Welcome to Eugene Tech Securities, I’m William Hart. First, a little background about me, I was 11-12 years old when the Internet was released to the main stream. I was fortunate enough to not only have a computer, but also an old school nightmare of a 14.4k modem right at the first release. If you remember those awful things, yes there was potential once you waded through the adult noises, the tied up phone line and the dreadfully slow connection. At this point in our understanding of networking there were few, if any standard security protocols. Imagine an Internet with all weak password, super slow connectivity and about 10,000 other bugs.
Now most parents are familiar with the concept that if you give a child a toy, they will explore all the limits. Which is exactly what I did, ignorant as everyone was to security issues. Before long I found myself guessing strings of numbers to gain access to credit card dependent sites, having access to things I now realize I shouldn’t have was the tip of the iceberg. Needless to say, adults figured out many of the issues relatively quickly. It was still chaos until then, and as you’ll see the change from 0 to few security protocols was in part caused by those who did some of the first malicious exploration.
It goes without saying, I got caught. After an 8 month search for little old me, the FBI finally connected the dots and my parents got a call no parent EVER wants to hear. Long story short, I was in tons of trouble, and well beyond. Next thing I knew I was being sent to Boarding schools (note plural, in total 5), many of which there are documentaries about how terrible and or traumatic they were. The school was without internet and had few computers. We were only allowed to do papers or school work on them and rarely at that. Again, let me reiterate I was young, exploring the limits of my newest toy and could simply guess numbers to create accounts, order products etc. At the time I felt very grown up being able to purchase my own things, accounts, etc without realizing the numbers I was guessing were someone’s credit card number and I was stealing. It simply never occurred to me until much later. With a lot more reflection time at boarding school, I realized the issue. Sadly this realization did not come before it was too late for me keeping my ordinary life.
Fast forward till 4 years back, I was still a relatively advanced computer user though any sort of practical application of network securities, or how a hacker penetrated a system in the first place (remember everything had gone from simple to crack (an 11-12 year old could simply guess with a high probability of being right) to professionals realizing they needed to find a way to limit remote access and secure things like banking institutes, check out carts, and credit card. Clearly security was at a horrendous low when I counted amongst the malicious (through my ignorance of what I was actually doing). Many of my friends were of that ilk growing up, yet did not get so unlucky as to get caught for THEIR ignorance. Many of these friends now work in this field and get paid near over $100k per year working as white hat hackers. Perhaps it was my influence with the reality check of repercussions being very real for what seemed innocent, perhaps their own personal reflection garnered them the same realizations that I had, we were part of the initial problem. My old friends’ success due to entirely self taught prowess while exploring limits and inadvertently pushing past them was something that stuck with me, so I again decided to invest in the knowledge myself. This time with full awareness of the repercussions possible for getting what I now perceive as underhanded.
Through my journey from an ignorant hacker with malicious results, to where I am now I have learned many things that tell me that a majority of basic security practices are still a foreign language to the average user. This still leaves a surprising number of individuals and businesses susceptible to attack, maybe even prone to it. As I have always preferred to be challenged, the white hat or ethical side of hacking very much appeals to me. This is simply because I will ALWAYS be the underdog, outgunned, overwhelmed and with more work than any one person can possibly do to move towards a secure online experience where the worries about data theft and cyber crime are mostly mitigated.
Now either through the developer’s ignorance that it is possible to use a process they have created as a backdoor, or their decision to leave a path in for themselves in case of a need for emergency repair, major vulnerabilities are growing rapidly. Of course this can be partly credited to our intense love of the technological and our obsession with the coolest new net gadgets (such as the Fitbit, CCTV or web interfacing security cameras to any number of small devices that connects to the net to make some process or another easier. In fact, it was these precise devices that caused the huge internet darkout October, 21 of 2016 (lookup mirai botnet for specifics). This was an attack that literally only took 20 common default user/password combos, then using Python scanned the net for devices connected, minus firewall rules (closing external facing ports to prevent unwanted connections) and utilizing default passwords. A type of attack far more advanced than guessing numbers but relying on the same misconception, a false sense of security. Do not let the same mistake in believing that you’re secure prevent you from testing such yourself, or even asking someone more experienced for help. Contrary to popular beliefs and almost entirely due to the belief being that Apple isn’t hackable, MacOs’ now rate in as the most vulnerable Os around. This could be mitigated, if the users hadn’t deluded themselves into a false sense of confidence.
Do not make the same mistake. Keep visiting this blog and subscribe to keep posted on some security pointers, potential vulnerabilities you may have, how to deal with them, what to best avoid, etc. Stay alert my fledgling security enthusiasts. If we work together to raise awareness of the most common mistake we can team up to help secure against unwanted threats. Only you can take action, be it simple audits of yourself or hiring someone to perform an audit for you. Don’t waste further time or wait till you’ve had data stolen to take precautions, by then it is already too late.