What does hacking actually LOOK like? For example, what interface is the hacker using, what’s their goal, and are they typing in a bunch of passwords like in the movies?
In: Technology
Typically, most big “hacks” involve the same little pattern: a computer program never expected to receive an input like *that*, and when you give it that, it does something no one expected.
A great example is the “heartbleed” bug a few years ago. Computer A would call Computer B and say “Hello! Please reply back to me to confirm you’re there, and say ‘Potato’, which is 6 letters long”. The computer calling would pick something random, like potato, and say how long I was. Very simple, and part of a much larger conversation the two computers are about to have. Computer B would store the word “Potato” in its memory. When it was sure it wanted to reply back, it would read, letter by letter, all 6 letters and send back that word.
The problem there was that you could say “Potato, 1000 letters long”, and when the receiving program was ready to reply, it would read Potato, along with the next 994 letters of memory! And because it’s memory is very disorganized, this could be a lot of important other information. SSL (the computer program with the bug) did not expect a call to lie like that! It could be passwords, it could be personal information, it could be anything.
So what does hacking look like? It looks like spending months or years looking for mistakes like that. They could be anywhere! There’s a lot of software out there. And then when they find one, they make a program that can take advantage of that trick. And they have to be fast: someone else might find this bug first and fix it.
So the actual “hack”? It’s when the hacker runs their program, then gets up and makes a cup of coffee while it runs. But that only takes place after weeks or months of planning.
Fortunately, the last few years have seen a rise in “Bug Bounties”. Companies say “if you find a vulnerability, we’ll pay you cold hard cash to tell us about it.” Why risk jail time in a heist when the potential victim would pay you and thank you instead? It’s not perfect (some companies are jerks about it, or don’t fix their bugs) but overall it’s better than before.
Latest Answers