Blog / Does Being a Hacker Take Special Knowledge and Tools? – Is this a Hack I See Before Me? Its Link Upon My Browser? Come, let Me Download Thee!
I’ve often run into an abundance of misconceptions when it comes to Computer Security. Many of them revolve around what a “Hacker” is and the difficulty of becoming one. There is this assumption that in order to pull off a successful hack, you need to have in-depth knowledge about inner workings of computers or something.
It is a laughable one, really. A little while ago, I read an article about a high school kid who pulled off a hack. He successfully performed a “Denial of Service Attack” on the Cloud setup that his school had put together for online learning. He didn’t use any sort of difficult-to-find tool, and yet he was able to keep the entire service offline for a few days (and enjoy some extended summer vacation), until he got caught.
So, in order to pull this off he must have been really knowledgeable about computers or something like that. Maybe he got onto the Dark Web and used an illegal piece of software created to cause damage. Perhaps he compromised a password or created his own tools, like something you would see in movies when they show people doing tech things on computers (please don’t get me started on that nonsense.) Well, the answer to all of that is a simple, No. He actually used a free tool that you can download from many different places on the Internet that is intended to test your website.
The tool in question is called “Low Orbiting Ion Canon” (LOIC.) It is mentioned often in articles and blog posts. The traditional Denial of Service Attack (DOS) is a flood of traffic. The weakness of this attack is that it is easy to detect and block. The next step is to send a flood of traffic from multiple locations, a “Distributed Denial of Service Attack” (DDOS.) This is easy to detect but harder to block, since it comes from lots of places. Tools like LOIC don’t generate large amount of traffic. They use more sophisticated methods of tying up resources and preventing access. This makes the attack even harder to detect, as you are no longer looking for a large amount of traffic, but traffic that looks a certain way.
Security tools like LOIC are essential gizmos for network administrators. They provide the ability to test your own defenses from actual attacks and provide a method of pro-active remediation. If you should happen to use one of these gadgets (during a test that you would obviously schedule), you can see the impact and work done to improve your defenses. This is made easier because you know exactly what was used against you. Thus, you can make some adjustments and test again. If you wait for someone else to use these same devices against you, then you’ll run into the identical problem, but have no idea exactly what caused it.
Vulnerability scanners are another tool used by hackers. Their purpose is to detect known vulnerabilities (ahem, KNOWN vulnerabilities.) Many of these require a purchase, but some are also free, and still very effective. Most vulnerabilities also have tools designed to make use of that specific exploit (rather than just detecting it.) Again, these tools are necessary, so that administrators can test to see if the mitigation steps they took were effective.
Finding these tools is not difficult. Using them is also not that hard. They’re free to download, easy to find, and very well documented. It really doesn’t take much technical skill to use them; just a certain amount of curiosity and a willingness to play around a bit.
It boils down to the supposition that there’s an intellectual barrier to becoming a Hacker. That you need to be unusually smart or skilled. The presumption is not just wrong, it is backwards. Even making your own Ransomware doesn’t take as much as people think. There is code out there available on the Internet (not the Dark Web) that can get you started (it is not very good, but it is still a start).) Really, anyone who knows the basics on how to turn a computer on and get onto the Internet, already has more than enough skills to get started as a Hacker. After that, only time will tell if they have what it takes to be successful.
Is this a Hack I see before me?
Its link upon by browser?
Come, let me download thee!
If you have any questions about Monitoring Your Computer Equipment, reach out to your TRINUS Account Manager for stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.