Contents
Introduction ..................................... 2 Types of Hackers ................................ 4 Hacking Methods ............................
8
Hacking Groups .............................
10
Famous Hackers ............................
26
Top Hacks .....................................
44
Mobile Hacking 58 Cyber Warfare 64 Wikileaks 70 The Deep Web
72
Hackspaces 80 Hackathon 88 Conclusion 96 Bibliography 97
1
Introduction As soon as someone says the word ‘Hacking’, everyone thinks of something bad. The truth is that although a lot of the time hacking is related to illegal activity, it’s not always bad. Hacking can be related to building and coding things at places such as Hackspaces. There are also good hackers who test security for companies to fix exploits and bugs.
2
The word “hacking” has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts (who refer to cyber-criminals as “crackers”), the second definition is much more commonly used. - International Security Systems
3
Hats 4
A hacker known as a “black hat” is someone who violates computer security for malicious reasons. They usually form the illegal hacking groups and are known as “crackers”.
A blue hat hacker is someone who is employed outside of the computer security company to bug test a system prior to launch and closes any exploits or bugs.
A grey hat hacker surfs the internet and hacks into a computer system, for the sole purpose of notifying the admin that they have a security fault and offering to fix it for a fee.
White hats also known as “ethical hackers”, break through security for non-malicious reasons, to test their security system or while working for a company.
5
1337 Hacker The ‘Elite hacker’ is the hacker above hackers. They are the top hacker and are known throughout the hacker underground.
6
A script kiddie is an amateur or hacker wannabe who cracks into websites and computers not from their own knowledge but through scripts and programs they’ve found or paid for.
Script Kiddie
7
Remote Access Tool (RAT) A remote access tool is a piece of software that allows a remote “operator” to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, “RAT” software is usually associated with criminal or malicious activity.
Phishing Phishing is a hack where a website or an email mirrors and pretends to be an official company in order to make people reveal personal details such as passwords or payment information.
8
Trojan Horse A Trojan Horse is a virus which once installed can control your computer and send everything you type, to the hacker. It is usually attached to a phishing email or comes in the form of a popup on a website which tells you to update something.
Distributed Denial of Service A DDoS is where multiple computers infected by a trojan are used to target a single system. These usually take down and stop websites, networks and applications from responding, crashing it for the legitimate users.
SQL Injection SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application.
9
10
Hacking Groups
11
Anonymous Anonymous is one of the biggest hacktivist groups right now. They originated in 2003 from the website 4chan and they strongly oppose internet censorship and surveillance, because of this they’ve hacked many government websites. In 2012 they were named as one of the most influencial groups in the world. Anonymous does not have a leader or a hierachy, they are a loose collective of people from all over the world who share the same aims and ideas. The group have taken credit for a number of attacks, against the Bank of America, Sony and the Malaysian government. The reason Anonymous cannot be caught or shut down is that the attacks can come from anywhere in the world with all of the hackers masking their locations. Anonymous target a number of political issues and always code name them with a project or an operation. Operation Didgeridie started in September 2009. The Australian government had plans to censor the Internet through the internet providers. On the 9th, an Anonymous initiated DDoS attack on Prime Minister Kevin Rudd’s website crashing the website for about an hour. Their latest movement was Operation NSA. On November 20, 2013, Anonymous announced plans to attack the NSA and other US Government organisations for spying on all American citizens and for their censorship of free press on the internet. Anonymous have achieved so much since they started.
12
“We share the collective idea of Anonymous worldwide; we are the people”
13
Anonymous hardly make the news and the network seems pretty empty. Do you think it’s dying off? It’s an idea, they do not win if they’re in the news. There are no aims or goals that are agreed by everyone.
14
As Anonymous makes videos on youtube, surely someone has got to run everything? They are made by different people, there is no central hierachy (or atleast, I bloody well hope not).
LulzSec seemed to of hacked pretty much most of the big corps, was that just for fun? Some of it was for fun, some of it was in protest, some of it was revenge. It was different things to different members and it changed over time. You have got to realise, two of them were fairly skilled, but usually they used very simple methods. It’s not hard once the door is unlocked. 15
16
17
LulzSec LulzSec appeared in the hacking scene in 2011. They were formed by members of the hacking collective Anonymous. Upon joining the hacking scene they hacked fox.com, because they described a rapper as “vile”. They also released the names and profiles of 73,000 X Factor US contestants. After this they hacked multiple corporations such as PBS where they posted a fake story saying that dead rappers Tupac and Biggie Smalls were alive and living in New Zealand. After this they hacked into Nintendo and Bethesda Studios. They then attacked Sony’s Playstation network stealing 24.6 million customer’s private data and leaving the company with a week of down time. Even though the LulzSec members hacked together, they never knew each others identities. They were based in different parts of the world. They never made profit from their hacking. One of the members spent 5 years building up a botnet consisting of 100,000 infected computers. The group ran into issues when they DDoSed an FBI website and put it offline. After this two members quit the group. Sa-Bu who usually masks himself on the internet forgot just once, while logging onto a forum. The FBI traced his connection back to his house and were instantly at his front door. Sa-Bu was given the option to co-operate, and he did. He helped the FBI find out who the rest of the LulzSec members were and various other hackers on the internet. In the space of three months, all of LulzSec were arrested.
18
19
Chaos Computer Club The Chaos Computer Club is Europe’s largest association of hackers and are based in Germany. Founded in Berlin on September 12, 1981, they became world famous when they drew attention to the security flaws of the German Bildschirmtext computer network by sending themselves money, which they returned the next day infront of the press. They are more widely known for their public demonstrations of security risks. In 2001 they celebrated their 20th birthday with an interactive light installation named Project Blinkenlights which turned a building in Berlin into a giant computer screen. In March 2008, the CCC acquired and published fingerprints of German Minister of the Interior Wolfgang Schäuble. This was done to protest the use of biometric data in Germany identity devices such as e-passports.
20
Derp
Derp, also know as Derp trolling is a hacker group that have been active since 2011. They operate through twitter where they co-ordinate denial of service attacks on various websites. In December 2013, they managed to take down large gaming websites such as World of Tanks, in an attempt to troll a popular livestreamer. After taking down a number of gaming websites and servers they were asked why they did it and they replied “for the lulz� and that it was out of dislike for money hungry companies. Moving on from this they took down Electronic Arts main website. They released the live streamers details all over gaming forums, which led to him receiving a large number of fake pizza orders turning up at his house as well as a police raid on his house when they had received reports about a hostage situation.
21
UGNazi UGNazi are a computer hacking group which have made several attacks on the internet as well as leaking personal information of government officials. They comprimised a database belonging to the Washington Military Department and leaked sensitive DNS information used by the US state of Washington. They’ve also launched multiple attacks on CIA websites. As well as this, they have also taken down websites such as 4Chan, Wounded Warrior Project, HostGator, WePlay and even Twitter. Using a DDoS they took Twitter down for a total of two hours. Two of the members were arrested in June 2012. In November, one 15 year old member was sentenced, banned from using the internet and had all his computer equipment seized. 22
23
- Heather Brooke
“Hackers often describe what they do as playfully creative problem solving.”
TEAMP0ISON Established in 2008, a 16 year old hacker founded TeaMp0isoN. In January 2011, they gained access through an exploit in Facebook’s coding and posted unauthorized status updates on the pages of Facebook’s founder Mark Zuckerberg and the French President, Nicolas Sarkozy. In June 2011, the group published Tony Blair’s address book and other private information relating to him on Pastebin. They heavily criticized LulzSec saying they were a bunch of script kiddies, who could only knock people offline for a few minutes. One of their biggest movements was hacking Blackberry. During the UK riots, Blackberry agreed to work with the authorities to help catch people who were looting. The group defaced the BlackBerry blog saying that they were for the rioters attacking the police. Two teenagers were later arrested believed to be part of the group. 24
Hacking into a number of websites, they are most known for the September 7, 1999 defacement of The US Embassy in China’s website in regards to the 1998 embassy bombings. They were known as hacktivists as they hacked to make political statements, protest against the governments and were the reason the term hacktivist was created.
25
Level Seven
Level Seven were a hacking group around in the mid to late 90’s.
Famous 26
Hackers 27
Kevin Mitnick is probably one of the most infamous hackers and has been classed as the most wanted computer criminal in United Stats history. Hacking into some of the worlds top companies such as Nokia, Fujitsu and Motorola. The FBI arrested Mitnick in 1995 and after working out an agreement he served five years in prison. Released in 2000, he now runs a computer security consultancy.
28
Kevin Mitnick
29
Jonathan James
Jonathan James, whos internet name was ‘c0mrade’ is infamously known for hacking networks such as the US Department of Defense and N.A.S.A. He actually downloaded 1.7 million dollars of source code from NASA which allowed him to work out how the space station worked and forced them to shut down their systems for a total of three weeks. Being 15 at the time of doing this he was banned from using computers and was given a six month sentence under house arrest. In 2007, a number of high profile companies were hacked and taken down. James was suspected and investigated of doing this but strongly denied any involvement. In 2008 James committed suicide as he believed he would be convicted of something he didn’t do. 30
“I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.�
31
32
Kevin Poulsen
Kevin Poulsen’s claim to fame started when he hacked the phone line of a radio station to fix himself as the 102nd caller, making him the winner of a porsche from the competition they were holding. He then earned his way onto the FBIs wanted list when he began hacking into federal systems and stealing information. He was later arrested in a supermarket, sentenced to 51 months in prison and had to pay 56,000 dollars. Once being released from prison he completely changed his ways. He is now a journalist and the senior editor for Wired News. He even helped the police to identify 744 sex offenders on MySpace. “Hannibal lector of computer crime�
33
Gary McKinnon
Gary McKinnon also known by his internet name, Solo, is widely known for the largest military computer hack of all time. Over the period of a year in 2001 he hacked into and gained access to 97 computers belonging to the US army and NASA. He claimed he was only searching for free energy suppression and UFO activity cover-ups. According to the authorities, he deleted a number of critical files, leaving over 300 computers broken and 700,000 dollars in damages. As McKinnon is from Scotland, the US are still trying to extradite him today but McKinnon would face up to 70 years in prison. The British government are also blocking his extradition saying that it would lead to him committing suicide. In 2008 McKinnon was diagnosed with aspergers and clinical depression. 34
He fears that he would be send to Guantanamo Bay.
35
Morris attained his status as a black hat when, as a graduate student at Cornell University, he unleashed the first large worm attack which was dubbed the ‘Morris Worm’, on the internet, causing roughly 6000 computers to crash. Being the son of a high-ranking National Security Agency scientist, he said the problem was an experiment that got out of control. Morris was the first person to be charged under an anti-hacking law that made it illegal to crack into federal computers. He was fined 10,000 dollars and ordered to perform 400 hours of community service. Morris is now a computer science professor.
36
Robert Tappan Morris
37
38
Edward Snowden
Edward Snowden, previously a US National Security Agency contractor, who now lives in Russia after leaving the United States because he revealed extensive internet and phone surveillance by US intelligence. While working for the NSA he noticed government programs spying on American citizens via phone calls and internet use. Snowden began copying top-secret NSA documents while at work, building a collection on practises that he found invasive and disturbing. After he compiled a large store of documents, Snowden told his supervisor that he needed some time off work to have treatment for his epilepsy. He also told his girlfriend he’d be leaving Hawaii for a few weeks, being vague as to why. On June 5th the Guardian newspaper released secret documents obtained from Snowden about an American intelligence body demanding that Verizon release information to them “on a daily basis”. The following day the Guardian and Washington Times released his leaked information on PRISM, an NSA program that allowed real-time information collection, solely on American citizens. He released a flood of information after this and the US have been trying to get him arrested since.
39
In the early days the Apple co-founders were “phone phreakers”, which means they used flaws in the telephone network to make free calls. Jobs, whos handle was “Oaf Tobark” and Wozniak, who took the name “Berkeley Blue”, sold the blue boxes used for phone phreaking until they were robbed for one at gun point.
Jobs said “the hacking experience was a necessary precursor to creating Apple”
40
Steve Jobs & Steve Wozniak
41
H ge
or
Ge
ot
z
42
George Hotz, also known as Geohot, is an American hacker known for jailbreaking the iPhone. He is also well known for hacking the Playstation 3, which he was sued for by Sony. Hotz was the first person to ever carrier unlock an iPhone. In 2009 he released purplera1n, the first public exploit for the iPhone 3GS. He then later on released blackra1n which jailbroke iPhones and iPods. Eventually he released limera1n which was his last jailbreak exploit. On January 2010, Hotz hacked the PS3, giving himself administrator access and read and write permissions. After releasing the exploit to the public, Sony tried their best to patch it. While doing this Hotz released another exploit allowing people to install software such as Linux, to turn it into a computer. On January 11, 2011, Sony filed an application for a restraining order on Hotz. After going to court they managed to settle outside of it, on the condition that he would never do it again.
43
Top H 44
Hacks 45
The News of the World Phone Hacking Scandal Going back to 2006, when it all came out that the News of the World were hacking into phone voicemails to get their stories. They hacked more then 4,000 phones belonging to politicians, celebrities, actors, athletes, relatives of dead UK soldiers and people caught up in the 7/7 bombings. It was a very simple hack of an overlooked security flaw. All mobile phones used to come with a default factory set pin code which meant you could listen to your voicemail from another phone. Owners were always encouraged to change it but very few did or didn’t know how which meant anyone could call the phone and if there was no answer they could access the voicemail with the factory set pin. One of the worst cases of their hacking was Milly Dowler, who was killed in 2002. When her parents called and saw that her voicemail box was no longer full they believed she was still alive. They got a 2 million pound financial settlement. News of the World had to pay out large sums of money to people as compensation including an enormous 600,000 pounds to singer Charlotte Church. The list of people they hacked would be endless. After 168 years of print, their last paper was printed on July 10th 2011. Closing the company cost them around 240 million pounds. 46
47
Project Blinkenlights
48
On September 11th, 2001, the famous Haus des Lehrers building at Berlin Alexanderplatz had been modified to become the world’s biggest interactive computer display, Blinkenlights. This was created by the hacking group Chaos Computer Club, originally for a 20th anniversary for the club but also in remembrance of the founder who died just before, at the age of 49. The upper eight floors of the building were transformed into a huge display by arranging 144 lamps behind the building’s front windows. Each lamp was controlled independently by a computer to produce a monochrome matrix of 18 times 8 pixels. During the night, a number of animations could be seen. It also had an interactive feature, you could play the old arcade games pong and tetris using your mobile phone and you could place your own love letters on the screen. Blinkenlights was up and running for 23 weeks and 5 days before it was removed February 23rd, 2002.
49
TRAFFIC
SIGN HACKING
50
Traffic sign hacking is something that’s beginning to happen quite regularly. A lot of the sign hacks are to do with zombies such as “Zombies Ahead” or “Zombies in Area! Run”. Another funny one was “The cake is a lie” and my personal favourite “Omg the British are coming”. While reaserching this online, within a few minutes I found instructions to hack one and reset the password on it. The website that posted the instructions seems to have been the reason behind a large number of traffic sign hacks with some even having the website name in them.
51
52
Heartbleed One of the most recent exploits, the Heartbleed bug, is a vunerability in the OpenSSL cryptographic software library. When exploited it allows the stealing of protected information which is usually encrypted by SSL/TLS. SSL/TLS privacy such as virtual
provides communication security and for applications over the internet web, email, instant messaging and private networks.
The bug allows anyone on the internet to read the memory of the systems protected by the vunerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and encrypt the traffic, the names and passwords of the users and the actual content. This means that attackers can eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users.
53
Stuxnet
54
Stuxnet was a worm believed to be created by the United States and Israel. It was a Microsoft worm that was specifically designed to infect Siemens industrial controllers and the first ever malware created to do it. The worm was created to target uranium enrichment facilities in Iran. The worm made the Siemens centrifuges in the nuclear power plants spin at uneven speeds and made it hide that it was doing it from the workers. Showing that It’s not just regular people who do black hat hacking.
55
Dmitri Galushkevich was a 20 year old Russian hacker living in Estonia. In May 2007, the whole of Estonia was caught up in an internet gridlock. They thought the attack was from the Russian Government as they were already caught up in a series of riots over the removal of Soviet-era statues, but a botnet had turned it serious. He stopped all ATMs from working, halted all web pages from loading and shut down all government systems. No one knows if he was working alone but he was fined 17,500 kroons.
56
The Russian Job
57
58
Mobile
59
Hacking
Jailbreaking Jailbreaking is the process of hacking the software running on iOS devices to allow the user to have more control over the device such as removing restrictions, getting paid app store applications for free and installing tweaks from sources on Cydia. Jailbreaking allows you to physically do anything with your iPhone. You can change the theme of the icons, keyboard UI and more, as well as tweaks for widgets or even for your phone to do the harlem shake. Although you can do all these things, it comes with a security risk. It can allow hackers to access and steal your data, as well as file corruption. Over the years it’s become easier and easier to jailbreak your iOS device. There is a team of hackers named the iPhone Dev-Team who are constantly searching for exploits and vunerabilities within the software in order to create a new jailbreak application. It’s as simple as downloading a tool on your computer, RedSn0w (for older devices) or Absinthe (for newer devices) and hitting start. It will then go through a number of processes and after a minute or two, you are left with a new app on your device called Cydia, where you can download anything. Although jailbreaking is legal, Apple completely disagrees with it and they will void your warrenty as soon as they see it on your device.
60
61
Rooting Similar to jailbreaking, rooting is the process of hacking the android software so the user can have full control of their phone, known as ‘root access’. Rooting also allows you to install different types of Android software, even if it’s meant for another device, or isn’t yet released. Many manufacturers have tried to make phones which are meant to be ‘unrootable’ but hackers end up finding a way to root them. Rooting an android device is a lot more complicated than jailbreaking. You still
62
use applications but it’s more dependent on you to do the work, rather than having an automatic tool run the process for you. You should be very careful while rooting a device because unlike an Apple device, you can brick them and end up rendering them completely useless, being left with companies refusing to touch them. Rooting is banned in certain countries and is completely against the device manufacters terms and conditions.
63
Nation December 2006 NASA were forced to block any emails with attachments before their shuttle launch, fearing that they would be hacked.
April 2007 In April 2007, Estonia had a disagreement with Russia over the removal of a war memorial. Following this Estonia’s government networks came under attack from a denial of service by unknown foreign hackers. Some of their governments online services were disrupted and online banking was stopped. The attacks were like a cyber riot rather than a damaging attack.
June 2007 The US Secretary of Defense’s unclassified email account was hacked by anonymous foreign hackers. This was part of a larger series of attacks to try and access and exploit the Pentagon’s networks.
64
nal Hacking October 2007 In October 2007, China’s Ministry of State Security said that a collective of foreign hackers, claiming 42% came from Taiwan and 25% from the US, had been stealing information from the Chinese. In 2006, when the China Aerospace Science intranet network was surveyed, spyware was found in the computers of classified departments and corporate leaders.
January 2009 Hackers attacked Israel’s internet infrastructure during the January 2009 military offensive in the Gaza Strip. The attack, which was mainly on government websites, was sent from atleast 5,000,000 computers. Officials believed the attack come from a former Soviet state by a criminal organisation.
65
January 2011
The Canadian government had a major attack against it’s agencies, which included their Defence Research and Development Canada. The attack forced the Finance Department and Treasury Board, Canada’s main economic agencies, to disconnect from the internet.
March 2013
Hackers had gathered information through exploits in Microsoft Word and Excel programmes. The primary targets were Easten Europe, the former USSR and Central Asia. The virus collected information from government embassies, research firms, military installations and other critical infrastructures.
In March 2013, South Korean financial institutions as well as the Korean broadcaster YTN had their networks infected in an incident said to resemble past cyber efforts by North Korea 66
October 2012
Kaspersky Security, a Russian company discovered a worldwide cyber attack named “Red October”, which had been operating since at least 2007.
67
68
Warfare
Cyber
69
Terrorism?
Cyber
or
Wikileaks
70
Wikileaks is a non-profit organisation which publishes leaked secret information. Starting in 2006 in Iceland by Sunshine Press, they acquired 1.2 million documents within a year of launching. An Australian activist known as Julian Assange is the founder, editor-in-chief and director. The group has released a number of leaked secret documents which have made front page news. Some of their early releases included documentation of equipment expenditures and holdings in the Afghanistan war and corruption in Kenya. In October 2010, the group released almost 400,000 documents called the “Iraq War Logs”, this allowed the mapping of 109,032 deaths in “significant” attacks by insurgents in Iraq which weren’t originally available to the public. In April 2011, Wikileaks published 779 secret files relating to prisoners detained in Guantanamo Bay detention camp. Wikileaks is considered a protection website, where people can leak to them without their identity being know, and then they leak it to the press. Wikileaks is funded largely by volunteers, and is dependent on public donations. It’s annual expenses are as much as 200,000 euros, mainly spent on servers but it may go up to 600,000 if volunteer work becomes paid. In December 2011, Wikileaks started to release spy files. On 27th February 2012, they published more than five million emails from the Texas-headquatered “global intelligence” company Stratfor. On 5th July 2012, Wikileaks published the Syria Files of more than two million emails from Syrian political figures. All U.S federal government staff have been blocked from viewing Wikileaks.
71
The Deep Web Part of the internet is known as the Deep Web. Not many people know about it but it’s like an alternative universe of the internet and it’s growing fast with more and more people using it. You can only access 0.03% of the internet via search engines like Google and the rest of it is what makes up the deep web. It is completely anonymous and you can’t get onto it yourself unless you are anonymous. You can’t just dive into the deep web via a normal web browser. You have to have a special ‘deep’ web browser, the most famous one being named Tor. All of the domains end with .onion on the deep web. You would think that because it makes you fully anonymous it must be full of illegal stuff right? Well you would be right. The deep web is full of messed up stuff such as child porn and hitmen for hire. Silk Road is one of the most famous companies on the deep web where you can order large or small quantities of drugs, which is sent to you via companies such as DHL or via drop shipping. If you choose drop shipping your order would be dropped in a place that is hidden such as the woods and you will be sent a GPS location to pick it up. All of this being paid for with the currency Bitcoins which is similar to Paypal but completely anonymous. Silk Road is an illegal version of eBay or Amazon and when you order something it will turn up in an untraceable package a few days later. They have a 97% success rate. Silk Road was shut down September 2013 but they have now released Silk Road 2.0. That’s right, you can indeed also hire hitmen 72
Hitmen? on the deep web. If you want to take someone out and you have money to do it, someone on the deep web will do it for you. They will take out high government officials, journalists or even your spouse for the right amount of money. There is also a web page called the human experiment where they take unregistered homeless people off the street and carry out inhumane experiments on them, where they usually die. One of the other main things you can gain access to on the deep web is firearms. You can purchase them directly with bitcoins and they will be sent straight to your door. There’s also websites where stolen or cloned credit card information is sold to anyone for only 5 dollars. If you pay up to 80 dollars you will also get the name, address and all the other details that are associated with the stolen cards. Although the deep web is anonymous, it seems recently that the government have managed to shutdown around 50% of the hidden websites, which was related to the shutdown of a hosting company in Ireland. Tor itself has skyrocketed over the last year as people fear for their privacy. The main question is, how is any of this even allowed? How haven’t the company who make the browsers been shut down or atleast the .onion domains blocked? It just seems horrendous that any of this would actually be allowed on the internet, even if you have to have a seperate browser to access it. 73
74
Images of the Deep Web
75
Bitcoins
76
Bitcoins are a peer to peer payment system like Paypal. Introduced in 2009, it is classed as a virtual currency. Bitcoins are created by a process called mining, whereby users verify and record payments into a public ledger in exchange for transactions fees and newly mined bitcoins. Bitcoins are sent and received using wallet software on a computer, mobile device or web app. Bitcoins can be mined or exchanged for a product or service.
Bitcoin has been slated as a currency for illegal activities. In October 2013 the US FBI shut down Silk Road an online black market accessed via the deep web and seized 144,000 bitcoins worth 28.5 million dollars. Bitcoins are banned in countries such as China due to the lack of protection the currency has. They can be stolen and chargebacks are impossible. A lot of malware is designed to infect computers and steal or mine bitcoins. A number of online wallet services have been hacked over the years with millions stolen. So the question is, should the currency be shut down and removed all together?
77
Sony Hacked in April to June 2011, after LulzSec hacked into and shut down their playstation network they lost almost 171 million dollars.
Stratfor December 2011, Anonymous members hacked into the US research group and published 4,000 clients confidential information. The hack cost them 2 million dollars. 78
So how much money have companies lost?
Citigroup Back in June 2011, hackers exploiting an online vunerability and stole account information from 200,000 clients and lost 2.7 million dollars. A few months before this attack, they had another security breach and produced and overall 4 billion dollar loss.
AT&T The US mobile carrier was hacked in 2011. Money was stolen from the hacked business accounts and was used by a group related to Al Qaeda to fund terrorist attacks in Asia. They also lost 2 million dollars refunding their customers.
79
80
ANOTHER SIDE
THERE IS
Hackspaces are non-profitable community run workshops where people can come to share tools and knowledge. They give people the option to build and create anything you want using the tools they have such as saws, laser cutters, 3d printers and all sorts of other components. At hackspaces you can take technology apart, learn how it works and put it back together again, or you can build something entirely new. My local hackspace is Bristol where they are open a few days of the week and run an opening evening every Thursday. There is a small membership to join the hackspaces and use all their facilities.
Hackspaces
81
82
“If Anonymous and Lulzsec are the id of hacking, then physical hackerspaces are the heart of the higher-minded hacking ideals: freedom of information, meritocracy of ideas, a joy of learning and anti-authoritarianism.� - Heather Brooke
83
Bristol Hackspace
Going down to Bristol hackspace to see what they do was really fun for me. As a stranger I received a warm friendly reception from the members. I was giving a complete tour of everything they have which was explained to me in detail. Being honest, I didn’t understand much of it but it’s definitely something I want to learn about. They are an extremely clever group of people with knowledge in a wide variety of coding languages and hardware. One of the main things that stood out to me is that they had built their own 3d printer which I got to see in the hackspace, aswell as a number of people there had built their own personal 3d printers, and one person designing one in front of me. Even more fascinating is that they had 3d printed all the plastic parts such as the cogs, to make the 3d printer. I was so taken back by the things they were doing in there, as soon as I got home, I bought a Raspberry Pi mini computer.
84
85
86
87
Hack athon
88
A hackathon also known as a hack day, hackfest or codefest is an event where computer programmers and other people involved in software development, including graphic designers, interface designers and project managers. These people meet to work on collaborative computer programming. On occasions, hardware is also brought into it. They typically last between a day and a week and many hackathons are for educational and social aspects, but most of the time it is to create useable software. GroupMe, a group messaging acquired by Skype for over was created at a hackathon facebook “like� button and
89
app that was $50 million as well as the facebook chat.
DEF CON
DEF CON is one of the biggest annual hackathons, held every year in Las Vegas. It was first held in June 1993. A wide range of professionals attend DEF CON such as computer security, journalists, lawyers, federal government employees and hackers with a general interest in software, phreaking, hardware modification and anything else that can be cracked. In 2001, Russian programmer Dmitry Sklyarov was arrested the day following DEF CON for writing software there that decrypts Adobe e-book format. In 2013, Jeff Moss the founder of DEF CON posted on his blog that he did not want federal authorities to attend anymore. This was the first time in the organization’s history that they had asked of this.
90
DEF CON
91
SummerCon
Summercon is one of the oldest hacker conventions, and the longest running in America. Summercon set the way for other hackathons such as H.O.P.E and DEF CON, but was a lot more smaller and personal. It has been hosted in a number of cities such as Pittsburgh, St. Louis, Atlanta, Washington, DC, Austrin, Las Vegas and Amsterdam.
92
What the hack, was an outdoor hacker convention held in Leimpde, Netherlands between the 28th and 31st of July, 2005. What the hack was an event in sequence that began with the Galactic Hacker Party in 1989, followed by a number of hacker conferences ever four years since. The most recent being Observe. Hack. Make in 2013. Over 2000 hackers visited the event to share knowledge, and hack together. Chaos Computer Club as well as a few other high profile hack groups turn up to this event.
What the hack
93
PenApps PenApps is a student only hackathon and is hosted every semester at the University of Pennsylvania. It is open to all current undergraduate, graduate and high school students. It was started in Spring 2009, and has been hosted once, every semester since. In 2013, over 1,000 students from more than 100 universities competed for a $30,000 prize. PenApps has been sponsored by large companies such as Venmo, Microsoft, Comcast and many others. PenApps also set the trend for college hackathons with many colleges now hosting them.
94
MHacks, similar to PenApps is a student hackathon for undergraduate and highschool students. MHacks is a 36 hour straight event around the University of Michigan, where people join together in teams of 1-5 to build something. As it is 36 hours straight, they have rooms where people can take a quick ‘nap’ before they get back to hacking. They also serve food at the event. They offer a number of prizes to people from gadgets to cash prizes up to $5,000. All these prizes are given by their sponsors with Yahoo giving $1,000.
MHacks
95
You can see why the term hacker has such a bad name to it. I suppose the majority of the time it refers to blackhat hackers as they are always on the news. There has been so much blackhat hacking in the past and I’m sure there will be a lot more in the future. As you’ve already seen, it isn’t all bad. Hackspaces are great fun and you can really learn a lot from going to one and socialising with the people there. Many of them hold open evenings once a week where you can go down and learn more about them. You never know, you might end up building a 3D printer.
96
Bibliography
25 Years of SummerCon - Phrack - http://www.phrack.org/issues/68/18.html 5 of the World’s Most Famous Hackers & What Happened To Them - Makeuseof - http://www.makeuseof.com/tag/5-of-the-worlds-most-famous-hackers-whathappened-to-them/ Android Rooting - Wikipedia - http://en.wikipedia.org/wiki/Android_rooting Anonymous (group) - Wikipedia - http://en.wikipedia.org/wiki/Anonymous_ (group) Bitcoin - Wikipedia - http://en.wikipedia.org/wiki/Bitcoin Blinkenlights - http://blinkenlights.net/blinkenlights Chaos Computer Club - http://www.ccc.de/en/club DEF CON - Wikipedia - http://en.wikipedia.org/wiki/DEF_CON Derp (hacker group) - Wikipedia - http://en.wikipedia.org/wiki/Derp_(hacker_ group) Edward Snowden - TheGuardian - http://www.theguardian.com/world/edwardsnowden Famous Hackers: Then and Now - Bloomberg - http://www.bloomberg.com/ slideshow/2012-04-18/famous-hackers-then-and-now.html#slide5 Gary McKinnon will face no charges in UK - TheGuardian - http://www. theguardian.com/world/2012/dec/14/gary-mckinnon-no-uk-charges Kevin Mitnick - Takedown - http://www.takedown.com/bio/mitnick.html Kevin Poulsen - NNDB - http://www.nndb.com/people/453/000022387/ 97
Level Seven - Wikipedia - http://en.wikipedia.org/wiki/Level_Seven LulzSec hacker group handed jail sentences - BBC News - http://www.bbc. co.uk/news/technology-22552753 LulzSec: What they did, who they were and how they were caught TheGuardian - http://www.theguardian.com/technology/2013/may/16/lulzsechacking-fbi-jail Machine Politics - NewYorker - http://www.newyorker.com/ reporting/2012/05/07/120507fa_fact_kushner?currentPage=all MHacks III - https://s3-us-west-2.amazonaws.com/mhacks-iii/ MHacks+Press+Release.pdf PenApps - http://2014s.pennapps.com/ Q&A: News of the World phone-hacking scandal - BBC News - http://www.bbc. co.uk/news/uk-11195407 Steve Jobs details drug use, phone hacking, and more in Department of Defense docs - TheVerge - http://www.theverge.com/2012/6/11/3077809/ steve-jobs-department-of-defense Stuxnet - Wikipedia - http://en.wikipedia.org/wiki/Stuxnet Team Poison: profile of the hackers - Telegraph - http://www.telegraph.co.uk/ technology/9200751/Team-Poison-profile-of-the-hackers.html The disturbing world of the Deep Web, where contract killers and drug dealers ply their trade on the internet - DailyMail - http://www.dailymail.co.uk/news/ article-2454735/The-disturbing-world-Deep-Web-contract-killers-drug-dealersply-trade-internet.html The Heartbleed Bug - http://heartbleed.com/ The most common methods used by Hackers - armor2net - http://www. armor2net.com/knowledge/hackers_methods.htm
98
Top 5: Corporate Losses Due to Hacking - HotforSecurity - http://www. hotforsecurity.com/blog/top-5-corporate-losses-due-to-hacking-1820.html Types of Hacker - Secpoint - http://www.secpoint.com/types-of-hacker.html What is cyberwarfare? - TechTarget - http://searchsecurity.techtarget.com/ definition/cyberwarfare WTF is a hackathon? - Medium - https://medium.com/hackathonsanonymous/92668579601 What is Jailbreaking? - About - http://ipod.about.com/od/ iphonesoftwareterms/g/jailbreak-definition.htm What is Wikileaks? - BBC News - http://www.bbc.co.uk/news/ technology-10757263 What’s a Blackhat Hacker? - PCTools - http://www.pctools.com/security-news/ blackhat-hacker/ UGNazi - Wikipedia - http://en.wikipedia.org/wiki/UGNazi
Images http://wallpaperskoe.com/wall3888/anonymous-minimalistic-wallpaper.html http://darkroom.baltimoresun.com/wp-content/uploads/2013/11/AFP_ Getty-5243681331.jpg http://www.mintpressnews.com/wp-content/uploads/2013/01/anonymousinternet-privacy-690x388.jpg http://i.pcworld.fr/1239381-kevin-mitnik.jpg http://archive.wired.com/images/press/bios/Kevin_Poulsen.jpg http://pdos.csail.mit.edu/rtm/morris300.jpg
99
http://i.huffpost.com/gen/1584178/thumbs/o-EDWARD-SNOWDEN-facebook. jpg http://www.sbymagazine.com/images/kcfinder/images/ladyblitz.com.jpg http://i.huffpost.com/gen/1445156/thumbs/o-ANONYMOUS-facebook.jpg http://www.physik.tu-berlin.de/~mwahl/blink/blinkenlights.jpg http://i.kinja-img.com/gawker-media/image/upload/s--laShIAvb-/18hd0zyl8ru46jpg.jpg http://cdn.themis-media.com/media/global/images/library/deriv/50/50933.jpg http://heartbleed.com/heartbleed.svg
Special thank you to Bristol Hackspace http://bristol.hackspace.org.uk/
Dan Smith 100