How computer pros crack hackers

Recently, against the background of all kinds of viruses Wanna Cry and Petya, the topic of cyber security does not leave the front pages of the media. In this connection, the note found on one of the overseas sites was remarkable. Under the cut, the story of Roger Krames about how some professionals bring trouble to others and vice versa. The essence of the article boils down to the fact that if you want to get acquainted with a really sensible hacker, talk with a specialist in protection against cyber attacks. These talented people work every day to make cybercrime more difficult and less profitable. By the way, I was surprised to learn that the favorite entertainment of information security specialists is to “break” the computers of neighbors at professional conferences.

A long awkward pause, it is always the first sign that a once-assertive hacker suddenly realized that he unexpectedly became a victim himself. And this happens every time.
')


One harmful hacker shot his “ion cannon” at my network address, trying to suppress my home computer and internet connection. I sent him an e-mail on the eve, making it clear that I know who he is, what he does for a living (he was a budding wedding photographer), his name (Rick), and that he had just married a beautiful girl. Usually this is enough to scare most hackers, but sometimes some, such as Rick, continue to persist.

On his own chat channel protected by Tor, Rick told his friends that he was preparing to launch an even more powerful DDoS attack against me. It seems like before that he used “childish” hacker stuff, and now he is thinking about paying for a professional hacker service to attack me.

DDoS attacks, which involve hundreds of thousands of computers and devices completely unaffected by it, can be catastrophically difficult to stop, not only for me, but also for any specialist, and even a whole company. A powerful stream of malicious network traffic can paralyze the work of any services except the largest and richest (for example, Google). As soon as attacks begin, the victim (in this case, I) can be cut off from the Internet for several days.

I got into his chat channel and advised me to tie it up. A delay in response convinced me that I took him by surprise. He answered me by calling obscene words and suspected that I was a member of his forum. When I replied that I was not, he again spoke nasty things and added that I would regret having broken into his private forum. I politely asked to abandon the very idea of ​​attacking me, since I had to do real work.

The next evening, at about the same time, judging by the slowness of my Internet, I realized that the threat of a DDoS attack had moved into real action. If I didn’t do anything, I would lose my connection for not knowing how many days. Therefore, it was out of pure concern that I could not complete the work on time, I hacked into his computer.

I had to identify the computer and software that he used (in the hacker lexicon this is called the “fingerprint algorithm”), he learned that he was using an outdated firewall. One of my favorite tricks is hacking computers and companies using software and devices that they are sure will be able to protect them. Therefore, using weaknesses in protection, I hacked his computer, changed the settings and left a new batch file. Then I contacted him on his chat channel and offered to check my work.

The batch file had to reformat its hard disk and destroy everything on it if Rick had rebooted the computer. I have previously “commented out” the disastrous lines of my script so that the program is so far harmless. But if I’d just deleted three characters (that is, rem), this still harmless scenario would have turned into a perishing, at least for his computer.

DDoS attack immediately stopped. The accustomed hacker returned to the chat channel and asked incredulously: “Old man, how did you do it?” At last, he began to speak in human language when all this fake swagger left him. I replied, “Rick, there are many hackers better than you. Give up your mischief and direct your talents to something good. Spend more time with your beautiful wife. Someday you will get muddied with the wrong guy or the wrong agency. It was a warning bell to you. ”

With these words, I closed the chat and went back to work. This is not the first time when I had to engage in such offensive hacking so that another hacker would leave me alone. And I'm certainly not the only one who knows how to do this. In fact, the best and smartest hackers that I know are good guys and girls, and not at all malicious scumbags, sending an epidemic on our digital life. I am a veteran of computer security with 30 years of experience, constantly fighting with tens of thousands of people like me. Our rivals, on average, are not as clever as we are.



This is not to say that all harmful hackers are not far off people. Not in this case. Just the vast majority are not very smart, they are average. At one time, I may see one or a couple of smart hackers who can do something that no one has done before. But most of the malicious hackers I encountered are not brilliant and not creative. They simply use tools, tricks and services that were invented by other more clever hackers. For the most part, they are only ordinary "suckers" who are unable to create even Emoji, and not those legendary hackers portrayed by Hollywood.

If you want to get acquainted with a really smart hacker, talk to a cyber attack specialist. These people - experts in various technologies, should be able to recognize and stop all threats. They are the invisible Henry Fords and Einsteins of the digital world. Contrary to the image of a clever and resourceful hacker, which is well-established in the cinema, defenders fight for the network and help stop and arrest more hackers than it seems.

Right now, hacking is almost zero risk.

Hacking is very thriving today, almost like armed bank robberies in the early 1900s. The richness and diversity of our digital world is formed faster than the protection necessary for it. And the chances of being caught or arrested for cybercrime are almost nil. A hacker can steal millions of dollars with almost no risk.

Try to rob a real bank, and there is a chance that you will take less than 8000 dollars and maybe you will be caught ( according to the latest FBI statistics, 55% of bank robbers were identified and arrested in 2014 ) and you will be imprisoned for years. A negative risk factor / reward is the reason that fewer than 4,000 bank robberies occur annually in the United States.

Compare this to cybercrime. Each month, the FBI receives more than 22,000 allegations of cybercrime , and most likely more crimes will be committed. The average claimed damage amounts to almost $ 6,500, and out of $ 269,000, only 1,500 were referred to law enforcement. Although most of the latest FBI annual reports did not include convictions, the 2010 report with a similar number of complaints and cases only indicates six convictions. This means that for every 50,635 victims, there is only one convicted cybercriminal. And these are only cases reported to the FBI.

Steal a million dollars online, and you can enjoy your newfound wealth almost without any worries. The difficulty of collecting evidence, legal issues (Russia and China ignore American search and arrest warrants) and the possibility of transferring cybercrime to legal bodies make this occupation an adventure with minimal risk. And, as I said, you do not have to be particularly smart to become a successful hacker. Any dude or criminal syndicate can do this. All you need to know is a few craft tricks.

The secret of hacking

The secret of hacking is that there is no secret. Hacking is like an ordinary profession, a plumber or an electrician, where you have to learn how to master some tools or methods, and the rest is just practice and perseverance. Most hackers find missing software patches, configuration errors, vulnerabilities, or social engineering. If it works at least once, it will be spectacular thousands of times. This is so easy and works so regularly that many professional pentesters (they get paid for allowed hacking) quit this job after a few years, because it no longer arouses their interest.

For 30 years of professional testing for the possibility of unauthorized access, I hacked every company I was hired for in three or less hours. These are banking, hospital business, and government institutions. I barely finished high school and was expelled from a simple college for poor performance. Let's just say that I am not a gold medalist with a red diploma.

On a scale of one to ten, I’m somewhere around six or seven, but I can crack almost everything. I work with hackers who, in my opinion, are picking up the top ten on this scale, and they almost all consider themselves average. At the same time, they themselves can list the people whom they consider “on the top ten”. And so on. This suggests that many can hack what they want. The number of hackers in the world is unknown, but the bill is probably close to a hundred thousand. Fortunately, most of them are on the good side.

People hacking hackers

People who work to protect computers and who fight hackers and their malicious codes outnumber hackers. This includes pentesters, vulnerability closures, policy makers, teachers, product developers, security analysts, technical writers, cryptographers, privacy advocates, and just advocates, threat designers, and other experts in all sorts of areas. Here are some of them.

Brian krebs

Krebs - a journalist who has long been investigating, is famous for exposing the most notorious network criminal groups. He systematically calls previously anonymous malicious hackers by name, which often leads to their arrest. Krebs learned to speak and read Russian, so he can track down and claim Russian cybercrime companies and syndicates. He succeeded so much in this that hackers constantly seek his arrest by putting drugs, fake money on him, or attributing hostage to him. His best-selling book Spam Nation has become a devastating book of the Russian spam industry, exposing the fact that sometimes Western law enforcement agencies support international cybercrime because it turns out to be financially beneficial for them. Everything written by Brian Krebs is worth reading.

Bruce schneier

For the creation of numerous cryptoalgorithms that have earned confidence, Schneier is recognized as the “father” of modern computer cryptography. He is a leading figure in the field of computer protection, constantly appears before the US Congress and major media. Today, Schneier is mainly considering the human factor in computer protection failures. I believe that the study of Schneier’s articles should be a prerequisite for the study of cyber defense.

Dr. Dorothy Denning

Distinguished Professor Denning from the School for the Advancement of Officers of the Navy was a pioneer of computer protection, created the fundamental work of computer encryption, defining attack, cyberwar, and restricting access. She invented the lattice-based security model that is used today in many other models. She warned (and wrote) about the possibility of cyberwars even before they appeared.

Kevin Mitnick

The well-known international hacker Mitnick, who once received a ban on using even a telephone, has long been released from prison and became a law-abiding citizen. Today he is the CEO of his own computer protection company and regularly writes about the threats of social engineering and privacy violations. Many malicious hackers can not be trusted, but Mitnick is an exception.

Michael Howard

Howard with friends created a method of securely writing software known as the Secure Software Development Cycle (SDL, Security Development Lifecycle), which is widely used by thousands of companies to reduce the number of bugs and vulnerabilities in products. Recent critics of this method now use it, seeing how well it has been working for many years.

Joanna Rutkovskaya

Polish computer security expert Joanna Rutkowska gained fame after publicizing the details of her “ blue tablet attack ”. She demonstrated such an ingenious hacker method, difficult to detect and prevent, that defenders are happy that none of the hackers have yet used it. She decided not to trust the security of any publicly available OS and created her own “reasonably secure” system called QubesOS . The most talented spies and privacy advocates use this OS.

Lance spitzner

Spitzner is considered the father of the hacker's trap. A hacker trap is a fake device (that is, a computer, router, printer, and so on) that exists for the sole purpose of identifying malicious hacker activity. Hacker traps are considered the best defenses that any company can adopt for early detection of a threat. Spitzner currently works at SANS, the most respectable international organization for computer protection, and is teaching companies how to respond effectively and quickly to hacking.

Cormac Hurley

Hurley is a computer security researcher. Using real data, he refutes the established security dogma about the effectiveness of long and complex passwords. Hurley proved that the use of long, complex and frequently changed passwords not only does not save the situation, but creates even more problems. His research and conclusions are so revolutionary that, most likely, decades will pass before we see the introduction of most of them.

Michael Dubinsky

The constantly attacked state of Israel is known worldwide for its very good cyber defense software. Israeli Dubinsky - the main developer of the product, known for the fact that he discovers previously undetectable. His product notices the insidious and hidden hackers who hunt the main wealth of the company ... and works faster than the attackers.

All these specialists are part of a huge army of “white” hackers, who create more and more difficulties for hacking every year. The critical mass is growing, and over the next decade, online cybercrime will become as rare as bank robbery. They will be committed, but they will be less and less, it will be much easier to punish them. By the way, which Russian “white” hackers do you know?