LEFT TO MY OWN DEVICES: The problem of the hackers’ cafeteria | Columns

Since I’ve been tracking cybersecurity issues the levels of sophistication and experience necessary to levy attacks have gone by the wayside. In the “good ol ‘days” of hacking, it took a real investment in talent development and tech skills to craft offensive digital campaigns. Going even further back in time, when “War Games” captured our technological imaginations and Kevin Mitnick pioneered payphone hacking with real ingenuity, the malicious acts were purely innovative and novel.

Like the purer era of baseball — when home runs were rare and designated hitters were nonexistent — or the Southern California launch of car culture — when carburetors and points distributors reigned — there was a level of respect, if not mere nostalgia, surrounding the earlier hacking communities. Back in the day, many hacking incidents had as their motivation pride and accomplishment rather than aiming for riches. There’s always been a contingency of computer criminals after easy money, but when the practice of manipulating ones and zeros toward seemingly criminal ends was in its infancy, many did not consider the perpetrators as bearing criminal intent. Bragging rights might be the most effective phrase to describe their lawlessness.

Personally, I hold no place of esteem or respect for either stripe. Whether you’re breaching legal, moral, or even ethical norms by leveraging computing power for fame, riches, reputation, or any other objective, you’re afoul of the law, and therefore not operating in a healthy manner as part of society. Admittedly, despite this position, there are softer spots in my scope of judgment of hackers for those who wielded their craft for less harmful sakes, though still the harm was done.

By definition, if I have a little less ill will toward first-gen hackers I must have greater disdain for the modern-day iteration. That’s true. There’s something especially egregious about a 21st century hacker who is purely driven by greed and criminal fruits. Another layer of disrespect piles on for those who, for all intents and purposes, are poseurs within the hacking community. The phrase “off-the-shelf” hacking tools best relates to this sentiment.

There are scores if not hundreds of ready-made, user-friendly tools to fulfill the lazy wishes of some hackers in the current environment. Too many experts and trade publications have claimed that “any teen in their basement can acquire hacking tools able to take down [insert sector, government agency, critical infrastructure component]. ” It’s stated so frequently that we’re almost immune to the fact that many times a serious incident or breach does follow from a kid’s basement borne activities. The problem isn’t limited to teens since genuine criminal organizations have also taken note of the marketplace.

Most cybersecurity literature is in agreement that better than half of all computer crimes are committed by organized crime groups. This isn’t limited to the Sicilian or Russian Mafia. “Organized” crime is meant to describe nothing more nuanced than the phrase invokes: Two or more criminals who’ve organized a criminal endeavor. Groups of hackers, oftentimes having never met each other, comprise organized crime when they’re aiming at the same illegal ends.

Whether a lone wolf hacker, a group of hacktivists — purportedly using hacking tools to make, in their minds, a better world — or organized criminals, there are now so many off-the-shelf, canned, prepackaged hacking tools for them that all it really takes to break into a computer is one’s criminal will and some time and a little money.

Ransomware, malicious software, password cracking, botnets, which creep around the internet and overpower various machines, sometimes of yours and mine, are all for the offering. Grab your tray and get in the cafeteria line. So much, and so ripe for the taking. You don’t need to know coding. There’s no learning curve to understand Windows registries. If you even consider covering your tracks, there are simple tools for that too.

Much of this would take you no more than a half-hour to locate and obtain freely, or at very little cost. Everyday searching no different than for a recipe or what series to binge next can also reveal hacking solutions. However, if you really want the superstore rather than the quickie mart, head to the dark web.

The dark web is nothing more than another part of the world wide web. The world wide web is comprised of internet destinations, most of which are indexed uniformly so that users can find them. Anything you find via Google, Safari, or Alta Vista (!) Will have been indexed so that it’s accessible. Search engine results for everyday users reflect responses that had been indexed and that are likely related to what we tried to find. The other part of the web, all the information unindexed, is commonly referred to as the “deep web,” and therein exists the dark web.

To get to dark web’s unindexed materials you need a special search engine or some other utility. Those help identify and locate the unindexed materials, some of which are hackers’ tools; or narcotics, weapons, hitmen. Three dark web sites in particular offered up relatively user-friendly hacking tools. None of them are available any longer thanks to the FBI.

For hackers, a new alternative to weleakinfo.to must now be found. The weleakinfo services included a search engine where criminal users simply entered a name or other personal information. Then, a report with all the target’s available personal information, including that compromised by previous cyberattacks or breaches, would result. At ipstress.in or at ovh-booter.com, you could order up a cyberattack not too differently than ordering a pizza to be delivered.

Those and too many more are all too easy to access without much tech savvy at all. There’s the real problem. At least in those [not-so-] good old days of hacking there was some prerequisite IT know-how needed. Now, anyone with a little time and money can take down just about anyone or anything.

Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.


Leave a Comment