Ah, low-level hacking. When people picture hackers, they think of the unshaven overweight twenty-something sitting in their mother’s basement typing furiously into DOS and taking sensitive corporate documents through a back-door worm they programmed and installed on that particular computer while they were out doing tech-support for them. While this Hollywood movie stereotype does exist in real life, it’s far more likely that the hacker you are dealing with is a
12-year old kid who knows how to find the one crack in the system to get what he wants.
Take, for example, Cosmo The God. Cosmo is a
12-year old 15-year old kid and is going to jail for various charges related to hacking. He was a member of UGNazi, a hacking group made up of kids who knew how to social engineer. Cosmo was the shining star of the group, and figured out how to talk his way into anything. The best part about his hacking is that he didn’t need you to participate in any way. He found security flaws in companies like Netflix, Windows Live, Amazon, and Apple. These holes didn’t involve computers directly, they were dealing with employees. And he would gather trinkets here and there until he had a folder of everything he wanted on a target, then launched his attack.
UGNazi targets included the president of UFC, PapaJohns.com, state websites, mayor Michael Bloomberg, and the CIA website. They were chosen at random; sometimes for something they did or said, sometimes for the lulz. They stole the information of Matthew Prince, the CEO of cloudfare, in order to get into the system and redirect 4chan’s url to the UGNazi twitter feed.
There is very little these people could have done to prevent this. Most of them did everything by the books in order to stay safe online. If it wasn’t a small mistake they made, it came down to social engineering and poking small holes in various companies. At the end of the day, hackers can and will be able to steal all your information if they really want to. So don’t piss off the wrong people, or be high-up in the corporate ladder, if you want to be truly safe.
An article about Cosmo and UGNazi: http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/all
DefCon talk about how to steal information without interacting with the person: http://www.youtube.com/watch?v=5CWrzVJYLWw