11-15 Things Hackers are able to do
11. Social engineering is a skill that can be used to victimize naive people (because let’s be honest, human nature is to trust).
Found a USB stick laying on the ground? What’s the first thing you do? You plug it into your own computer. But it was planted by an adversary and has autorun software that drops a remote access trojan onto your system.
Do you update your systems OR run weird software? Odds are there is at least one vulnerability on your system that an attacker can find and use a free distro of BackTrack or Kali Linux to exploit your machine and gain access.
I could go on and on. Source: I do this full-time for the government. Best advice I can give on getting into the field is: -learn at least one programming language, not necessarily to expert level, but to learn about logical/control flow -take a SANS course, preferably GCIH or GCIA. They’re going to be difficult for people new to the field, though, so you might want to take an intro course at a community college first.
I’ve been doing this for over 10 years, and adversaries are just getting better and more sophisticated. The best advice I can give (besides buy stock in info security companies) is, if you don’t want something digital to be compromised, don’t put it online in the first place. Don’t store things in the “cloud” that don’t need to be there. Know what your Smartphone is doing (such as storing/sending your location). Think like an adversary – what could a bad person do with this PLETHORA of information that is now available in this age of technology?
12. Professional Hacker(Penetration Tester) here.
I would say the scariest thing I run into on a daily basis is how shoddy in the security sense most of the code out there is. I deal mainly with web applications, and it is amazing some of the things the developers come up with. It might be super fast and functional, but horrible security wise. The number of big development firms that have no security cycle or QA cooked into their dev cycle is astonishing.
The second is just how little understanding in the general public there is about how tech actually works, what its doing. Everyone uses it for everything, yet there are people out there that are in charge of commerce apps that take your financial data that don’t know what a web browser is. I actually think the general population is getting more tech illiterate. As devices have become more user friendly, the level of IT knowledge required to use them has gone down dramatically. So what we have now is the equivalent of a bunch of toddlers running around with bazookas and not knowing what makes them go boom.
13. You can use a very basic and very old (but still working) exploit called ARP Spoofing (or ARP Poisoning) to intercept any traffic on your LAN (which on something like an office or college network may include hundreds of people). You can use this method to record everything they do on the Internet and even extract any usernames and passwords they may use (Facebook, GMail, etc.). But what about SSL? You use a MiM attack. But won’t that throw a cert error? Yes, but most people ignore those. Bottom line is be careful what you do on public and semi-public (office) networks and try to just wait until you get home if it’s sensitive data. Certainly don’t do any banking on the airport/hotel WiFi.
The best way to get someone’s password is to just ask for it. I really can’t believe how many people still refuse to believe this, but administrators will never ever ask for your password. Stop giving that out. If you get an e-mail asking for your password, it’s always a scam. Always always always. No exceptions. Seriously, people.
14. Don’t use the same password for anything. Hacker 101 is that once you compromise one account (ideally e-mail), you go through their e-mail notifications to see what other accounts they have. Then you go to those sites and try to log in with the same password. It usually works. Also you really shouldn’t even use the same username for difference sites, because if I crack an account other than your e-mail address I can still just Google your username or sites I think you might visit.
15. You can rather easily build at home a device which intercepts GSM (cell phone) data in the area. You can also easily build or buy a device which jams cell phones in the area. I should note that it’s a felony to use or posses these.
Yes, we can use malware to remotely activate your webcam, microphones, and whatever else is plugged into your computer. Cover the lens when you’re not using it. Ditto on cell phones, but there’s not much you can do about that short of removing the battery.
Everyone should know about ATM skimmers. (We have covered these extensively in You Should Know sections).
16-20 Things Hackers are able to do
16. People have hacked cars and most over forms of transportation. These hacks have included the ability to stop your brakes from working and moving your steering wheel. While the knowledge is currently held by a small group of people, it never stays that way and I predict that “murder by hacking/trolls” will be old news before 2020.
If the GPS system were to ever fail, just like GLONASS did, the economic damage would easily be in the 100’s of billions as financial institutions depend on GPS for timing. Note that this technology was developed 19 years ago based on a 41 year old theory. One mis-programmed counter could bring it all down if it wasn’t caught.
Everything from power plants to dams to oil pipelines still uses SCADA a protocol developed with 1990s era security practices. These systems are connected to the internet. One worm on the scale of ILOVEYOU built to target these systems would have wide reaching real world consequences including cutting off municipal water supplies.
While bug bounty programs are a step in the right direction, from an economic perceptive it is orders of magnitude more profitable to sell a zero-day vulnerably on the black market then it is to sell to a company. This means that most software zero-days are being sold and horded instead of patched. In practical terms this means that almost all of the software you use is vulnerable.
Taking all of those things together gets us the scariest part of the picture. In the next decade I predict that there will be a cyberwar or a terrorist attack over the internet. People will die and the economic damage will be equal to, if not greater then a bombing of a major city. This will provoke a backlash that will fundamentally rewrite the way that we interact with our computers. I cannot even hazard a guess as to what direction that will take but if Computer Fraud and Abuse Act is anything to go by, it will not be pretty.
17. Those browser warnings about untrusted SSL certificates that everyone automatically bypasses could be an indicator that you’re a victim of a man-in-the-middle attack. In other words, your data is being routed through an attackers system, possibly through an ARP or DNS spoofing attack. By bypassing the warning messages, you have (possibly) just agreed to trust an attacker supplied, self-signed SSL certificate. This isn’t the case 100% of the time, but definitely a reason to pause and scrutinize the warning.
Nearly every single Comcast router I’ve ever tested is vulnerable to a WPS (wifi protected setup) authorization bypass vulnerability. Disable WPS to protect yourself against it. i.e anyone can join your WPA2 protected WiFi network in 10 hours or less with zero knowledge of your pass phrase.
18. Many office buildings have secure areas that require an ID badge for ingress access. However, when exiting said secure area a proximity sensor detects the presence of a person on the secure side, and unlocks the door without requiring an ID badge. It’s possible to abuse the behavior of the proximity sensor on the secure side of the door using a can of compressed air, effectively bypassing the need to have a valid ID badge. Hold the can of compressed air upside-down, place nozzle between door cracks, aim toward the ceiling (toward the location of the proximity sensor on opposite side of the door), pull trigger to spray. If the proximity sensor is improperly configured, the door will open as though a person was on the opposite side exiting the secure area.
Also remember, physical storage doesn’t last for as long as people think. CD’s and DVD’s have a finite lifespan. If you have photos backed up on a disk in the attic from the 90’s they could potentially fail if you ever wanted what was on them. Same thing is true with USB flash drives and hard discs a decade or two before they fail.
This isn’t a problem right now but imagine a world where everything is stored digitally as opposed to hard copy (which also has a finite lifespan) your grandkids wont have any of your pictures or files because they will all be gone. Sure you could do online backups but even then how long will that service be around? How many times has a company gone out of business taking its media with them?
19. Large parts of hacking rely on exploiting the user, not the machine. We’ll try to trick you or trap you into doing something stupid. It’s much easier and more reliable than trying to actually compromise software. Most penetration testing firms (hackers you pay to test your network security) have a 100% success rate when they’re allowed to exploit users.
You can have the strongest IT system in the world. You can spend billions on software & hardware protection, but if I can ring the new employee called “Cathy” and say “Hey, Cathy, you’re new here right? Yeah it’s John from IT Security, There’s been a breach and I need Sys Admin password quickly so I can patch it up”. “Ok” says Cathy, under stress to fix the problem and there I have it. I got the password. It’s called Social Engineering and 9 times out of 10 that’s how people hack accounts.
20. Almost all industry computers(think controllers for huge factories, power plants, water reclamation, distance heating, etc…) have well known default passwords or even hardcoded admin accounts. Back in the day, this was not a huge problem because you would run them on private networks with no connection to the internet.
Nowadays, the internet is available everywhere and much much cheaper than private networks, so many of these industry computers are now reachable from the internet. People that know what they are doing would only make them accessible over a VPN, but there is a very large number of people that shouldn’t be allowed anywhere near a keyboard.
Usually if you’re smart enough to do this stuff, you’re smart enough to be gainfully employed, fortunately.