Lawyer at Leisure
I'm not sure if this is the right place to put this, but I can't find a more fitting place to at the moment. What I'm wondering is just how exactly you would advert this trope in your own work. There's been a lot of use of "Hollywood Hacking" in the media, and even though I'd like to advert this, I'm not exactly sure how to aside from actually, you know, becoming a hacker.
Its just something I've always wondered how to go about. Is there some compilation of common hacking myths/tropes exploited in popular media that just don't work in real life, as well as what should work instead? Or just a premier to hacking that doesn't tell as much how to do it as much as it tells how its done?
I'm thinking of having a section in a work I'm doing that involves hacking. Doesn't need to be completely authentic or anything, but I want it to be at least semi-realistic. Researching hacking usually just falls into tutorials that are a little on the small side when it comes to what the character I'm writing should be doing. I'm just looking to write a story, not necessarily become a white-collar hacker or anything like that.
So yeah, is there a good place to start, just from a writing/story standpoint?
Hide / Show Replies
First of all, its "white hat" hacking as opposed to "black hat". "White collar" refers to professional work as opposed to "blue collar" manual work.
Beyond that, most black-hat hacking is a combination of social engineering, running "exploits" for known security holes (discovering new holes marks you out as elite) and dull keyboard pounding. Elite hackers may also write their own exploit code. None-elite (often termed "script kiddies") just run code written by other people.
There is no general science of security holes: they tend to be complex and technical and very specific to a particular version of a particular system. Take a look at http://www.kb.cert.org/vuls/
for a range of good examples. A practical hack may involve linking several of these together. See also "The Cuckoo's Egg" for some real (but now out of date) war stories.
The goal is to "root" a system (i.e. get system administrator access). This is often accomplished in two stages: first get some level of user access, then use a second "privilege escalation" security hole to promote yourself to root.
Common features of Hollywood hacking include instant access to targeted systems, instant (or rapid) decryption, and graphical displays that indicate progress. Pretty much anything Mc Gee does on NCIS qualifies.
For more background, I'd take a look at computer security manuals.
Just as an example of White Hat hacking, in the mid-1990s, I was working as a Unix system administrator at a company that used NIS (a distributed password file). I had just set up half a dozen HP 9000/Gs (large minicomputers) on a Friday, but the application software was not going to be available for several days. So I downloaded the password cracking program Crack and had it run against the NIS password file over the weekend.
Out of about 650 passwords, Crack got over 400! Shortly afterwards, I was in a meeting with the rest of my team and assorted managers — including the CIO —about password security. We quickly instituted standards and training.
I'd like to change the page quote. In REAMDE by Neil Stephenson there is a scene where three hackers are expected to figure out which apartment contains some other hackers, leading to this dialogue:
"Why do they believe that?"
"Because we are hackers," Csongor said, "and they have seen movies."
The Torterra Moves!
Great picture. But why not use the whole comic? Funnier that way.
https://angelskingsandweirdos.com ''Where imagination takes wing... and then gets sucked into a jet turbine."
Re TRON's entry -
- Averted, since Flynn was simply using a hacking program in the first case, and using Alan Bradley's password to falsify a password for a back door. The former was exciting because it was from the perspective of the software, and even actuarial programs are badass in cyberspace.
- Not quite averted enough because Flynn's "hacking" when seated at the terminal used a lot of ordinary English as if he was having a conversation with the machine. Then again, because the MCP is a fully sentient AI, it makes sense that he would have a conversation with it, and it's clear that the actual hacking is done via typing.
- I'd counter that. Mainframe job control languages were sometimes quite English-like. Examples of this include DEC's DCL or ICL's GEORGE. Lots of "fluff" words that were ignored. Even on the CLI used by big boxes like the DEC VAX. More seen on Alan's terminal earlier when he authenticates - "Request - Access to the TRON program; user 717-BRADLEY" etc etc. I'd leave as "averted".
- Averted, since Flynn was simply using a hacking program in the first case, and using Alan Bradley's password to falsify a password for a back door. The former was exciting because it was from the perspective of the software, and even actuarial programs are badass in cyberspace.
Kevin Flynn was forging a "Group 6" account, which in the security model used would have been the next sysadmin level up. I maintain it was averted... on the basis that job-control languages of the time were more english-like, while they still accepted command contractions. For instance, in DCL, you could actually type "DIRECTORY OF FILES" or "DIR" etc...
A recently-discovered Rowhammer DRAM EXPLOIT
sounds really far out.
The three finest things in life are to splat your enemies, drive them from their turf, and hear their lamentations as their rank falls!