A hacker’s advice

A hacker’s advice

hack pad

Its 5 am in the morning, he rises up and one of the first things that come to mind is the machine. He rubs his eyes and reaches for his glasses; edges closer to his desk where the machine is. A smile spreads across his face. Ah, the machine cracked the password. The screen bears the black shell; the black shell of power with its blinking cursor awaiting his next command. They call it the terminal.

This is John; a hacker. He considers himself to be one. John has neighbors. His neighbors have Wi-Fi installed in their houses. John wants to find out what their passwords are. Partly for fun and partly as a challenge. He is a hacker all right, a good one though. Here’s what happed the previous night before this day.

Yesterday

It’s late in the night. John scans for available Wi-Fi connections. There are a number of them; he utilizes his terminal tools to determine how strong the wireless connections around him are. Most of them are within range since they belong to his neighbors who are not so far away. He picks a target, types a few commands, sits back and waits; watching the terminal. His intention is to flood the target with requests till it overruns its ability to respond to those requests. They call it the denial of service attack (DOS).

The target

Tom was surfing the internet. He notices his internet connection’s starting to get weak. Standard procedure is restarting his router. He does. The internet connection is stable again. Happy? Yeah, happy.

The hacker

Everything’s going according to plan. Nothing’s a mistake here. The hacker intended for Tom to restart his router. And when he did, the hacker’s machine has already been configured to monitor everything. It’s watching Tom’s network. After the restart, it can see how many of Tom’s devices are connected to his Wi-Fi. He can see the devices unique identifiers. Think of them as serial numbers. In the machine world, they’re called MAC addresses. (Never mind what MAC means). A further examination of the MAC addresses reveals what type the devices are. For instance, he can tell Tom’s phone’s a Samsung and his computer’s a HP. Nice to know…the hacker smiles. His work is not finished though, what he wants is Tom’s Wi-Fi password. A series of commands ensues and the machine goes to work. Its instructions by the hacker are to brute force Tom’s Wi-Fi till it gets the correct password. The hacker knows it might take a while and so he retires to bed, leaves the machine running.

Today

The hacker has acquired Tom’s Wi-Fi password. He can connect to Tom’s Wi-Fi and use his internet if he wishes to. He could change the password and lock Tom out of his own Wi-Fi. There are a number of things he could do if he wanted. But he’s a good guy; a white hat. He won’t do any of that. If anything, he’ll notify Tom to change his password with a stronger one.

Were John a malicious hacker, (black hat) he would definitely exploit Tom. A black hat knows that far too many people recycle passwords. So he could try the same password on Tom’s social media accounts, bank portals et cetera.  If Tom recycles his passwords, it could be doom and gloom for him.

Later in the day, John is in a computer lab class; bored. He won’t dare walk out lest he risks being noted by the professor. He decides to be naughty and have some fun. All the computers in the lab are connected to the internet. John opens up his terminal, types a few commands to jam the network (similar to DOS attack) so that all the computers in the class cannot access the internet. Once this happens, the professor can’t go on as he was depending on the connection to teach the class. Determined to rectify the problem; he calls the department network admin about the problem.

The network admin knows there’s nothing wrong with the internet so he decides to scan the network to identify what the problem is. The scan reveals a list of MAC addresses representing all the machines connected to the department network. He also notes a lot of traffic coming from one particular machine and he concludes it must be reason why the professor’s class isn’t able to access the internet. The logical thing to do is lock it out from the network. He clicks on the MAC address of the jamming machine and blocks it. That should solve the problem. Moments later, the professor calls again.

John anticipated this would happen. He knew the network admin would find his jamming machine on the network. He also knows there will be consequences if he got caught. So he does something clever. He previously has scanned the machines in the class so he knows the MAC address of the professor’s machine. He replaces his machines MAC address with the professors MAC address. To the network admin, the machine causing the jam bears the MAC address of the professor’s machine. But the network admin does not know that.

The network admin blocked the MAC address of the jamming machine. Unbeknownst to him, the MAC he blocked was only used as a front. It belongs to the professor. John stops jamming the signal and reverts back to his own MAC address. This time, everyone can connect to the internet except the professor. According to the network admin, it appeared his machine was responsible for jamming the network.

At this point the professor, furious, dismisses the class. The network admin looks at the students as they leave the class. He knows they’ve been played. One of those kids is responsible but he can’t tell which one. John amidst the crowd of students walks out; elated.

***

The information age has its advantages but also has a dark side. You could get robbed by cyber ghosts. Your name could be dragged in the mud. You could get locked out of your services. Your private information could get stolen. A whole lot of bad things could happen to you.

You could prevent some of that from happening by taking some seemingly simple yet important security precautions. For instance, try as much as possible not to recycle or use obvious passwords. On top of that, make your passwords secure. Create passwords with a mix capital letters, small letters, numbers and symbols. Such passwords are hard to break and often impossible to crack. They could save you a lot of trouble.

There are so many other forms of attacks that can be implemented to exploit a person or an organization. Man in the middle attacks, DOS, phishing, SQL injection to name a few. From a hacker’s perspective, hacking can be challenging but fun. The hacking shown in movies does not represent the real world. Nothing ever happens that fast. A hack could take days, sometimes weeks or even months. A surprising quality of good hackers is patience. If the bad guys are onto you, well, the least you could do is make it harder for them.

Abroad, I have heard of many companies which have hacking departments. The sole purpose of those departments is attack the company system and exploit vulnerabilities. They hack it just like the bad guys would but their intention is to patch up the loopholes they find. Those companies know well that they can never be too safe or secure and it takes a hacker to get a hacker.

It does not take a rocket scientist to tell that it will get worse. Soon, physical robberies will decline. Do not think the robbers become saints. Well, maybe they did but not likely. They are stealing on a new front and hence there needs to be a new crop of police to hunt them there; the internet police; The White hats. I am learning how to be one and I soon will be. I stumbled across a slogan by white hats with which I will end.

“We protect you from people like us.”