Hollywood has had a long history of misrepresenting hackers. They are usually depicted in TV shows and movies in two ways: A bunch of nerdy weirdos with no life or miracle workers that can penetrate highly secure IT systems by maniacally pounding on a keyboard. But what are hackers really like and what do they actually do? We find out.
Hacker dual wielding keyboard picture from Shutterstock
We spoke with Websense sales engineering manager, Bradley Anstis, and security engineer, Michael Ferguson, on what they thought were the four biggest misconceptions about hackers perpetuated by Hollywood. Without further ado, here is the list:
Hackers love using graphical user interface (GUI)
GUI is essentially the part of software that adds a visual element to programs, allowing users to understand and interact with them easily. In other words, it dumbs down software for us mere mortals. Windows and icons that you can drag and drop on your desktop are examples of GUI.
Movies and TV shows that have done little to no research (most of them) depict computer experts performing feats of hacking through GUI. Perhaps this is to make it more palatable for people who are clueless about technology, but it’s not very accurate.
Hackers generally use command line interface (CLI), so think rows and rows of code that is hard to track and decipher if you don’t know the type of coding language that is being used. If you want to do something in an application, you have to typed in a command and you’ll receive a response back from the system. Nearly every professional and expert hacker uses Linux or Unix for this.
Hackers rely only on computers to do their bidding
Hackers don’t just sit in front of computers bashing out lines and lines of code. Sometimes they actually have to pick up the phone and speak with people to gather information that will assist them in their attempts to gain entry into protected systems. This is called social engineering and it’s the art of manipulating people so they divulge confidential information.
Hackers have been known to impersonate employees of companies they’re trying to access; essentially calling up the business and tricking people into giving them the information they need. There are even stories of attackers impersonating external IT services worker and walking right into an organisation they are targeting.
People also underestimate the amount of personal information floating around on the internet that hackers can take advantage of. Date of birth details, which are commonly used to verify a person’s identify, are readily available on social media and it could be as simple as posting a picture of your 25th birthday party on Instagram. It’s not hard to work on your date of birth from that.
Hackers are just highly intelligent code monkeys
Hackers are perceived as intelligent nerds who are just really good at coding, but we should also give them credit for being creative. They are always finding new ways to exploit vulnerabilities in technology and in people.
People. We are quite easy to take advantage of aren’t we? Considering there are still people who fall victim to Nigerian Prince-esque scams, there are some of us that are just begging to be targeted.
One of the more creative ways hackers can gain entry into their desired IT systems is by piggybacking off the carelessness and ignorance of employees. The perfect example of this is an experiment conducted by founder of Secure Network Technologies, Steve Stasiukonis. Back in 2006, to assess the security of a client he was working with, he littered USB sticks loaded with a Trojan virus around the company’s car park. Employees actually picked up the USBs and plugged them into their PCs. The Trojan then came to life and allowed Stasiukonis to farm the login credentials of those workers.
Hackers work alone or in small groups
While this may have been true in the early days, hackers do team up to form bigger groups for concerted attacks. Think Anonymous, which has members scattered all across the world.
Another point to note is that as cybercrime has become more organised, hacking tools offered as a service has become commonplace. You can rent a platform, databases, phishing campaigns, exploit kits through various sources to use for more strategic attacks.
Attackers can go shopping in these virtual hacker supermarkets and just pick and choose what tools they want to use, which makes hacking at a larger scale so much easier than before.
What are some other hacker misconceptions you want to kick to the curb? Let us know in the comments.