Daniel Rutter looks into some popular hacks and discovers it’s not all cyberpunks and code-warriors. Here’s the real deal on net security..."Hack" is an overloaded word.
A hack can be a quick and clever piece of programming, or it can be a dumb and clumsy one. It can be a cunning way of making a device, technology or whole area of human endeavour better, or it can be the heart of a scam that steals from millions of people.
‘White hat’ hackers have been trying for decades to get people to call the bad kind of hacking ‘cracking’, or at least something other than just ‘hacking’. But that battle’s been lost. Hackers in the popular media today will usually be stealing credit card numbers, or (allegedly) scheming to destroy the Western world.
Authoritarian fantasies, lousy reporting and terrible movies aside, all real hacks, good and bad, have a long and fascinating history. Hacks in the context of computation go back as far as computation itself, which is much, much longer than the history of the electronic, or even the mechanical, computer.
When Diebold’s web site offered qualified buyers the chance to buy spare keys for their AccuVote-TS voting machines, for instance, the listing included a detailed picture of the actual keys.
Ross Kinard of SploitCast.com was, I imagine, rather pleased with himself when he thought of grinding blank keys to match that picture. And yes, it turned out that all of the keys were the same.
The details of this story are very modern, but devious key duplication is, of course, about as old as locks. Which is to say, about six thousand years.
A large part of the history of hacking is repetitive, because the same old tricks can keep working over and over when people trying to secure a system – a computer, an office, an election – don’t try hard enough.
In the computer hacking world, there’s not much interest to be found in the millionth web site that doesn’t stop people from typing in SQL commands as their username, or the millionth program with a buffer overflow vulnerability, or the millionth company that puts a file full of plaintext passwords on an open server that Google then cheerfully indexes for them.
If you discover that some dumb web site will treat you as having an account if you just append ‘?loggedin’ to a URL, congratulations, now you’re a hacker. But only about as much of a one as someone who can jog around the block is an athlete.
So never mind the boring stuff. Herein, I have chosen a few recent hacks that made big news – in certain circles, at least – all of which are new, but all of which also have their own, often lengthy, history.