4 Things Movies Always Get Wrong About Computer Hackers
You're all smart people, I'm sure. You know that movies might not always be entirely realistic. That jumping away from explosions is only good for dying a little farther away from that explosion. You get that hacking in movies isn't always portrayed that realistically. It's not all rapid typing and leather pants and kick flips. You get that.
But no, you don't get that at all. Hacking still sounds pretty cool doesn't it? Even without the leather pants -- even with no pants at all -- holy shit, busting into someone's computer? How badass is that? Stealing passwords and credit card numbers and NOC lists, using nothing more than your brain? That's cool as fuck! Even if hackers can't do everything they can in the movies, (and holy shit, yes they can!) making a computer dance like a puppet is pretty cool.
"Man, I wish I could get porn on this thing."
I'm here to tell you that's not the case.
How do I know? You might not be able to tell by the prestigious dong-joke-writing career I have now, but I used to be a pretty big nerd, specifically of the computer variety. I have, by most definitions of the word, actually hacked things. I certainly don't claim to be an expert; I know just enough to know how much I suck. (Truthfully, my only real hacking experience was the time in the late '90s when I won a series of dance contests under suspicious circumstances.)
But I do know enough to tell you that everything you've learned about hacking has utterly failed to communicate just how completely fucking boring it actually is. Here's why:
Most "Hacks" Are Really Easy
The vast majority of events that you would describe as "hacks" are pretty trivial, only marginally more complicated than assembling furniture from IKEA.
"Fnord? What the fuck is a Fnord anyways? The Swedish god of laminated particle-board?"
It turns out that someone with little more training than watching The Matrix ten times is perfectly capable of cracking passwords or bringing down a website. Even you, dear Cracked reader, with your limited time for gaining technical expertise due to all the sex you're having, are entirely capable of conducting these hacks. Do you want to know how?
No bullshit. If you Google "How to hack Windows PC" or "How to hack Android" or "How to hack lesbian porn site passwords" you will find your answers. Maybe not right away; it might take a bit of clicking around, and even, alas, some reading. But before too long you will find a FAQ which explains exactly what you need to do. It will tell you the tools you need to download, and then sigh and provide you links to the tools you need to download, and then sigh again, and provide you instructions on how to install those tools, and then scream at you, and tell you exactly how to use those tools. And when all that's done, you'll have hacked something and be completely L337.
"Script-kiddies" is the term for those who hack this way exclusively; a label which is not, as you might expect, derived from some kind of prescription-drug/pedophilia fetish, but from the fact that it takes very little thought to run someone else's scripts (i.e.: hacking tools someone else has made). Many of the stories about websites being taken down can be attributed to this category of hackers, who use premade tools to scan their targets, premade tools to exploit those targets, and premade tools to insert more dongs on the front page than normal (or less, if that site's audience demands dongs).
"Oh shit. Cracked has less dongs today. Why did I ever give those guys my credit card number?"
Private note for the approximately half of you who have already opened another browser tab to start hacking things: It can take substantially more expertise to actually get away with what you're about to do. Please, for the sake of our overcrowded prisons, stay your hand. Your clammy, clammy hand.
But When It's Hard, It Takes Way More Work Than You Can Imagine
Most of the interesting stuff about hacking isn't how those tools are used; it's how they're made. I've never done anything even close to this, because it looks like it takes a lot of effort. But I know enough to describe it.
What these hacking tools are doing is taking advantage of flaws in software or hardware. These flaws, and the methods of taking advantage of them, are called exploits. An example would be if you had come up with a system for securing your house where, after you locked the front door, you placed the key under the doormat. The flaw in this system -- that you're an idiot -- can be exploited by a hacker with the following hack: Checking Under the Doormat.
This type of security may be acceptable if the only thing you have worth stealing is the doormat itself, in which case, it actually qualifies as a clever ruse.
Sounds simple enough, but when the systems involved get more complicated than idiots and doormats, the flaws become harder to find and the exploits become harder to create. Here's an example of a much harder exploit: an ATM hacked to make money spew on the ground.
In action, once the exploit is prepared, it takes only a couple seconds to execute. But if you read this news story, you see a hint of what had to be done first:
" then reverse-engineered the machines' code and created his own version of the firmware that could be installed on the machines ..."
It'd take a real idiot of a writer to think that one sentence could communicate the amount of labor that went in to "reverse-engineering the machines' code." So I'll try with one paragraph:
Step 1: Obtain an ATM. Surprisingly, this isn't too hard; you can get them on eBay apparently.
Step 2: Figure out as much as you can about how the ATM works. This will probably involve obtaining the manual from the manufacturer, and then partially disassembling the thing and looking at all its naughty bits.
It's an acquired taste getting off on this, but it can be done. To an electrical engineer, this is basically the equivalent of butt stuff.
Step 3: Based on how you think the ATM works, abuse it a bit. Find its various inputs (the keypad, USB or network ports) and feed them crazy gibberish. See how it likes that. This will tell you more about how the ATM works internally.
Step 4: Break the ATM. Like a spurned lover or a really sinister psychiatrist, use everything you've learned about the ATM to destroy it. This is going to involve technical things like stack overflows, code injections, birthday attacks, race conditions, or any of a thousand other attacks you've never heard of.
For just about every part of that procedure that didn't involve eBay, it would be super handy if you were an expert at reverse engineering, computer security, or witchcraft. And even knowing those sinister lores, this isn't done in minutes; you're looking at days or weeks of work here.
I should be clear, if you are a real big computer nerd, none of this is boring at all. Taking apart a machine or piece of software, staring at oscilloscopes or pages of hex for days and weeks; that's fascinating stuff to the kind of person with just the right chemical imbalances in their brain. But it's not fascinating to the average layman, and certainly not interesting to a movie producer, which is why you've never seen it in a movie before (the closest we've come is this gibbering nonsense). Film of someone hacking hex code is about as cinematic as someone flipping through television channels for twenty six hours.
And that's not even the slowest type of hacking ...
Sometimes There's a Lot of Sitting and Waiting
When most people think of hacking, they probably picture someone sitting in a dark room frantically typing, every keystroke chipping away at the firewall, just steps ahead of the authorities and their sinister plot to give out C's in English.
"Eat me, Ms. Watson! Symbolism is BULLSHIT! WHY DON'T YOU JUST SAY WHAT YOU MEAN!?"
The details may vary, but they'll certainly picture something tense and fast-paced, where every second counts. At no point during this hack do they imagine the hacker wandering off somewhere for several months.
Viruses, Trojan horses, and worms are a group of semi-related programs that, once created, spread around completely on their own, which can take a lot of time, but allows them to damage or compromise a lot of computers. This is how some of the most impressive hacks of all time have been pulled off. Like the Stuxnet worm which knocked out Iran's nuclear fuel enrichment capabilities. Or the Trojan horse which blew up a natural gas pipeline in Siberia.
So not only does this type of hacking involve making the virus, with all the tedious weeks of programming, and math, and probably -- no shit -- whiteboards and meetings, that goes into that. Once that's done come the months and months of waiting. It's about as exciting as planting a tree, except with the fun possibility that the FBI will come kick in your door when the tree ... hatches?
It's hatches, right? Hackers don't go outside very often.
The Most Effective Hack of All
The biggest security hole every piece of software or hardware has to try to deal with can be summed up thusly: Humans are stupid. (In case you need confirmation of this, Cracked has written approximately 8 billion words on this topic.) And it's this stupidity that hackers take advantage of for the simplest and most effective hacks of all.
First, there's all the problems with our passwords -- the central element of so many of our security systems. Our terrible, shitty, easy-to-guess passwords.
"What do you mean derp28 is only Fair strength!? Ok, then how's derp29? WHAT!?"
But maybe you're smarter than that. Maybe you picked derp30. Well, there's also the professional stupidity to worry about, like the idiots you've given your passwords to for safekeeping.
When you sign up on a social networking site, you're not conducting an in-depth interview with their head of network security are you? No, you're there to stalk ex-lovers. So you're maybe not paying much attention to whether that site has any clue of how to store passwords securely, which it may not -- as 6.5 million LinkedIn users found out earlier this year when their passwords were spooged out all over the Internet.
And then there are the companies that will just give your passwords to anyone who asks nicely. Using techniques that fall under "social engineering" -- a fancy name for "taking advantage of people who answer phones for a living" -- hackers will trick customer support departments into giving out personal information. Here's an example of some dude getting his whole life destroyed because a hacker called Apple and Amazon and asked them nicely first.
"Mr. Jenkins, why do you sound like three giggling teenagers? You have Fart-Mouth Syndrome? I'm so sorry! Yes, I'll reset your password right now. I'm sorry again."
This is one of the oldest types of hacking, and because humans aren't going to get much smarter, and are unlikely to start paying people who answer phones any better, it's likely to remain amongst the most effective and widely used hacking techniques. And that's the lamest truth of all about hacking: The most effective hack of all time is exactly as exciting as making a fucking prank phone call.
For more from Bucholz, check out 5 Romantic Ways To Get Revenge on That Special Someone and The 35 Most Insane Halloween Costumes from Around the World.