whats REALLY possible ?

[garry35]

with all the movies and tv full of programs showing a hacker or group logging on to a computer or somehow getting access to private files and creating chaos, how much is REALLY possible and how much is pure fantasy. has anybody had any experience with an hacker they would like to share.

Gazzer

[happyyarou666]

its far from a phantasy if you leave your pc wide open , its your job to lock it down as good as possible so nobody except yourself can get in , and never try to piss off or challenge the wrong people , cause then nothing short of trashing your pc , phone and cancelling your internet will save you

[Hungry Man]

I'd link to a recently hacked site that's got 'Hungry Man' on it but it gets... not-work-safe at some point lol

There's no graphic user interface, but an attacker can get full access to a services database. If they're looking for more they can usually get it.

[garry35]

part of my point is just how do you know not to piss off and just how safe CAN you be short of disconnecting from the internet, and even then you can still get hacked but it would just take longer or be more difficult to discover it........

[happyyarou666]

umm.. using common sense id have to say , not really much more to it, roam the internet and security forums , wilders too for some good advice on how to secure your pc session , dont know what story you was expecting to hear , as all things in life , common sense is where its at, this counts for browsing habbits as well, and keep your nose out of stuff your not willing to invest time into or have the feeling its too much for ya

[Mman79]

That depends on how how vividly you're thinking. If you're wondering if anything the likes of http://en.wikipedia.org/wiki/Live_Free_or_Die_Hard can happen, the answer is no. Hollywood likes to vastly overestimate the abilities of the bad guys, and hackers are no exception. You also have to consider the type of hacker that is interested in you, and how much support they have. If you're a corporation or government entity, you've got a lot more work to do to secure yourself than a home user does. China won't try to infiltrate your defenses and spy on your every move, but some low level Mafia associate might try to recruit your system into his botnet or the bored kid from 4chan might want to test his or her skills. Both may also like to take a peek at and use your financial data and other sensitive stuff, so keep all that off of your computer and in your filing cabinet/drawer where it belongs.

[LowWaterMark]

This is one of my favorite topics - the extent to which the media over dramatizes hacking - and how it gets people to believe what they see in movies or on TV shows.

The "Live Free or Die Hard" example is a good one. It, like many others, falls under a catch-all usually called "Hollywood Hacking". A search on that phrase will lead to a rather entertaining hour or two of story examples and links to videos from shows and movies, all of which are way out there.

My all time favorite is a scene from NCIS where McGee and Abby join together to thwart a hacker attack:

-http://www.youtube.com/watch?v=u8qgehH3kEQ-



While there are actually high skilled hackers in the world, things usually do not happen in any way like it is shown in the popular media. Likewise, individual people, at home, are generally not the targets of these hackers. It's the sitting targets (public websites) which by their very nature are meant to be accessed by everyone, that are the ones likely to be the focus of real hackers.

As for the extreme ease with which the hackers (or the good guys, in shows like NCIS), can access every computer database with even slight info about you, usually in mere seconds after they discover your name, is really way over the top. (In one episode, they only just find out the name of the "bad guy", and the boss asks, "can you track him?" Less than a minute later they have found out his cellphone provider, number, activated his GPS chip, and found him. Hmm, easiest question first... how did they narrow down which of the dozens of world-wide carriers that the guy used? Never mind zeroing in on the right person of that name... (you mean there is more than one John Smith that owns a cellphone?), in order to get to the right phone. Oh, might he not own more than one cellphone? Lots of people do.)

Some stuff is totally ridiculous. And, stuff that hollywood probably hasn't shown, might well be more amazing then anything they written. But, far, far less dramatic. Imagine showing a member of Anonymous sitting for hours on end going through automated scan logs, and following up with targetted SQL injection tests... only to get nothing in most cases. Then, after lots of effort, finally finding that one next target they can raid. Boring... for TV, at least.

[Mman79]

I totally agree. No one would sit through a real life hacker going about their daily routine. No holding the government for ransom, no blowing up infrastructure in New York City by typing in some code from your house in L.A. Just sifting through those logs, hoping someone does just the right steps to make your payload drop and more rather boring stuff. There is no magic in hacking, most often it's very badly configured or un-patched systems that beg hackers to come inside. The other times, it's long, monotonous work.

You have to ask yourself, if Hollywood hacking existed, why hasn't it happened? There's no lack of bad guys with the sacks to make a go of it.

[ComputerSaysNo]

Hacking is not exciting stuff, as others have said your thinking of HollyWood fantasy.

But there are guys like Kevin Mitnick who I respect greatly, these guys are like ghost's in the machine. They can get into anything, anytime. So don't piss off Kevin Mitnick and his friends.

[EncryptedBytes]

Quote:

Originally Posted by LowWaterMark

This is one of my favorite topics - the extent to which the media over dramatizes hacking - and how it gets people to believe what they see in movies or on TV shows.

I have no idea what you are talking about, this is how all governments track terrorists in real time... (source NCIS)


*Not pictured, the giant linksys router, connecting that global LAN.

[LowWaterMark]

Ah ha!!! There it is! The address that has kept us all wondering for years!

192.168.0.14

Those are the Uber Hackers!! My word!! They are the people we've been after forever!!!

Thanks you, EncryptedBytes!!

[mirimir]

OMG, they've found my secret NAS box!

(Actually, it's 192.168.111.14, but they're close.)

[dogbite]

At least what is easily possible is to gather a lot of personal data over the net, as this nice experiment in Belgium showed:

-http://www.youtube.com/watch?v=F7pYHN9iC9I-

[happyyarou666]

lmfao , nice clip , any more , made me rofl xD

[J_L]

Great video for the awareness the masses lack.

[TOMxEU]

Hacking will never beat the social engineering, why to bother hacking to get an access to private files when you can simply ask for the access? Works almost every time.
Anyway, hacking a computer will take a precious time and why would anyone even bother, if he can get million bots within an hour than to spreading some malware?

[AMIGA500]

Ok someone has to ask a silly question so it may as well be me.

Ive never actually been hacked.(well as far as im aware).
What are the "signs" of actually being compromised and "hacked"
Sorry for the daft question but i have images going around my head of my mouse cursor suddenly taking a life of its own and controlling my whole machine as i watch powerless.
Is that fantasy or a shocking reality.?

[xxJackxx]

Quote:

Originally Posted by Beethoven1770

...Sorry for the daft question but i have images going around my head of my mouse cursor suddenly taking a life of its own and controlling my whole machine as i watch powerless.
Is that fantasy or a shocking reality.?

Maybe if you have VNC installed and publicly routed with a really weak password, like 123456... otherwise you probably wouldn't actually see someone messing around on your machine. At least not anyone skilled. They would not want to be seen.

[mirimir]

From casual reading, I gather that large botnets are managed to maximize value. I guess that's obvious. Using slaves in ways that alert victims, by overloading network (e.g., email or forum spamming) or CPU (e.g., bitcoin mining) are risky. There's a life cycle logic, I suspect. You don't want to alert bot owners that you suspect, or they'll burn you down.

[EncryptedBytes]

Quote:

Originally Posted by Beethoven1770

What are the "signs" of actually being compromised and "hacked"

It honestly depends on the type of attack. The signs would appear in the logs, either anomalies and or outright deleted entries. Other than logs (At all levels from system, application, to network), there would be no outright signs of breach unless the attacker themselves was deviant (or amaturish). The only other way a system owner would know of a breach is to have sensors in place that would trip if some form of established baseline was modified. This could be in the form of an IDS/Anti-virus/Tripwire/etc..

The things you see in movies is hogwash. A real attack would go unnoticed unless the system owner was monitoring for such events.

[ComputersRock]

Quote:

Originally Posted by EncryptedBytes

I have no idea what you are talking about, this is how all governments track terrorists in real time... (source NCIS)


*Not pictured, the giant linksys router, connecting that global LAN.

Can do this on Tor? Or are all the ip addresses on that computer screen terrorists who aren't masking their ip addresses with Tor or some other anonymouization software? I am assuming the ip addresses displayed on the screen cannot be the real ip addresses of anyone using tor.

By the way, how did you find this picture? How did you find the inner workings of government agencies?

[PaulyDefran]

That pic is from a TV Show.

PD