If movies are to be believed, hackers are mostly kept busy fighting the man with CGI animations of smiley faces, or else dwelling in the darkest corners of their mothers' basements and doing purely nerdy stuff that never affects the real world. But neither assumption is true: Hacking does not look like a rad skateboarder busting a kickflip over an onyx tower, and hackers do gain access to things that can affect your daily life ... and sometimes, even end it.
We think we have a pretty good idea of what hackers are capable of: stealing your personal information, crashing your computer, Rollerblading like a sonofabitch and making out with Angelina Jolie (back when she was hot, before her alien DNA kicked in and she started looking like a hawk-monster).
But today's hackers have finally crossed a line, and must be terminated with extreme prejudice. The offense? They're trying to destroy your wang.
"The good news is that your leg is going to be fine ..."
The newest MacBooks contain batteries with small monitor chips installed. It's such a discreet addition that Apple didn't feel the need to secure it, which of course means that hackers everywhere had to immediately set to work exploiting it. It gets pretty technical, but the gist of the process is this: The software uses a default password, which is the same in every single MacBook. By reverse engineering the firmware, hackers can render the battery useless or inject malware into the system through the chip (and you couldn't even wipe your hard drive and reformat the system to get rid of it, because you probably won't think to check your battery for a virus).
"Is it enough to Sharpie 'Avira' onto them?"
Or, if they're feeling particularly villainous, they could just overheat the battery of your laptop (so named because it sits on top of your lap, which, you'll recall, is where you keep your junk) to the point of bursting into flames or exploding. That's right: Hackers are after your penis.
There is just no version of that sentence that is anything less than terrifying.
"Definitely that guy. You don't play a druid without repercussions."
Security specialists at the University of Washington and the University of California have shown that new cars with computer systems onboard face a real security threat from hackers. These scientists were able to gain control of two vehicles and operate more than a dozen functions while the cars were in motion. This included things like braking, selective braking of each wheel (thus effectively "steering" the car) and shutting off the engine completely. Scarier still is that once they gained control of the vehicles, driver input was totally ignored: The pedals, wheel and switches all had no effect. They were also able to launch a "composite attack," in which the malicious software would be erased after a crash, effectively leaving no evidence of tampering.
Just a quick flash of smoke followed by confusion and a throwing star.
Being vehicular-manslaughtered by cyberwarriors is the worst case scenario, of course.
It's far more likely that these exploits will be used to simply steal the cars. Experts are predicting that the future of car theft is a split venture, with hackers selling their services to car thieves by providing them with the GPS location of the vehicle, then unlocking the door and starting the engine remotely so the thieves can drive off with it. Possible points of entry for a car hacker are through Bluetooth, a cellular network, the freaking tire pressure monitor and even music files. Yes, the next song you download could be your last, if the wrong hacker has been into it. So while we agree that Journey's Greatest Hits is indeed a sweet album that you totally need for that road trip, you have to ask yourself the question: Is it worth dying for?
We'll never stop believin'.
(The answer is yes, obviously.)
When Scott Lunsford, a researcher for IBM's Internet Security Systems, told the owners of an American nuclear power station that he could hack into their system through the Internet, they laughed in his face. They told him that he couldn't do it; that it was "impossible." Then they left to look up the word "hubris" in the dictionary while Lunsford hacked the holy shit out of their systems. It took his team less than a day to infiltrate and less than a week to take full control of the nuclear power station. He claimed it was "one of the easiest penetration tests" he had ever performed.
We're pretty sure he was talking about the colons of the owners.
While he couldn't have caused anything like a meltdown, Lunsford is still convinced that if he had been inclined, he could have done some significant damage within the system. All it would have taken was simply "closing a valve" to shut off power to most of a city. The particular system Lunsford hacked to gain control of the plant is powered by something called SCADA (Supervisory Control and Data Acquisition) software, and the bad news is that so is most of the rest of America's infrastructure. SCADA controls things like water filtration plants and subway networks all across the nation, and its security is becoming weaker by the day, mostly due to ever-increasing Internet connectivity. Lunsford imagines a variety of catastrophic possibilities if cyber-terrorists ever learned of these exploits in the SCADA system, like he just did, and like we're telling you about right now (uh ... sorry, America).
Eh, New York doesn't need electricity anyway.
Odds are that if you're reading this, you have a Webcam pointed at you right now and -- NO DON'T LOOK AT IT! Just be cool, OK? Act natural ...
Most likely, there's nobody watching you. We assume even bored hackers have better things to do than watch someone play Call of Duty and distractedly drop Fritos on their underwear. But if a hacker ever did want to gain control of your Webcam to spy on you, it's very doable. In fact, improperly or entirely unsecured Webcams have entire sites devoted to them: Here's a whole subreddit of controllable Webcams that you're going to lose an entire afternoon clicking on, just because you can.
They've been standing like that for six hours. And it is so hot.
Webcam manufacturers are well aware of this problem, too. Companies like Logitech are already fitting their Webcams with privacy shields (a fancy term for "lens caps") to protect their users against unwanted access. As far as a motive for this kind of invasion of privacy, there are few reasons to hack a civilian's personal Webcam short of spying on women changing ... aaaand that's exactly what the majority of cases turn out to be.
Don't let this stop you from watching that True Blood torrent during your weekly underwear pillow fight.
So if you're an attractive woman reading this and you're worried about your privacy, check for the LED indicator next to your Webcam to see when it's active. And, uh ... maybe send us a thank you message for introducing this vital information to you, and then just continue about your normal business: checking your email topless.
Bras make for a suboptimal Internet experience.
Remember the "easy money" scene from Terminator 2, when John Connor and his friend hack an ATM with a portable Atari computer? That wasn't fiction. (Well, that one part, anyway. The rest of that movie was absolutely fictional. Sentient killer skeleton robots do not exist, and "Hasta la vista, baby" is not a thing that reasonable human beings say to one another.) Unlike most companies, ATM designers haven't been getting hacked much in the last decade or so, and as such, their security measures are slightly behind the curve.
At last year's Black Hat technical security conference, IOActive Labs' Director of Security Research, Barnaby Jack, wanted to demonstrate just how easy it was to hack a couple of ATMs. He didn't need to open up the machine or even make a withdrawal to accomplish this. He did everything entirely remotely, using only his laptop and a program called Jackpot. When he was done, a jaunty little tune played on his speakers, the word "jackpot" flashed on his screen, and the ATM started spitting out bills all over the place, presumably while Barnaby kicked his heels together and yipped like an old-timey prospector.
Roughly 40 percent of you are now typing "Jackpot full download" into Google.
By 2020, the U.K. wants to have a smart meter in every home to measure gas and electricity consumption. The devices send real-time data directly to the utility companies through a Web connection, thus providing customers with constantly updated information on energy conservation while simultaneously helping to manage national demand more efficiently. The smart meter sounds like a reasonable idea to us working stiffs (well, we're not really working, but we sure are stiff!), but where we see just a little gray box outside that gives us power, a hacker sees a bunch of low-hanging fruit with minimal security, spanning the entire country.
Time to bake some hack pie, baby!
If just one of these boxes was infected with a worm, it could theoretically bring down the entire grid. In the case of the U.K.'s future national "smart grid" plan, that could potentially mean cutting the power off to an entire country.
That's why the really good Modern Warfare players own generators.
Worldwide, there are already 40 million smart meters in use, and several of those networks operate in the U.S. Yet another team from IOActive (these guys are starting to sound like equal parts Robin Hood and Doctor Doom, aren't they?) developed a worm and used it to illustrate the security flaws in these systems. With this worm in place, they did exactly what they warned, and successfully took control of an entire American power grid. Mike Davis, a senior consultant for the firm, issued this ominous statement: "We can switch off hundreds of thousands of homes potentially at the same time." He didn't append the statement with a list of demands or anything, but we're forced to assume that it was followed by some sort of maniacal cackling.
Everything from your car to your blender is getting upgraded with a computer chip these days. Medical implants like pacemakers are no exception. Since they need to be updated somewhat remotely anyway (otherwise all maintenance would involve major surgery), they do have limited outside connectivity, allowing doctors to access your stored medical history, your name and address and your doctor's name and address. Oh, and a skilled hacker can access all of it, too.
That's right: They can hack your goddamn heart.
And as if we need to say it: Obviously they can remotely stop it beating while they're in there.
"Damn you, V4g1n@B00bs87! Daaammnnn yoooouu ..."
In some devices, like an implanted defibrillator, which shocks your heart back into activity if it ever seizes up, hackers can remotely shut off the device and wait for you to die or, if they just ain't got all day, send it into test mode instead -- where the pacemaker repeatedly delivers powerful, fatal shocks to the heart even when it's already beating just fine.
Via Wikimedia Commons
But if you enter the Konami Code ...
Diabetic implants like insulin pumps have proven to be another security risk: When hackers get access to one of these devices, they can mess with the levels being injected into the body, which, again, can have fatal consequences. Jay Radcliffe discovered this hack while he was dicking around with his own diabetic equipment. At first he thought it was "really cool" that he could just ditz around for a few minutes and gain access to computers within his own body. Then he realized that any bored teenager with the right skill set could have total mastery over whether he lives or dies.
"Hey Dad, how big was that insurance policy again?"
He doesn't sleep well these days, we expect.
You know those full body scanners they have at airports now? They're essentially robots that strip-search you with science, staring right through your clothes to see if you're hiding a weapon or an embarrassing tattoo. But more disturbing than the simple fact that these pictures exist is the ease with which these X-ray devices can be hacked. Hackers can gain control of an airport's PC from hundreds of miles away and download these pictures in a flash, probably kick-starting a new half-transparent ghostporn fetish (and the Internet is already at near critical levels of fetish saturation).
Pictured: Critical fetish saturation.
The images these devices capture are supposed to be deleted immediately after security views them, but that's not always the case. Last year, images from an older type of full body scanner (slightly less naked-looking images) were leaked, and future privacy breaches like this are considered a very real threat. So if you're planning to travel by air in the future, maybe hit the gym, do a little waxing and be more selective about your underwear choices, because you never know who could be judging your naked body in the near future. (Us. It's probably going to be us.)
Oh yeah. This is ... hot?
For misconceptions about how awesome hackers are, check out 5 Things Hollywood Thinks Computers Can Do and 8 Scenes That Prove Hollywood Doesn't Get Technology.
And stop by LinkSTORM because the week is half over.
Do you have an idea in mind that would make a great article? Then sign up for our writers workshop! Do you possess expert skills in image creation and manipulation? Mediocre? Even rudimentary? Are you frightened by MS Paint and simply have a funny idea? You can create an infograpic and you could be on the front page of Cracked.com tomorrow!