Hacking

[developer]

Just curious really (honest).

The Talk Talk hack was by a 15 year old.

Gary McKinnin, the Aspergers guy, hacked into the US military computers.

Guardians Of Peace did it to Sony.

Yet if I mess up my banking online password a few times, I'm out.
If I miss type my password on here, I'm out.

In both instances I can't proceed any further - total lockout.


How can these people get around seemingly secure (and presumably complex) cyber barricades and how do they access the "front door" of commercial portals in the first place?

I've realised this is in the wrong section, but I can't do anything about it...

 

[boxbrownie]

It is because they know what they are doing

 

[bob6600]

Apparently it was the 3rd time this year they have been hacked but it has not been made public

 

[Deleted member 37751]

It really wouldn't surprise me if this was all a set-up to scare people into becoming even more paranoid and buying more security crap they don't need.

 

[Red C220]

No these people really are in a different league of understanding when it comes to network access. Mostly because many of them understand the code that was written to run the servers and network.

I employ a chap that constructs and runs our website. He really knows what he's doing and even he's an amateur compared to these "professional" hackers.

 

[moonloops]

No comment

 

[AMGeed]

^ We have a hacker

 

[grober]

A Telecoms company running things on the cheap while overcharging their customers for an inferior service- that could never happen obviously.
In a study carried out by UK telecoms regulator Ofcom in 2010, TalkTalk was found to have average speeds of 7.7-9.3 Mbit/sec, while it was advertised as "up to" 24 Mbit/sec.
TalkTalk was warned by the independent communications regulator Ofcom in November 2010 to rectify its billing systems after 62,000 incorrect bills were sent out. The company was given a deadline to correct the mistakes, which it did not meet, and in August 2011 was duly fined £3 million. Ofcom's figures showed that TalkTalk had incorrectly billed over 65,000 customers between 1 January 2010 and 4 March 2011, mainly relating to issues with integrating Tiscali UK's billing system into its own. The company had been overcharging customers for services that had not been received, resulting in the company paying an additional £2.5 million in refunds.

quoting from https://en.wikipedia.org/wiki/TalkTalk_Group

 

[Ted]

The reason is that many large businesses have a number of 'legacy' systems which may be running versions of software or middleware that cannot be updated due to its age, but still gives important functionality. A determined hacker can discover this and then work out ways of exploiting this.
The really big and frightening thing moving forward is not the odd hacker but foreign government agencies attacking organisations that are not in line with their thinking.
They will exploit the vulnerabilities of thousands of machines to attack these organisations and take them off the air.

 

[moonloops]

Biggest weakness in IT security systems are now the humans, either willingly complicit or not..

 

[John]

How TT has any customers at all is beyond me...

As said - this is gaining access via other methods than "the front door".

Front door is there to stop opportunists or amateurs.

Professionals who know what they are doing are the threat.

"Anything a human can make a human can break"!

 

[developer]

Professionals who know what they are doing are the threat.

But a 15 year old .

 

[moonloops]

But a 15 year old .

He could be a script kiddie..

 

[John]

But a 15 year old .

Kids these days are brought up with tech and have been for a long time now...

You must have seen youngsters with smartphones - they rocket around them with no problem.

Don't they encourage the use of Raspberry Pi's in school now?

Wasn't surprised by the age but you need this kind of expertise to help put up the barriers rather than take them down.

He could be a script kiddie..

Groan.

 

[moonloops]

Groan.

Hey I've watched Johnny Mnemonic so quite qualified

 

[Deleted96908]

How can these people get around seemingly secure (and presumably complex) cyber barricades and how do they access the "front door" of commercial portals in the first place?

Very good question and as you suggested they don't break in by repeatedly running through millions of password combos.

Most systems are exploited by backdoors using hack tool kits available on the open, albeit black market. Some older systems can also be compromised by something called code injection whereby malicious instructions are embedded in what appears to be legitimate activity. You might think of it as a trojan horse attack, but in code. An example of this might be a database command such as 'delete * from users' being entered as a password, which is then executed by the host on seeing it pass thorough the system - resulting in all the user details being deleted from the database. That's a vast simplification, but in principle is how many systems were hacked a few years ago.

This site will likely use code injection protection to prevent users (members) trying to execute attacks when posting comments or logging in. For example the post editor here will (probably) execute something called a regular expression (regex) designed to filter out unwanted/dangerous strings (a string is a series of characters). So it'll allow bold, italics and underlines for example, but will filter out any attempt to enter and run a script (code) and other undesirable commands.

Symantec publish an annual breakdown of internet threats, including the types of attacks, how they were executed and for example, as mentioned above, the names of the hacking kits used to construct the attack. I've listed the 2014 edition below.

INTERNET SECURITY THREAT REPORT 2014

 

[Rayny]

Don't forget - The internet was originally designed to enable the sharing of everything on any connected computer. It was like constructing a city where the buildings have no doors, windows or alarms.
With commercialism came the need for security, so now the computer world is retrospectively having to build the electronic equivalent of doors and locks to make everything safe and secure.

Internet security is like some of the recent new laws in the UK - They make the regular law abiding citizen jump through hoops, but the less honest people know the system and get away with everything.

 

[Deleted96908]

But a 15 year old .

Tempted to say it's child's play.

Wondering if these kids are getting hold of the above mentioned hacking kits and with nothing to lose, are just trying their luck? No special skills other than daring and knowing where to look - and hitting it lucky.

Very different though from the seasoned 'pros' who repeatedly break into very tough nuts such as US defence systems. Gary McKinnon springs to mind.

 

[John]

Don't forget - The internet was originally designed to enable the sharing of everything on any connected computer. It was like constructing a city where the buildings have no doors, windows or alarms.
With commercialism came the need for security, so now the computer world is retrospectively having to build the electronic equivalent of doors and locks to make everything safe and secure.

Internet security is like some of the recent new laws in the UK - They make the regular law abiding citizen jump through hoops, but the less honest people know the system and get away with everything.

Exactly - even with doors and locks, professionals can still get in...

 

[uumode]

There are articles/news publicising how relatively easy it is to take control of keyless entry internet connected car and the autonomous driving, braking, steering systems

Increasingly in London I see owners using steering wheel locks in a high tech car... depressing to think I might have to use a steering wheel lock again, or lockable wheel clamp.