21-25 Things Hackers are able to do
21. I have got some.
- Metadata : Almost every consumer device is designed to track the movements and activities of owner. Digital cameras, cell phones, scanners, printers, camcorders, all save files that are stamped with metadata, date, time and serial number of the device. Printers put a tiny encoded serial number in the corner in almost invisible yellow ink. If you post your naked picture on the internet and use the same camera to post pictures to facebook, people, companies and intelligence agencies can track you by the metadata and use it to build a detailed picture of your life by linking online accounts that may appear separate to the untrained eye.
- Databases, online analytical processing (sometimes referred to as ‘big data’) : This is something not many people, even techies are fully aware of. The power of databases is extraordinary to merge databases about people, all you need is a common ‘unique identifier’, this could be a SSN, a telephone number, an e-mail address, but also something less tangible, like a signature generated from your browser habits (how many people really visit the sites that you do on a daily basis), your browser settings (screen resolution, fonts installed, preferences set) etc.
All you need is one common unique identifier to merge 2 databases containing potentially millions of records about millions of people. There is a huge black-market for databases, hackers steal databases and put them on bit torrent, companies go out of business, often the most valuable asset during liquidation is the customer database. There are companies, agencies and individuals who collect and merge databases in order to harvest marketing info, or simply sell access to it as a service.
Almost every time you hear about a data breech and you are asked to change your password, it’s likely that all other information you sent to that company is also in the hands of somebody untrustworthy, companies often encrypt/hash/salt their password fields, they don’t protect user data in the same way as it’s not practical for them to do so.
- Cryptography : People need to learn how to encode their messages, to inform themselves about applications that can be trusted channels of communication, that use an openly auditable, peer reviewed process in it’s development. If these applications don’t yet exist we collectively need to start funding them as basic, simple to use tools of communication.
- Centralized Systems (aka ‘the cloud’). Kk, the cloud is a loaded term, it’s a buzz word in IT with 2 meanings, one meaning is hosting of server and bandwidth provided by companies like Amazon, Azure etc. You are an IT / developer who has an application in mind for 100 servers (but might not need that many) then this is great.
The other meaning of the cloud is when a company asks you to do something that would be normally done on your local PC, on their server. THIS IS A BAD THING! What they have done is re-named centralized computing common in the 1970s where you had to ask an authority for permission to run code, and were only allowed to do what you wanted after receiving approval. This architecture is inherently authoritarian and undermines the power of the user. When Adobe moves photoshop to the ‘creative cloud’ they are asking you to trust them to store all your work in progress. If these companies go out of business, or if they upgrade the software, or choose to double the price, you are fu*ked! You loose access to all your previous work, you can’t export or save your files, and you are sharing your files with a 3rd party, same goes for Dropbox, Office 365, Google docs, but even things we take for granted, web based e-mail. If webmail services were secure why do businesses individually pay for expensive mail servers, software and maintenance.
- The cost of free : People know this but have not thought about it deeply enough. The expression “If You’re Not Paying, You’re The Product” completely rings true.
- You’re paying too much for bad software : With the amount we all pay in software licenses each year (for basically the same thing with a few new features and a little window dressing), for a fraction of this we can fund open source software developments that can be used for more. Did you know that you can use VLC player to record anything to a file, stream from your webcam to the world, screen cap/stream your desktop, projects like mediagoblin let you set up your own youtube type media sharing site. Over the past decade, consumer OS’s and ISPs have had the server based features removed so that they can be sold back to us at a premium, general purpose computing and the promise of the internet is that anyone connected can be a server, can be a service provider, and not just a consumer.
22. Any defcon video (a lot are available on youtube). GPS can be spoofed(faked). You can override the GPS signal with hardware of $1000. This can be used to move the position of a GPS-receiver to something else. Like say: an airplane is 1000 ft higher than it actually is. Combine this with a autopilot and a bye bye plane. (This can also be used with boats)
Air traffic control can be spoofed too. With $1500(?) of equipment you can create your own virtual airplane on the screens at an airport. Create 10 fake airplanes and you will have a “where is waldo” game with planes. You can even make them crash. Even autopilot will react to avoid crashing into the ghosts. Let’s just say that I’m very happy I don’t have to fly often and there are enough planes that I’m unlikely to be on one specific airplane. Source.
23. I am not a hacker, far from it. However I did write a script that does well over 90% of my job for me. I outperformed all other people in my department; they gave me a promotion and my own office. I now get all the work done that they used to have to hire 4-5 people to do, and all the work I get given, I can easily do it in 10-15 minutes a day, but I am there for 9 hours. My boss thinks I am a workhorse and I sit on my PC all day, browsing internet, watching netflix, youtube and listening to audiobooks. If people were more IT literate most office jobs would be obsolete.
24. I’m a computer scientist with security knowledge so I am not a hacker per se.
There is a decent chance that the US government will break modern encryption as we know it in the next decade. Currently the government (namely the CIA and NSA) are some of the largest employers of mathematicians. The NSA has one of the largest data centers ever built by man, it is speculated that they are nearing a breakthrough and are getting ready to use it.
Modern encryption is based on the fact it is really hard to find the prime factors of a number in a recessional amount of time (but extremely easy to make a large number with prime factors). If a way is found to quickly find prime factors the whole system is fu*ked. Quantum computers will do this if they turn out to be possible, perhaps they are banking on that or perhaps they found some other way.
Honestly this scares the me more than anything else. Given their data capacity they are probably already storing all the encrypted data they can find and waiting for the day they can decrypt it.
25. Getting finger prints of someone using HD photos. This hacker managed to get the fingerprints of a German minister.
Usually if you’re smart enough to do this stuff, you’re smart enough to be gainfully employed, fortunately.