3Myth: Hacking Requires All Sorts of Exotic Software
Here's how hacking looks to Hollywood:
Or maybe like this:
"The red stuff is computers, and the white stuff is Internets."
Obviously Hollywood sexes up hacking applications to give the audience something dazzling to look at -- it's the same treatment movies give to everything from car crashes to archaeology. But this gives the impression that most hacking involves working with interfaces quite a bit more alien than what the actual aliens were using in Independence Day. Well, here are some ACTUAL hacking tools in use:
Webroot Threat Blog
Note the distinct lack of skulls.
If those look like they're something that runs in a Web browser, you're right. The most common kind of hacking these days is called Web application hacking. You're looking for vulnerabilities on different websites. White hat hackers do this to make them safer, and black hat hackers do this because they're dicks.
So if you came by our office, it'd look like we were all just browsing the Web. Endless, flowing green text looks cool, but the human brain does a lot better with something sensible, like this:
Hacker's Online Club
Losing that second "L" is the only reason this tool wasn't buried under an avalanche of Craftsman ads and porn.
In fact, a lot of my job is just reloading Web pages over and over again -- it's one of the ways you can try to break the filters on a site. You keep trying slightly different exploits and reloading the page dozens of times until you find something that works.
But note that just because it doesn't look exotic doesn't mean any old hardware can do the job. Strangely, the same movies that portray hacking as requiring some kind of futuristic virtual reality interface also show hackers doing their work with laptops. Remember Justin Long in Live Free or Die Hard, popping open his laptop and rolling out his little keyboard? If you're a badass outlaw hacker, you can't be tied down to a desk, damn it!
Nor can you be arsed to button the top 3/4 of your shirt.
But most hacking is about brute force: trying hundreds or thousands of different things in slightly different ways until something breaks. You need horsepower for that.
Now, you could maybe get by with a laptop for a while ... if you're only working on one app or site in one particular field at a time. But when you're talking about serious industrial work, you need to be able to test hundreds of sites and parameters simultaneously. And that's going to melt the processor in your little laptop (literally -- I have a nice gaming laptop, and whenever I run a test on more than one or two parameters, I have to cool it down with a fan). That's why most serious hackers I know do the bulk of their work on something akin to a high-end gaming PC. These usually don't have the seven monitors seen in the Swordfish setup, however:
We also tend to prefer backlit keyboards to a half-dozen lamps.
And speaking of guys furiously hacking while getting blown with a gun to their head ...
2Myth: Hacking Requires Lightning Reflexes
Jan Will/iStock/Getty Images
A lot of movies show hackers furiously typing on keyboards, commands flying across their screen too quickly to see -- movie hacking is a fast-paced job, requiring video-game-honed reflexes. It makes sense: You've got to outrun security, other hackers -- it's the computer equivalent of a gunfight. In the typical hacker duel, the attacker is firing commands and viruses at the system, while the target's own staff of nerds is racing to cut off the attack in real time, trying to chase down the hacker while he jukes and dodges with complex keyboard commands.
"Hack harder. Faster."
In the real world, most hacking tools are fire-and-forget. If you want to break into a site or an IP address, you just pick the right tool, "aim" it, and hit go. Then you walk away from the computer for a while until the tool finishes trying stuff. A lot of hacking is pressing "start" and then rolling out to grab some coffee.
This is not to make hacking sound effortless -- those tools are only right a certain percentage of the time, and the rest of the time will do absolutely nothing. But they do show you where the problems are. I'll spend maybe an hour letting the tool find a weak spot and then 15 minutes actually working out how to break in.
If this is making it sound like even professional hacking doesn't require an expert, well, let's take on the biggest myth of them all ...