Hollywood
We have all seen it in so many Hollywood movies that it barely registers beyond cliché. I am of course talking about Bad Hackers.
You know the type, they batter furiously for a few seconds on the keyboard and then mysteriously gain access to every part of the system. Whether its Matthew Broderick in War Games, Jeff Bridges in Tron or pretty much anyone in the film Hackers (yes I am looking at you Jolie) it’s all a load of tosh. It’s just so obviously bad to anyone that works with a computer, including the guy that has to clean them.
Go check out Hacker Typer if you feel really jealous of this kind of ability.
Reality Check One
As every good tech knows that’s not the real hacking. The real hacking involves sitting in front of a computer for hours on end probing the external points of weakness looking for an opening. Its time-consuming, boring and usually done by people with nothing better to do except have a serious aversion to soap.
Only through days, weeks, years of pouring over green and white lined paper printouts that they have obtained from bins will they gain access to the network and finally get in to a server. Not exactly Hollywood material I grant you but always good for a documentary or two involving guys with beards and Metallica t-shirts.
The interesting thing is I know a guy who works in computer security and he tells me something different.
Reality Check Two
The real reality is that most modern networks have reasonable perimeter defences. Sure there is no doubt some SQL injection bug somewhere in some legacy system that some guy built and everyone forgot about but only the big hacker groups like Anonymous have the manpower to swarm over a network and find all those little chinks in the armour. The one man band in his bedroom has no chance on his own.
Not unless he gets out of his bedroom.
Where the real holes lie in network security are in the usual, most spectacularly obvious, place. The people.
According to my friend the best hacking tools are a sandwich and a pot of soup, you know, the type you always get out of your local cafe for lunch. Polystyrene cup and plastic lid. Seemingly a starbucks works well but soup just adds that hint of authenticity. The more fragile the better.
The tactic is then to just hang around outside your target office and do the pass in pocket trick. Sorry, yes, got my hands full, could you just get the door for me, oh cheers. I am told you can usually time your walk in behind someone if you want to be really slick.
Inside
Now once you are inside a corporate office then your fun options are endless. Get out a hidden laptop, notebook or just good old usb drive and find a nice quiet office. All you need is an RJ45 port, just the port cause you brought your own network cable, right?
No more poking away from the outside, you have desktops to scan and it only takes wee Stevie from accounts to have left his firewall off to use Access 97 ODBC and you got an in.
Ok, ok, perhaps I am taking this a bit far. The real art is what you do when you get on that network port and while my friend told me some of the fun ways of doing it I can honestly say it all went a bit over my head. Being a Glaswegian means I understand the con bit but not necessarily the maths.
What struck me was that this image of someone using confidence tricks to get in to computer network was miles away from the beardy guy in his bedroom. It’s not the Hollywood typer either.
And the award goes to…
For the worst Bad Hacker in film history…. Richard Prior in Superman 3. Seriously, drops a decimal place off a tax programme one minute and the next he is designing self-sustaining artificial intelligence AND a video game. Do you have any idea how long it takes to code a MAME ROM?