Hacking for dummies

Posted: February 10, 2014 in False or true?
Tags: , , , , ,

How many movies hacking scenes can you recall where hackers are practically playing a videogame? And I’m not just talking “Disclosure” here, which is not even real scifi. How uncool was that Jeff Goldblum manages to enter the invaders system in the proverbial nick of time and he makes all ships crash? The virus thing made way more sense in War of the Worlds and it was written more than 100 years ago. I can admit that cylons broke into the 12 colonies security (BSG) because, let’s admit it, they basically wrote the code themselves and left a trapdoor, but it is amazing how writers manage to put your traditional geeky kid in front of a military computer and have him break into a million dollars system in less than five minutes. With pretty screens, too! Did these guys never watch Wargames when they were kids?

ku-xlarge

The worst hacking scene I’ve seen lately was in Skyfall. Q believes himself so smart, yet he stupidly plugs a terrorist’s laptop into the MI6 network. Really! Because it would have been the first time he’s seen a virus, right? Not only that, somehow James Bond incidentally finds the keyword to decrypt the pretty, pretty lightshow that seems to be Silva’s most secret code flying around on screen and he does not even doubt it could be a trap? Please, bring back the old Q. Or, at least, Chloe from 24.

The worst part of the movie is that they throw around one-million-pound words like obfuscated code, or reverse engineering. And they probably just read the definition in the Wikipedia. The first like, that’s it.

Let’s go for the three major hacking screw ups that even us not-hackers can easily spot.

– Anyone who’s ever seen someone tampering with systems knows that hackers do not not fancy interfaces. They go for consoles, command lines and the such. Why would anyone lose their time to create a pretty visualization of low level data that eventually turns into a subway map of London(!)? I get that Bardem looks pretty crazy, but, really … If one is into pretty visualization of complex data, I’d recommend Visual Complexity. Even WIFI hacking, which is supposed to be open to general use, typically looks like this:

071712_1553_WiFiHacking2

– The code changes itself to prevent reverse engineering? Right, Malware does exactly does, but in order to avoid the problem, the typical approach to cope with that kind of code is to work from a virtual machine that can return the hosting computer to the point before the change. Think of it as a kind of Mac Time Machine or Windows Restore copy: if you screw with your system, you can always return to its last recorded state, right?.

– Finally, the obfuscated code thing also rings a bell, but not quite. Obfuscated code is a program written as complicated as possible on purpose, so that any potential reader won’t understand the source code. It is indeed used to deter reverse engineering, and also for recreational purposes, like writing tiny programs that do flashy things like writing poems, playing chess, or creating labyrinths like the one below. The main requirement is that understanding the code by reading it should be really hard, although sometimes the number of lines is heavily limited too.

www0.us.ioccc.org-2004-arachnid

On a non-recreational note, viruses also operate on obfuscated code often. This code is usually a mix of weird variable names, the most cryptic addressing modes and instructions and the use of a set of programs called packers and obfuscators. However, there are also programs to de-obfuscate code, like Beautifier. Although that might be too pedestrian for the new Q.

My advice: if you are going to write about hacking, get familiar with the field first. Or try nMap, it’s free.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s