Note:  The term "Hacking" has become associated with the process of gaining unauthorised access to computer systems.  The original meaning was very different - and there are many who wish that the media had not corrupted it - but I am not going to debate this issue here.  "Hacking" will therefore be used in its more popular meaning in this writeup.  See Am I a Hacker? for more soul searching desperation.


Vunerabilities

Security experts are often finding vunerabilities in software. When abused, these "vunerabilities" create a security risk - usually either by allowing the abuser to gain elevated access to computer systems, or to hamper or prevent other users' access to computer systems (denial of service).  These security experts post details of their newfound vunerabilities to security mailing lists.  This is so other experts can examine them, and hopefully devise a soloution - usually in the form of a unofficial patch or official upgrade.  BUGTRAQ is the most popular of these security mailing lists.

Exploits

With the information provided by these vunerability reports, programmers can write programs to "exploit" the vunerability.  These exploits are written for a number of reasons.  They can be written to test whether a system set-up is succeptable to a specific vunerability.  They can be written to research the technical details of the vunerability, and to possibly expose further vunerabilities.  Of course, they can also be written with the malicious intention of exploiting the vunerability for illegal purposes.  It is important to note that, whatever the original intention of the programmer, exploits often get used for purposes other then which the programmer had in mind.

The technical challenge in writing an "exploit" is dependant on the amount of information available on the vulnerability, and the nature of the vunerability itself.  Some vunerability announcements provide little information on the vunerability in question.  This is generally considered a bad thing by the security community - see security via obscurity.  Some vunerabilities are very easy to exploit and do not require any programming at all - simply typing a few lines in the URL window of a browser will suffice.  Other exploits require indepth arcane knowledge - knowledge of assembling packets using raw sockets is a common requirement.

The ease of using a written exploit again differs.  Some exploit programmers make it very easy for just anyone to pick up their exploit and use it to abuse a vulnerability on a machine.  These are sometimes known as "point and click hacking tools" or "scripts".  Other exploit programmers intentionally disable their programs, so that only someone with programming knowledge can fix and use them.  The majority of exploits come uncompilied, in the C programming language and written for UNIX-style operating systems.  This raises the bar somewhat in that the potential hacker has to at least a) have access to a UNIX-style operating system and b) be able to use a C compiler.

Scanners

In order to find hosts that are vunerable for a particular exploit, "scanners" are programmed.  There are several different flavours of scanners including; port scanners, vulenerability scanners and security scanners.  Port scanners connect to a number of network "ports" on a computer, usually with the intention of determining what programs that computer might be running.  Vulnerbility scanners are usually custom-built hacker tools that automatically detect whether a computer is vulnerable to a particular exploit.  Security scanners are designed to be used by system admininstrators against their own computers, and usually consist of lots of tests to see whether the computer is vulnerable to most known exploits (technically they're mostly combinations of the first two).  Scanners can be assigned a list of hundreads of IP Addresses (a computer's network postcode) and they will run through them automatically, oftern at great speed.  This way, large sections of the internet can be checked by hackers for vulnerable computers.

I should stress at this point that scanning is the normal way to find computers vulnerable to be hacked.  This is in direct contrast to the media's interpretation that hacking is usually focused on a single computer.  This is far from common, and would require expert knowledge of a) networks b) operating systems c) current exploits and d) programming to achieve in any reasonable amount of time.

Backdoors and Trojans

Once the hacker has found a computer that his exploit has worked against, one of his first tasks is to secure access to that computer. He usually does this by replacing certain system commands with backdoored versions. A "backdoor" is a program that gives a user elevated access when a particular command is supplied. The hacker installs these backdoors, and thus can ensure himself access to the hacked machine providing these backdoors are not found.

An alternative method of gaining entry is the "trojan".  "Trojan" comes from "Trojan Horse" - and operates in a similar way.  Trojans are attached to a file - such as a game - and made available for the user - oftern through email.  If the user downloads the file an executes it, the trojan loads itself onto the victim's computer, and stays there.  It usually opens a channel ("port") by which the hacker can access the trojaned computer whenever it is connected to the internet.  Virus scanners can usually detect the most common trojans, but hacker-written custom trojans are much harder to detect.

Distributed Programming

Advanced hackers chain up their hacked hosts by used of distributed programming.  There are scanners out there that can scan from several hosts in sequence.  This makes the process faster and harder to detect then scanning from a single computer.  There are also distributed denial of service programs that use the combined bandwidth of the hacked computers to unleash a combined attack. Hundreads of computers can be chained up this way by skilled hackers.

Electronic Vandals?

Despite their image in the public press, most skilled hackers are not interested in destroying things.  They are talented programmers who simply wish to explore networks and find out new things.  It is not in their interests to destroy data, as it means they will lose access to hacked computers twice as quickly.  One hacker spent several months chaining a network of hacked computers together to calculate PI to a large significent place.  Despite this, they face heavy penalties and prison time if they are caught for their mostly harmless pranks.

Many hackers lead a double life as computer security experts.  It is the irony that pervades the security industry that ex-hackers make the best security experts.  It is this training that provides them with such a thorough knowledge of the holes in computers and how to stop them.  Many of these hackers go on to find new security holes, patch them and save companies thousands on revenue that would otherwise be lost.  They go on to fame in the security industry and 6 digit saleries working as security consultants for important companies.  Personally I have learnt C, Linux, sockets programming and Assembly as part of my interest in hacking, and have found the experience vastly beneficial in terms of my computing career.  It has even lead me to enjoy hacking in its original sense - that of someone who likes exploring programmable systems.