~ 1 Jun 2016, 16:20
One of my tiny teenage victories was convincing my parents to buy me The hacker's manual book. I was obsessed with becoming a hacker, and as these things usually go, I was just trying to be cool - we had a hacker at high school, and a well-rounded one: the black glasses, the op status in the local IRC channels, the incomprehensible technical dialect, and a 55.6k modem filled the picture. Retrospectively, this wasn't a particularly good book: it contained mostly poorly-written, typo-laden C code, intended for god-knows-which incompatible gcc version, and demonstrated exploits which the world has usually long forgotten and patched against. If it taught me anything, it was that becoming a hacker is a long journey and I had tons to read more, before I could join the league. And that there were several definitions for hacker, which people regularly misused.
I have to warn you: this post contains some self-flattery. It's not much, but... you've been warned.
To the point: what defines a hacker? In a nutshell, the hacker is just an extremely curious technical person. He's focused on experimentation and loves to tinker. He has a very large and wide expertise in computers, networks, telephony, hardware, mechanics, and so on. He's always hungry for more knowledge, and likes to inspect other people's creations in order to learn from them. He's not afraid to disassemble his brand new $3000 oscilloscope to see how it's made. He feels perverse pleasure in using systems and products in ways their original creators didn't anticipate. You'd see a hacker use GMail as a file system. He'd run Doom on a iPod. He'd mount a webcam over his front door and will write a system to notify him for suspicios persons wandering in there. A good hacker can grasp a large and new system, and recognize known patterns, so in the end he could have some vague understanding of how it works, and, more importantly, where its weak spots may be.
Well, in that description you'd also find the people who bypass computer security systems and manage to steal your passwords, infect your computer with malware or spyware - because somebody didn't really pay attention while writing that OS or website. The "good" hackers insist on calling these people "crackers" - to make it clear that they intentionally crack computer systems for personal gain. Or differentiate between "white hats" and "black hats" (a dubious naming, since I can't imagine a hacker who isn't at least a bit "gray"). And besides, a lot of "hacks" don't necessarily rely on technical prowess - the "I love you" e-mail virus exploited the fact that a lot of people on the internet have unsatisfactory personal lives.
Anyway, the point of writing this article is to provide a good, non-mainstream example of how a hacker thinks, reasons, and works. Holywood is particularly bad at depicting hackers, and you'd see movie after movie, with the big fat budgets they have, but they never come close to a realistic hacking scene. I think they just don't want to do that. That hackers work mostly at night is but the only think they get right. Here the example goes:
----------
The task at hand was to buy a wireless doorbell for a partially deaf granny. It had to have one transmitter (the little box you put near the front door), and not one, but two receivers, one per room. This turned out to be a not well explored area in the wireless doorbell business, as none of the products The Hacker saw had multiple receivers. The offerings mainly differed in external design and boasted how many melodies they supported and how you could set the loudness level.
The hacker thinks: how typical of Marketing! They would make their point about insignificant details like number of melodies, or colors, but woudn't, for a change, mention at what radio frequency do the units operate, what type of error-correcting code is employed, and how many walls can the signal penetrate. Yes, one of them states the maximal workable distance, but of course doesn't mention under what circumstances...
The Hacker got two pieces of the cheapest variant and asked to unpack them at the counter:
The backsides of the transmitters and receivers had a label with a numeric barcode thing - it was the same for a transmitter/receiver pair, but differed between the two pairs. It was obviously not a serial number. The label also stated the frequency, the same for both pairs:
The hacker thinks: if they operate on the same frequency, then they transmit a specific code to differentiate, so that a receiver only rings up when it hears "its" transmitter. Otherwise what would happen if two people bought the same model wireless bell in the same block? You wouldn't expect one to ring them both, right?
Now The Hacker would hope to be able to change the expected code of one of the receivers. To be honest, The Hacker wasn't sure he could do it, but his intuition was urging him to try.
... well, I intentionally picked up the cheapest model out there. They can't be using anything too complicated inside. It should be cheap and easy, like a DIP-switch or configurable wiring. But definitely a simple and dirt cheap thingy.
When he got home, The Hacker found out that the receivers had something configurable indeed - a row of cut traces on the circuit board, some of which were connected with solder:
and, of course, the positions of the solder joints was differing between the two units:
The hacker thinks: We have some numbers here, with pluses and minuses. There must be a mapping between those numbers and the barcodes on the transmitters. But for the purpose of this task I don't need to figure out the scheme - it suffices to make the solder pattern identical on both units.
5 minutes later, the two receivers were ringing in unison, and there, two walls apart, was The Hacker, with a big, happy grin on his face.
----------
In conclusion... the next time when you'd want to explain somebody what a hacker is - send him here. Please. I'm fed up of these unshaven weeps in glasses, who hack multi-billion-dollar systems using novel, futuristic GUI systems, mumbling faux l33tsp34k. Correct portrayal of hackers must triumph!
#1 by Иван, posted on 2 Jun 2016, 08:35
15 милиНакова - мога да изтърпя това :D
Аз имах "Защита от хакерски атаки", в която идеята беше че най-добрата защита е нападението... и беше същата боза.