Hacking Myths (presented to you by Hollywood)
The word “hacker” in Hollywood is interchangeable with an alchemist (the successful type). Screenwriters just assume that using some words like “neural” or “encrypted”, punching the keyboard, or many weird pop-ups on the screen will justify the hacking. They figure the average person see hacking as some sort of magical thing. So they have the make it looks like a scene from Harry Potter. This is one of the times that Hollywood made a job hilariously superficial.
Myth: You can hack into ANY mainframe over the Internet
These words go side by side in movies. “Hack the…” certainly the next word would be “mainframe”. That might let you imagine a website with a giant pile of secret records hidden from the world. And hack deep enough into NSA’s website and you might find what’s the favorite snack of the Loch Ness monster. People who start with hacking have a perception in their mind that they’ll be doing things like running decrypters, cracking mainframes and of course having some junk food at hand, all this while rocking a hoodie.
Some part of it is true though.
But the idea that you can get into any major computer system through hacking some websites right out in the public eye is rather vague. They may have a database online that you can access through an username and password. But their records aren’t going to be kept in any kind of public-facing database. As that idea is plain stupid. You won’t find the proof for existence of aliens on defense.gov
Even in other to get close to that mainframe, you have to know a ton of secret internal information in order to have a mere shot. Those servers that you might be looking for and connected to a company-wide intranet. Think about it why would Microsoft will pay to host their billions of gigabytes of data of secret files in the cloud? That would be like paying thousands of dollars to install a bulletproof glass shield over your front yard with a sign hanging around “Come and Take It”
Look at Edward Snowden, the guy who made headlines by stealing all secret information about NSA’s spying program. He didn’t steal it by “cracking through” NSA’s website. He got it all from the inside because he worked there as a high ranking system admin. There is very little hacking and brainstorming required with “You Got The Keys”.
Myth: Hacking means you need all of those exotic interface software
Okay, I get it. Hollywood needs to make hacking applications look visually appealing, with some dazzling colors and animation to make blatant looking hacking process sexy. Hollywood gives hacking the same treatment as it gives to military, archaeology etc. But in the process of doing so, they make hacking tools look more like something an alien would use. Well, this is how the actual hacking tools look when in use:
If those pics look like something out of your web browser, “You’re goddamn right”. The common kind of hacking these days is called the “Web application hacking”. This is where white hats look for vulnerabilities on different systems on the web. And report those to the administrator to make them safer against attackers and make some money in the process. And black hats do this kind of hacking, well cause their assholes.
So if you ever see some hackers in an IT office just browsing the web, and you’re wondering why they are paid for just browsing the internet. Instead of getting called in the boss’ office. This would be a fitting logical assertion.
In fact, this is one of the ways hackers find vulnerabilities in a website, by reloading it over and over again trying to break the filters (Or maybe cause they’re too frustrated or bored).
Here’s the catch, it doesn’t look exotic that doesn’t mean that any old piece of hardware can get the job done. Strangely enough, the same movies which show hackers working with some sort of futuristic artificial intelligence. Show them working on laptops. Of course, if you’re a badass hacker, you can’t be tied down to a desk!
But most of the hacking involves brute forcing i.e. trying hundreds of thousands of things slightly different until something breaks. And by judging the context it’s been used for, you can tell that it requires POWER.
Maybe, you can get by with a laptop for a while. If you’re working only on one app or site in one particular field at a time. Though that can be vaguely very time consuming, but yeah, that can work. But if you work on the industrial level, you have to test hundreds of sites with tons of parameters. That can melt your little dreamy laptop’s internals. That’s why the most of the serious hackers do it on a bulky(ish) high-end PC. They usually don’t include seven monitors and crazy flashy lights. So, not exactly a gaming setup.
Myth: Hacking Is Illegal
Some people think hacking in more like “Fight Club” Rule #1: “You don’t talk about it”. There are obviously people out there who want to hack in the service, for evil – without them, white hats won’t have a job. White hats are the hackers paid to hacker into systems to find its vulnerabilities and report it to the administrator. More like preventive vandalism.
The other side of white hats is more like a bounty hunter: finding bugs in Web applications and collecting bounties for reporting them. Facebook pays a minimum of $500 for evidence of a bug. Google pays upwards of $20,000 for smelling a bug serious enough. They’ve shelled out $2 million in last three years because being the world’s largest search engine makes you a gummy bear bag of vulnerabilities.
So, yeah most of the real hackers spend most of their time trying to break into high-profile websites. But not cause they’re some sort of rebels, fighting the ones in power. They’re doing it to help to make those websites a safer place, and because it gives them piles of big money. (As tempting as it would be to replace your boss’ profile picture with a penis. But wouldn’t you rather turn that vulnerability into a year’s mortgage?).
Most of the “real” hackers work as normal people in a typical office, they have families. They’re not some isolated sociopath nerds, who are obsessed with anime. And think the world is an illusion that needs to be replaced by them.
Myth: Hacking requires you to be faster than Usain Bolt
A lot of movies have shown hackers furiously typing (well, punishing it) on a keyboard to CATCH a bug or something. See fellas, movie hacking can be a fast-paced job, requiring reflexes of a gaming champion. Surprisingly, it makes sense. You have to outrun security guys, other hackers – it’s the computer equivalent of a wild west gunfight. In the typical hacker duel, the attacker is firing commands to trigger viruses at a lightning speed, while target’s own staff of nerds is racing to attack them in real time. While dodging their attacks with complex keyboard commands. Gosh, I do wish that was true!
Now, let’s come back to the real world. Here, most of the hacking tools are fire-and-forget. If you want to break into a site or IP address, just pick the tool, “aim” it, and hit go. The comes the most important step in the hacking world, walk away from your computer and grab some snacks, coffee. And wait until the tools finish trying stuff and get the logs ready. A lot of hacking is pressing”start” and then zoning out.
But remember, this is not to make the hacking sound like it’s easy and effortless. Those tools mentioned above are right only a certain percentage of times, and rest of the times will do absolutely nothing. And even after say you have found a vulnerability, it takes an expert like 15 mins at least on actually working out on breaking in.
If you’ve come this far reading, you might be thinking it really doesn’t require an expert even for professional hacking. Well, brace yourself for the biggest myth of all.
Myth: You gotta be an expert, at least
There’s a reason, right? Why we see movie hackers locked in their basements. All the burritos and Cheetos stains (it’s due to sheer hard work!). They spend rest of their life’s every hour getting better at hacking. They’re our planet’s only hope.
Now back to real life again, these warriors go to career fairs, hackathons and security companies hire people with almost no experience in hacking at all. It doesn’t require years of study and practice (R.I.P. all those keyboards, for all the torture you’ve endured). They assume that people who they’ve hired have no knowledge of how the internet works (things other than googling). They generally take people easily from zero to hacker in around six months easily.
It doesn’t take all you’ve got to be a hacker. It’s just like any other profession like architecture. Sure, there are some people who create buildings like Burj Khalifa. But still, people are out there making a living making base model 2 story homes, to get a paycheck to keep their respective fields going.
In fact, there are only about 50 different types of threat in total officially recognized by the Web Application Security Consortium. And you’ll have to do only a handful of those. It only takes you a week or two to get started with hacking. Sites like HackThisSite.org can train you with basics intact within one or two weeks.
Learning and testing for vulnerabilities are the easy and most part about hacking. That hard part starts when you have to control your urge to exploit that vulnerability. Cause there’s more money (and less jail time) in resisting that urge to replace the background of Bank of America with bigelajcuapee.jpeg. Cause that’ll ensure that you’re still drawing out a nice salary. You won’t be that famous though for doing this. So, that’s a downer.