Modern Hackers Good-Bad-Both

I have explained some of the description and history of a hacker on Fixvirus.com post¹:

I want to refocus on the 3 types of hackers: White, Gray, and Black hat.

The White hat hacker is the good guy, the black hat is the bad evil guy, and the grey hat does both good and bad. This  white and black hat good vs. evil came from the early black and white film days where there wasn’t time to explain everything(early movies did not have sound)  and it was easy to know that the white hat actor is the good guy.

So the black hat hacker is the guy(or gal – but we will assume male as most are) who will  lurk in the Darknet and try to “hack” you for money.

mrrobot-usanetwork

There is another aspect of the hacker as is evident from many reports and the USA Network series  “Mr Robot”² which has some interesting methods of attacking a network defense:

  • Hackers are not just electronic hackers – they will give you CD’s which  are supposedly “music CDs” but are laced with malware that will phone home and cause the pwnage of your systems.
  • Hackers will call cab companies after seeing a person enter(because they have been watching you) and then find out where you live. Because Social engineering is easy on customer support
  • Getting into a “secured facility” means making up an identity and asking for a “tour of the backup facility”
  • Hacking inside a network can also come in the form of employees of a company get hacked and then ransomed by giving access to the company.
    • Hack an important employee
    • Get employee to insert malware  on company computers after threatening them
  • Classic drop USB and wait for an unsuspecting person to plug it into their computer.

I watched the first season on Amazon Prime.

I realize it is only a movie series but life is stranger than fiction, and hacks are definitely only as good as the defense is aware of them. So that is why we need to review movies as well as conventions such as DEFCON24³ (which just finished Aug7th).  the speaker material is online in a torrent for download.

There is an interesting Mr_Robot_dec0d3d.doc YouTube video(4) where a discussion of  the Golden Globe awards given to the series, and also some good information: “world of hacking struck a chord with the public” says Sam Esmail the creator.

mrrobot

  • I will say this, the hacks are as realistic as one can be and better than most shows, as most shows do not show you the commands, I saw some Linux commands ps aux| grep <string> command. Or how they hacked passwords – actually used some of the password cracking programs.
  • Jeff Moss is on this Youtube video(Defcon executive producer and founder).
  • Kaplan reviews the 3 different types of hackers (White, grey, and black hat)
  • Lance James – Scientist at Flashpoint says that the main character is the most accurate characteristics of a real hacker (conflicting personalities, different agendas, loneliness and more)
  • Social Engineering aspect was discussed in the series as accurate as possible. A human can be manipulated to bypass the best security.
  • The reason the hacks use real pentest commands etc, is that they hired a security tech for the movie which builds the system screens.

 

What should we take out of this?  The bad is criminal black hat hacker is romanticized a bit much as now they are humanized and idolized as only Hollywood can do. (sort of good to see their struggles)

It is good to see an explanation and actions of hackers, some of the hacks may make more people paranoid – definitely a good idea to tape your webcam on your notebook.

Of course one can do good with hacking as one can test the network/systems to bring defenses up to speed. This aspect of hacking is not discussed in the series.

Overall I think it is good to see some of the techniques distributed to people who may not know “hacker” techniques. The weakness in any network are the humans. Having training and awareness is good, and in that point this tv series does good.

 

2nd season notes added:

The show Mr. Robot now is trying to be edgier and has ‘hacked’ HVAC home automation lights/alarm system and proceeded to run the alarms and hvac colder (even after manual overrides).

homehvaccontrolhack

 

This is the best screenshot I could not resist taking, (BTW – am using Sling TV for a week of free trial to see the 2nd season(up to 5th apisode)- as it costs $2 per episode on Amazon) Episode 6 is tonight (August 10th.mrrobotencryptionscreen

In the 2nd episode (season2) the Ecorp/Evilcorp  (apparently is from creator Esmail name) has ransomware on all their computers and have to pay $5.9 million or else ‘brick the system’. None of the tellers could make a transaction. The CEO suggested a “bank holiday”. makes you wonder the next time a bank can only hand out $100 or €100 at a time. What is really going on behind the scenes?

And as it goes on the favorite punching bag – the Chinese are potentially behind the major hacks after all. Chinese are reading FBI reports(would not be surprising).

——————————————————————————————-

Contact Us to talk to a Certified Ethical Hacker

 

 

 

1) https://fixvirus.com/why-use-certified-ethical-hacker/

2) http://www.imdb.com/title/tt4158110/

3) https://www.defcon.org/html/defcon-24/dc-24-index.html

4) https://www.youtube.com/watch?v=1BbTUASfrAI