Can Anyone Hack? Exploring the Truth Behind Hacking

[ISamson]

Hello.
During a session at my Coderdojo club at my school I asked a teacher if he could hack. He answered "Easy, many people can...".
Is this true?
I was also wondering if most hacking is done with the application 'Terminal'.
Thanks.

 

[QuantumQuest]

Hello.
During a session at my Coderdojo club at my school I asked a teacher if he could hack. He answered "Easy, many people can...".
Is this true?
I was also wondering if most hacking is done with the application 'Terminal'.
Thanks.

This brings the usual question about the definition of hacking vs.cracking. In any case the most important thing to note, is that they are both bad things if they are for anything other than research and testing in order to build more secure systems.

Now, to be more specific about your question, it is (unfortunately) true that anyone can be a cracker i.e. use already available knowledge, tools and other software / hardware things to penetrate a system, for various purposes. But hacking according to its original meaning is not an easy thing that anyone can do because simply it presupposes many years of knowledge and experience. There are examples of hackers that they finally became owners of security companies (one such is Anonymous).

As for the "Terminal" you refer to, this is usually referred as a legacy term from Unix systems and of course exists in the Unix descendants of today.

 

[Greg Bernhardt]

"Hacking" is an immensely broad term. It's like mathematics. Anyone can do arithmetic. Easy. Not everyone can do say complex analysis.

 

[jack action]

It also depends on the victim. For example, you can spend your evenings going through websites, filling forms with well known SQL tricks that will give access to their database. Well designed websites won't fell for the hack, but you are bound to find one once in a while that is not up to date security-wise.

It's like asking for someone credit card number or password with a phishing scam; you are bound to find one person that will fell for it.

 

[Greg Bernhardt]

It also depends on the victim.

Many cases hacking doesn't need a victim. Take for example you can buy an electronic or whatnot and "hack it" to extend or change capabilities.

 

[jack action]

Many cases hacking doesn't need a victim. Take for example you can buy an electronic or whatnot and "hack it" to extend or change capabilities.

The less time the manufacturer spent on security, the easier it will be to hack it for unintended usage.

 

[ISamson]

Many cases hacking doesn't need a victim. Take for example you can buy an electronic or whatnot and "hack it" to extend or change capabilities.

Would this not be 'Hardware hacking'? Like for example hack a radio and make it have more capabilities input/output capabilities, or anything else.

 

[phinds]

Would this not be 'Hardware hacking'? Like for example hack a radio and make it have more capabilities input/output capabilities, or anything else.

No, he is not talking about adding transistors, he is talking about changing the software.

 

[ISamson]

No, he is not talking about adding transistors, he is talking about changing the software.

I understand, but how would that be possible, like for example with a radio or watch?

 

[phinds]

I understand, but how would that be possible, like for example with a radio or watch?

Depends on the design. Digital watches have software, mechanical watches do not.

 

[ISamson]

Depends on the design. Digital watches have software, mechanical watches do not.

Digital. Like an IWatch, for example.

 

[phinds]

Digital. Like an IWatch, for example.

If it has software and connects to the internet, it can likely be hacked. If it doesn't connect to the internet you would have to have the equipment necessary to modify the internal code (and of course the knowledge of how to understand the code to modify it)

 

[newjerseyrunner]

"Anyone can hack" tends to mean "anyone can break a poorly designed website."

Hell, if I ping www.physicsforums.com, I could take the IP address that it shows me, then sent out a few thousand wget requests to that address on port 80, I could easily knock if off of the internet for a short time. I certainly have the server power to hit it harder that it could handle, but that's not really hacking. That's what people do when they say they "took down Westboro Baptist Church's website."

Then there is SQL injections. Some websites give you fields that you are supposed to fill in with information, which then gets sent to the server with processing. If they take the exact text you give it and put it in a SQL query, you can mess things up pretty badly. I did QA for a while in my life and the first thing I would check is to try logging in with the username "''; TRUNCATE TABLE users;" Smart engineers don't allow paths directly from the user to the database without verification first, but this mistake is made more than you'd think.

Then real hacking is when you use a terminal or some other socket (telnet or FTP sometimes) to actually gain access to the computer. From there, you can do anything you want as long as you get the root access. This is how real hacks like when someone actually changes the contents of a website. This is usually just for show. I remember a few years ago someone "hacked the FBI." What they really meant is that they vandalized fbi.gov, which is just a public facing site and has no access to secure information. This type of hack takes real skill and usually a detailed understanding of the underlying software being exploited.

 

[stoomart]

Hello.
During a session at my Coderdojo club at my school I asked a teacher if he could hack. He answered "Easy, many people can...".
Is this true?
I was also wondering if most hacking is done with the application 'Terminal'.
Thanks.

It's like saying "Anyone can rob a bank", but it takes an incredible amount of skill to rob the bank, get what you came for, and then get away with it.

Considering the cyber kill chain, the good thing for security is they only have to catch the attacker at anyone point in the campaign to be successful, whereas the attacker has to be successful at every point to avoid detection.

 

[Aakash Tomar]

I don't know if somebody has mentioned this, but it totally depends on what you are : a skiddie, or a cracker.
Now first things first - if you find security loopholes and exploit them for your own benefit, which usually leads to a loss for the victim, it is called cracking. Finding such loopholes is in general a very tedious task. However, there are some standard systems (say WiFi's). The methods to find and exploit loopholes in such systems have already been found by some smart guy with bad values.

Say you want to use someone's wifi without them knowing. You can do 2 things : use the already found method to do so, or find your own method. If you're opting for the first option, you just have to make some google searches and you're done. If you choose the second option, it is usually very tough. Therefore, it depends.