vcbc
XIII. Opponents
10/25/2016
hacking
XV. Don’t get hacked
11/08/2016
Show all

XIV. The top ten things you didn’t know about hacking

hacked

The word ‘hacking’ conjures up images of a Dex-like underworld… a kind of invasive techno-shamanism at the fringes of our society. But hacking is much more present in our everyday than you might realise – you don’t need secret training from an anarchistic legend to learn the trade, not when there even an accredited course where graduates walk out with a hacking certificate.

Here are ten other things you probably never knew about hacking:

  1. After TalkTalk’s recent security breach resulted in the theft of 157,000 users’ personal data, the Information Commissioner’s Office told British Parliament that hacking company websites was so easy a three year old could do it. This statement wasn’t just rhetoric – the ICO pointed the MPs to a short YouTube video in which a cyber security expert walks his three year old son through the process of breaking into a company site. The only real difficulty was that the three year old’s hands were too small for the mouse.
  2. But physical access to your computer has always been the most dangerous way to get hacked. With a USB flashcard infected with an autorun virus, a hacker can open up remote access to whole networks in seconds and without even touching a keyboard.
  3. And it can be bad news when company networks are breached. There are cases in which a single hack has brought down a whole corporation. Niku Corp., a Silicon Valley IT management software firm, was delisted from NASDAQ after a hacker stole 1,000 R&D documents from its servers. It turned out that the hacker was none other than a former CEO of one of Niku’s main rivals, Business Engine Software. The senior exec hacker, John O’Neil, was caught and promptly sent to prison for his crime. But the damage was already done: Niku no longer exists as a company.
  4. Of course, it’s not just companies that need to be on their guard. With the global change-over from IPv4 to IPv6, web tracking has never been simpler for hackers wishing to target specific individuals. IPv6 leaves digital footprints that are tied specifically to your hardware, which means we are currently walking blindly into an age where our devices can be tracked – presently and historically – through every website we visit.
  5. Most of us feel at ease when connecting to a secure public network. Perhaps we shouldn’t: Even the most widespread and dependable WiFi security protocol, WPA2, leaves us vulnerable to hackers sharing the network. By using the free Android phone app, Faceniff, a hacker can deploy an SSL strip to piggy-back into other users’ Facebook, Twitter, YouTube or Amazon accounts. And, if they also gain access to the wireless router, they can even launch man-in-the-middle attacks to sniff out and steal your passwords.
  6. There’s more: an ‘evil twin’ is a painfully simple social engineering hack also commonly used on public wireless networks. A hacker simply sets up a network with the same SSID (name) as the public WiFi you are accessing (e.g, at an airport, hotel or coffee shop). Then, they boost the rogue WiFi signal so that it’s stronger than the real one. Since most devices list the strongest signal first and most people click on the first WiFi network in the list, the hacker is able to scoop most visitors onto their fake network. They then use Man-in-the-middle attacks to swipe your passwords.
  7. University research associate, Ralf-Philipp Weinmann, recently demonstrated how a hacker can turn iPhone or Android devices into remote spying devices. By remotely injecting malicious code via an evil-twin cellphone tower, he was able to activate a cellphone’s auto answer function and use it as a remote recording device to spy on the phone’s owner.
  8. Hackers can be heroes too. Everyone has heard of Anonymous and their vigilante hacking (we’re told that even saying their name puts you on their radar!), but there are whole battalions of solo hackers who also receive praise for their deeds… alongside punishment. In April, Hamza Bendelladj, aka BX1, an Algerian hacker, was sentenced to 15 years in prison for causing an estimated $1bn in financial damages to 200 American banks and financial institutions, which he breached with his self-made weapon – the SpyEye virus. Not only was he seen to be stealing from the rich, he reportedly gave millions of dollars to Palestinian charities.
  9. Hackers track popular search trends when they choose which websites to infect with malware. McAfee releases an annual list of the most dangerous search terms, and they are commonly the highest searched for items, such as free screen savers, ring tones, or music.
  10. Thanks to the default geo tagging feature on all smartphones, our photos online include GPS coordinates of where the photo was taken embedded in the image’s code. This is extremely useful for telling cyberthieves when you are on holiday or exactly where your new PS4 is located.

For many, the above is fear-worthy. But console yourself with the thought that the surveillance powers of the NSA, Google or Facebook really make hackers the least of your worries.

For some simple hacking protection strategies, look out for our forthcoming article: ‘Don’t get hacked’.