How Hackers Hack
With the click of a mouse on one computer, the screen of the laptop a few feet away flashes wildly as a flood of data flies silently across a private network cable connecting the two machines. Within a minute the laptop's file sharing password is compromised.
"The computer is having a bad day," says a reporter as he watches the effect of the attack on his machine. "Packets are coming at it so fast, the firewall doesn't know what to do."
Some hackers claim they can teach a monkey how to hack in a couple of hours. We asked two hackers, Syke and Optyx (at their request, we are using their hacking pseudonyms rather than their real names), to give us non-simian reporters a demonstration.
What we got was a sometimes-frightening view of how easily nearly anyone's computer -- at home or at work, protected or not -- can be cracked by a determined hacker. But we also found out that computer users can make a hacker's job much harder by avoiding a few common mistakes.
Syke, a 23-year-old white-hat hacker, and Optyx, a 19-year-old self-proclaimed black hat, both work in computer security (Syke, until recently, for a well-known security software vendor; Optyx for an application service provider).
They launch their attack on our notebook from desktop computers located in the windowless basement that is New Hack City, a sort of hacker research-and-development lab (and part-time party lounge).
The lab's rooms are filled with over a dozen Sun SPARC servers, assorted network hubs and mountains of ethernet cable, an arcade-size Ms. Pac Man game, and a DJ tower stocked with music-mixing equipment for all-night hacker jams.
Hacking 101
"You should understand," says Optyx, as he enters a few commands that bring our machine to its knees, "no matter what people do, hackers will always find a way to get into systems."
Just as he says this, Optyx uses a program to get the laptop to spew out a bit of data identifying its operating system and version.
He then runs the program that cracked the file sharing password in the blink of an eye. We watch as he uses another tool to root through files in the laptop's shared directory.
As hacking goes, the methods our two instructors use on our laptop are not very elegant -- the equivalent of using brute force to knock in a door -- and through the machine's software firewall, we are immediately aware that the machine is being hacked. But, save from disconnecting our machine from the network cable, we're powerless to stop it.
Most hacking attacks, however, are much more invisible.
Open Sesame
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
