you can draw comparison, especially historically – but the fact that ultimately it does not really matter.

From it’s origins in the 1960’s (and perhaps as discussed earlier in this paper, beyond) to this very day hacking has become an evolving activity. Hacking and “what constitutes hacking” changes, and by doing so incorporates both new levels of scientific method and artistic creativity.

The conclusion to this paper is simply a couple of questions which must be answered by the individual:

• Can a scientist be artistic with his chosen discipline?

• Are you an artist or a scientist?

Personally I’d like to think that a hacker can be artistic in his work while being more of a scientist than anything else. But, it’s all just opinion, what’s yours?

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.