Flipside Extra
Flipside Extra Fun & Games All About Flipside Have Your Say Subscribe
  Website Published By IEE
Flipside Extra
Latest reviews
Five ways not to get eaten by a crocodile
Interview with a hacker
World-wide watch

Interview with a hacker

In the new issue we look at the truth behind the latest Die Hard movie – could terrorist hackers bring the world to a stop? We asked Dr K, hacker and author, for his thoughts. Don’t worry about the jargon: there’s a glossary at the end…

What motivates a hacker?
Let’s start by differentiating between ‘old-skool hackers’ and ‘black hat hackers’ (or crackers). In the old days a hacker was motivated by exploration – now they are more likely to be motivated by the idea of breaking into systems. These days there are lots of ‘old skool hackers’ – more than ever – but they are too busy building Web 2.0 to break into computers.

Has it become harder to gain access to sensitive computer networks in recent years?
I see a lot of mis-configured and default password systems – these are like leaving the key under the door mat. One of the major problems is that people don’t maintain their systems properly – there are an army of cyber-criminals looking for ‘0-day hacks’ just to plant adware, spyware and bots on your computer.

What sort of computer skills do you need to hack, or to stop the hackers?
General computer skills, knowledge of networking and an enquiring mind. A high threshold for boredom is also useful – a lot of this stuff is sooo boring it is unreal.

In Die Hard terrorists bring everything from traffic lights to the stock market to a halt via computer. Is this feasible?
In the old days there were a lot more modems about – you could login to phone switches, traffic light control systems and those nifty huge scrolling displays that are used for advertising. Now people are more aware – so security is better. But as attention has shifted to the Internet, security on modems has gotten more lax.
I have seen cases where a company had highly secretive data on a Solaris computer that was totally unpatched – but had an inbound modem for ‘support’ – and this is the tip of the iceberg. It only needs criminal hackers to go back to basics and start war-dialling again to find computers like these. Die Hard is an amped up replica for comic effect using the ‘hackers will cause the end of the world’ scenario.

What are the most positive and the most negative examples of hacking that you know about?
Hackers built the web – and now they are building Web 2.0 – it is a very exciting time right now. On the negative side, recent developments in cyber warfare, botnet attacks and the potential for widespread disruptive DDOS attacks are all major threats right now. My biggest worry is that the web won’t survive – that recent developments in ‘censorware’ predict that the web will become ever more balkanised.
We will end up with half of the web being ‘work safe’ and approved and the other half ‘forbidden due to security risks’. It’s a very clever way of taming the web –  by demonising a large proportion of its users the censorware filters will prevent access. It’s a bit like a book shop where you have to be approved by somebody to enter certain sections. This does not bode well for free speech and the free exchange of ideas.

Glossary

Web 2.0 – a term for the new generation of interactive internet uses, such as MySpace and Wikipedia

0-day hacks – new commercial software is often vulnerable to malicious attacks. A 0-day hack is one where a hacker successfully exploits a weak spot in the software before, or on the same day, as the software publisher becomes aware of it

adware, spyware and bots – adware is software which plays advertising on your computer; spyware raids your computer for personal information about you; bots conduct relentless, automated tasks in the computer world

Solaris – a computer operating system (Windows is another)

Unpatched – a patch is small piece of software designed to update or fix problems with a computer program

War dialling – a method of automatically scanning telephone numbers using a modem. Every phone number in an area is dialled to find computers before a hacker attempts to access them by guessing passwords

Botnets – computers infected with dodgy software, taken over by hackers and brought into networks to spread spam, viruses and other nasties around the place

DDOS attacks – distributed denial of service attacks. Several computers are used to bring down a network or website. This is achieved by flooding one or more of the site’s web servers with so many requests that it becomes unavailable for normal use

Censorware – software which filters the web and controls what content a reader can see
© 2008 The Institution of Engineering and Technology - Privacy Statement