Old-school hacking and our stupidity

Saturday, Feb 19, 2011

Gulf News

There was an old story making the rounds last week about the easiest way to slip a virus onto a computer network. You simply load it on a USB drive — the more expensive looking the better — and drop it in the parking lot where someone on their way into the office will see it. They will probably take it to their computer and plug it in to see what’s on it, single-handedly destroying their employer’s network.

It’s a brilliant idea. Why bother with computer hacking, corporate espionage or any of that other cloak and dagger stuff? Just sit back and let human curiosity do your work for you.

The story was more believable ten years ago, when USB sticks were still relatively new. Today, if you don’t know that sticking a random USB stick into a computer is dangerous, then you’re just being wilfully ignorant.

Some things never change though. The reason the virus story was going around was because last week saw one of the greatest examples of foolishness by security personnel in some time.

It’s not as big as a Chinese guard opening the doors of the Great Wall to the northern hordes, but it’s still pretty stupid.

Now, I don’t know all the details, but the person who is at the centre of the story is Aaron Barr, the CEO of HBGary, a digital security company. Barr had the idea that he could identify hackers’ real-world identities using social networks. His first target was Anonymous, a non-hierarchical hacktivist group known most recently for digging up dirt on the Church of Scientology and coordinating attacks on companies that had withdrawn their services from Wikileaks after that site’s release of US diplomatic files. Barr said he was able to identify several members of the group, and in an interview with the Financial Times, said he was planning on giving this information to the authorities.

Maybe Barr figured that Anonymous didn’t read the Financial Times or that threatening to reveal their identities wouldn’t earn him the group’s undivided attention, but it did. The stupid part was when Anonymous was able to trick a system administrator at HBGary into resetting a password. Hackers don’t get access through some code. They get access because they fool someone into thinking they’re someone they’re not.

Snooping

That is modern-day hacking in a nutshell. I hate the word “hacker”. It brings to mind some pimply-faced geek sitting in a room trying to bust the encryption codes for the mainframes at Norad. In reality, hacking today is more likely to be someone snooping on you, hoping to get enough person information so they can steal your identity. The hacker who got into the HBGary system is probably a wiz with a computer, but is also someone with enough information on a company employee to fool security long enough to get a password reset.

Once that happened, it was all over. Anonymous gained access to the company’s entire e-mail server, which was then dumped and posted on Pirate Bay. Anonymous used the information from the server to take control of Barr’s Twitter and Facebook accounts. To put it mildly, it was then brown-trouser time at HBGary.

Anyone you talk to in the anti-virus computer industry these days will try to scare you with a story like this, which is usually followed with a pitch to buy their software. And you should.

However, you can have all the A/V software you want, but it’s not going to save you if you don’t stop and think. Don’t post personal details where strangers can see them, stay away from the red-light districts online, and whatever you do, leave that nasty USB drive in the parking lot.

TECH

NOTE

In reality, hacking today is more likely to be about someone snooping around on you, hoping that they can get enough personal information from you so they can steal your identity.

Scott Shuey Business Features Editor

ZAWYA NEWSLETTERS

RELATED ARTICLES

ZAWYA NEWSLETTERS

LATEST VIDEO