Hacker: A day in the life

There are good lawyers and bad lawyers, good cops and bad cops. The same can be said for hackers – though perhaps not as easy to identify and define.

A young man clicks lazily about his laptop. His screen is smeared with fingerprint smudges, his table awash with takeout wrappers. No, this isn’t a fraternity house; it’s the new face of international crime.

Hardly confined to the gleaming glass blocks of the NSA’s Maryland headquarters or the shadowy 12-storey building in Shanghai’s Pudong district from which around 90 percent of Chinese attacks on US entities originate, the global cyber-war is increasingly fought in living rooms and countertops around the world, from Kazakhstan to Canada.

And so, our hacker’s location is irrelevant. In fact, so is the time. Night and day, hacker forums from those that are plainly accessible to those lodged deep in the Dark Web are filled with the buzz and chatter of a public market. But the goods on offer can have a sinister background.

Scrolling through the troves of offerings, our hacker looks for something that interests him. A stolen credit card number? Five dollars. The full ensemble of the card’s details? Forty-five. In the brave new world of data commerce, even your birthday has a price.

But your wallet isn’t what our hacker has come for. At least not today. In technical terms, he is a “grey hat” hacker- not quite a self-serving inflictor of mass digital devastation, but also not officially granted permission to test cyber defenses. He enters systems illegally, but often rather than exploiting their flaws for personal gain, he informs their operators if he has penetrated them. To fix the problem, he charges a fee. But the true payout comes when he is able to boast of his success online.

This spirit of intellectual competition is an overlooked –but undoubtedly inherent- characteristic of the hacking world, and can be traced to hacking’s early days. The original “hackers” of the late 20th century were nothing more than software enthusiasts that wanted to test the limits of what their machines were capable of. Their inquisitive nature ultimately led them to prod the defenses of closed systems- and begin the notorious history of modern hacking.

Today, “hacker culture” is nearly impossible to define. Our hacker scrolls through posts from all corners of the hacking world; an amateur is looking for advice on compromising drones, in preparation for a hacking competition. Someone else is advertising certifications to become an “ethical hacker,” hired by companies and governments to stave off online threats. A third post rambles on about the tyranny of government surveillance, likely in a vain attempt to get noticed by groups like Anonymous.

That is another reality of modern hacking – for every serious hacker, there are many, many wannabes. The bottom feeders of the hacking world- the “Script Kiddies,” as they are called- have little to no coding experience. Yet a simple understanding of existing scripts (which often requires little more than a YouTube tutorial) can go a long way for them to cause serious damage.

This was made painfully apparent in 2011, when Siemens systems in thousands of industrial plants were hacked by a security consultant with limited hacking ability and no experience with the systems he was hacking. The Siemens system that was attacked was identical to that used by the Iranian nuclear program, which months earlier had been infiltrated and damaged by US hackers using a highly sophisticated cyber weapon known as Stuxnet.

These events raised concerns- if hobby hackers could get similar results to a state-sponsored cyber worm unprecedented in history, what else were they capable of? 

Our hacker spots something interesting, something to test his knowledge. Hack an Email Account for me?” the thread reads, with three responses dangling below. He gives it a click, checking if the query has already been fulfilled. It hasn’t. Excellent.

Often, logic and social engineering can be just as effective a hacking tool as sophisticated code. A quick Google search of a victim can herald incredibly useful information- for example; the answers to personal “Forgot your Password?” questions such as where you were born, your your favorite car, your first child's name, are often unwillingly shared on social media accounts.

But our hacker wants to test his technical skill. He crafts an email, attaching a hidden keystroke log –a program that will inform our hacker of every keystroke his victim makes, including entering passwords. Believe it won’t be opened? You’d be surprised. According to a study by Verizon, 1 in 10 people still open phishing emails. The trick is getting people to open it.

And if an email is opened on a company’s server, a small program can quickly cause millions of dollars of damage. In 2013, for example, hackers were able to enter the databases of RAK Bank and drain debit cards of $45 million.

But motivations aren’t always driven by greed. The 2012 hack of Saudi ARAMCO, which affected 30,000 computers, was carried out by “hacktivists” calling themselves the Cutting Sword of Justice. Attacks like these are becoming increasingly common in the region- indeed by some measures the UAE is the fifth most targeted country in the world for cybercrime.

But our hacker isn’t interested. Like many of his peers, he sees hacktivist groups like Cutting Sword of Justice and Anonymous as little more than posers- the illegitimate poster children of a hacking world that is increasingly misunderstood by those on the Outside. No, the motivations of our hacker are pure- to best his fellow hackers, to push the limits of what is considered possible. And if that involves hacking your email, then so be it. Beware!