Don’t Tread On Me; Or, How I Learned To Stop Worrying And Love The Hackers

Ah, low-level hacking. When people picture hackers, they think of the unshaven overweight twenty-something sitting in their mother’s basement typing furiously into DOS and taking sensitive corporate documents through a back-door worm they programmed and installed on that particular computer while they were out doing tech-support for them. While this Hollywood movie stereotype does exist in real life, it’s far more likely that the hacker you are dealing with is a 12-year old kid who knows how to find the one crack in the system to get what he wants.

Take, for example, Cosmo The God. Cosmo is a 12-year old 15-year old kid and is going to jail for various charges related to hacking. He was a member of UGNazi, a hacking group made up of kids who knew how to social engineer. Cosmo was the shining star of the group, and figured out how to talk his way into anything. The best part about his hacking is that he didn’t need you to participate in any way. He found security flaws in companies like Netflix, Windows Live, Amazon, and Apple. These holes didn’t involve computers directly, they were dealing with employees. And he would gather trinkets here and there until he had a folder of everything he wanted on a target, then launched his attack.

UGNazi targets included the president of UFC, PapaJohns.com, state websites, mayor Michael Bloomberg, and the CIA website. They were chosen at random; sometimes for something they did or said, sometimes for the lulz. They stole the information of Matthew Prince, the CEO of cloudfare, in order to get into the system and redirect 4chan’s url to the UGNazi twitter feed.

There is very little these people could have done to prevent this. Most of them did everything by the books in order to stay safe online. If it wasn’t a small mistake they made, it came down to social engineering and poking small holes in various companies. At the end of the day, hackers can and will be able to steal all your information if they really want to. So don’t piss off the wrong people, or be high-up in the corporate ladder, if you want to be truly safe.

 

LINKS:

An article about Cosmo and UGNazi: http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/all

DefCon talk about how to steal information without interacting with the person: http://www.youtube.com/watch?v=5CWrzVJYLWw

 

Advertisements

10 thoughts on “Don’t Tread On Me; Or, How I Learned To Stop Worrying And Love The Hackers

  1. I think it’s important to realize that you really can’t trust anyone, especially when you hold sensitive information that could cause harm. It’s more tempting for us to obviously trust younger people because what could they possibly do even if they’re 12 years old? But this could also lead to the point of becoming too paranoid and not trusting anyone at all.

  2. Social engineering really should be taken more seriously. It’s no longer the stereotypical computer geek trying to steal information, it’s that friendly neighborhood kid (possibly twelve) who just brought the elderly lady her mail, and took down the sensitive information from her social security check this month.

  3. I think that saying you cant trust anyone is a bit extreme. Instead, I believe, people need to be more cautious with every thing they say. People need to know what kind of information is dangerous to give out and the only way you can achieve this is through education. Living your life not trusting anyone is not the right answer.

  4. It’s really bothersome that cyber-crime is starting to reach into the younger generation. I hate to imagine how young hackers are going to be 10 or 20 years from now. As more and more of these hacking cases occur, especially if the hackers have petty intentions (as many younger hackers surely will have), people will begin to feel like even their lesser important information is not safe and they will grow afraid of technology, which would be a bad thing in this age.

  5. I agree with many who say that social engineering is a problem but the fact is that these incidents do not happen to everyone; attempts sure I have a few experiences of my own and I am sure any reading hve had theirs. The point is that if everyone has had someone try and socially engineer them and only some actually fell for this then it is obvious it can be avoided. I will not bore you all with how (if you do not know google tatics of cyber selfdefense) so basically educate your selves or employees, and you will be safer.

  6. I think this is a problem that may become less troublesome over time. If someone called my grandmother and asked for her passwords, she’d give the passwords right out. If someone tried that with my mother, I think she’d ask who this was, why they needed them, etc, but a charismatic or prepared social engineer would still get them. My little cousin asked what I was studying in class the other day, and just to see, I asked him what his password for the computer was. He gave me a funny look and clammed up. The next generation is going to be a lot more paranoid about this I think. Not to say that won’t have effects elsewhere, but computer security is going to get easier.

  7. While this is still a form of low-level hacking, lets take comfort in the fact that just because it is “low-level” that doesn’t mean that it’s easy to do. If it in fact were that easy, every kid who has threatened to hack my account on various video games would have done so without a problem. You still need a deep knowledge of the inter workings of each company, and the puzzle solving ability to connect each company by their certain flaws.

    Should we be afraid that someone had the power to all these things from simply telling a few lies? Yes. Should we be concerned that some companies are doing nothing to increase their user security? Yes. Should we panic because it’s only a matter of time before everyone figures out how to exploit these flaws? No, because that is highly unlikely.

  8. The fact that the kid was 15 years old shows us he probably does not have a grasp on consequences. Most children are taught proper ethics and principles by their parents and school. However, ethical internet principles are not as commonly taught by parents or teachers. So young kids will lack these components. The internet provides a wide open world to kids so it is very easy to overlook one’s common sense of what is breaking the law. Most people will learn through time through experience or seeing others experience. Since this was only a 15 year old kid, he never had that time/experience and most likely didn’t realize he was breaking the law.

  9. How many people have heard of Frank Abagnale Jr? Or the movie Catch Me If You Can? The movie tells the story of the man who pulled of some of the most awe inspiring cons of the 20th century. His main source of income was from check fraud from which he amassed more than a million dollars before he turned 19. People see loopholes and exploit them and without computers people relied upon other means, aka social engineering or conning people. I think computers provide another tool or another perspective to people that would have found something to exploit either way. So nowadays, people worrying about getting hacked could be directly compared to people, what, fifty or sixty years ago worrying about falling for some sort of con. There never has been a sure way to prevent this because it grows and stays ahead of popularized prevention techniques. So yes, you really shouldn’t worry, I agree.

  10. It is alarming how someone that really doesn’t have any actually training, or has taught himself, can actually do damage if they take the time. Nowadays you can Google a lot of information or simply go on Facebook and find information on a person. What a lot of people don’t realize is that even with something as simple as a phone number and an address can actually be used to get something much more valuable.

Comments are closed.