Hacking

Hacking:

noun

The gaining of unauthorized access to data in a system or computer.

The Economic Times defines hacking as “an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose”. I find the phrasing here to be interesting – “for some illicit purpose”. Illicit means forbidden. Of course some examples of hacking, such as to steal personal information or destroy an organisation’s system, can fairly easily be defined as an illicit purpose. There are some other examples of hacking which may not be as black-and-white; such as hacking as art, hacking to find weaknesses in systems in order to strengthen them or hacking simply out of intrigue.

Within this scene in Mr Robot, hacking is used to expose a promoter of child pornography and hand them over to the police. And interesting digital artefact could explore the positive uses for hacking.

Hacking does not necessarily mean breaking into someone else’s computer, sometimes it just means knowing where to look inside files to find information, and what to do with that information. For example, you can download a photograph and then (on a Mac) find that photo in finder, and click ‘Get Info’. This will bring up information such as the date and time the photograph was taken, and geographical tags. You can use these tags to locate exactly where the photograph was taken. This technique can be used to find a location, or for more sinister purposes such as to stalk the location of someone. This information, however, can be hidden or changed. For example, mobile phones have an option to turn off geotagging and date-tagging when taking photographs.

Understanding what’s behind the content we see can help us begin to influence things in new ways. Here is the ‘map’ of a tweet, which breaks down the coding behind a tweet.

Understanding the anatomy of platforms helped Hacker/Artist Glitchr to ‘break’ Facebook and Twitter for the sake of art. Glitchr uses Unicode to break out of the traditional norms of social media posts, resulting in images like the following:

ه꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲҉꙰꙱҈̿꙲
— Glitchr ‮ (@glitchr_) June 15, 2014

Ͱ͟҉͟҉͟҉͟҉͟҉͟҉Ͱ͟҉͟҉͟҉͟҉͟҉͟҉ه҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈Ͱ͟҉͟҉͟҉͟҉͟҉͟҉Ͱ҉͞҉͟҉͞҉͟҉͞҉͟҉͞҉͟Ͱ҉̅҉̅҉̅҉̅҉̅Ͱ҈̟҈̟҈̟҈̟҈̟҈̟҈̟҈̟҈̟҈Ͱ҉̅҉̅҉̅҉̅҉̅Ͱ͟҉͟҉͟҉͟҉͟҉͟
— Glitchr ‮ (@glitchr_) April 1, 2014

Hacking networks

It’s one thing to manipulate code and data within digital artefacts, but hacking networks is another situation entirely. When I think of hacking, this sort of process is what comes to mind (not reverse-searching image geotags).

Snooping

“Snooping, in a security context, is unauthorized access to another person’s or company’s data.” (www.cybertraining365.com)

Snooping refers to monitoring activity on someone else’s computer, or someone else’s computer activity. This could be done in person, by literally watching someone on the computer. It could also be done through installing snooping software on a device (often, without the device owner knowing / giving permission).

Snooping in itself isn’t necessarily a criminal activity. Employers are known to legally snoop on their employees to see how they use company computers. The government snoops to gain data and help prevent crime. Snooping can, however, be malicious if the snooper is attempting to gain sensitive information such as passwords, account information or bank details.

Sniffing

Sniffing is “a software or hardware application designed to intercept data in transit across a network (without blocking, modifying, or redirecting the data).” (www.cybertraining365.com).

Sniffing also covers concepts such as Eavesdropping and Wiretapping. Sniffing involves intercepting and reading traffic on a network. Passive sniffing involves the attacker setting up a hub which intercepts and reads all traffic between a server and a client. The attacker does not even need to be at their computer whilst the attack is taking place.

Active sniffing is also known as a Man In The Middle attack (the kind used in the Mr Robot clip). The attacker will interrupt network traffic between two computers, or a computer and a server. This means that the two computers (A and B) think that they are communicating directly with each other. What is actually happening is they are both communication with computer C – the attacker’s computer. This gives the attack control over all of the data being sent between the two points.

Wireshark

Wireshark is an open-source ‘packet analyser’. A packet is an amount of data being transferred over a network. Therefore Wireshark can be used to observe, capture and analyse these packets.

Wireshark allows a user to capture packets being sent to and from other servers using your current network connection, be it WiFi or Ethernet. Wireshark can be used to find misconfigurations in networks. During data capture, applying a filter can remove any packets from the capture that you know belong there, for example by filtering out TCP port 40 if you know that traffic should be coming and going from there (for this purpose, you don’t need to see what belongs, only what doesn’t belong). This filtering can help identify whether any there is any unwanted traffic on your network.

Wireshark, then, is another hacking tool that could be used ‘for good’ or ‘for evil’ depending on the user. There are many other packet analysis programs, such as Debookee and iStumbler.

Warchalking

A final, interesting point when exploring network hacking is the concept of Warchalking. Warchalking is the activity of advertising open WiFi networks by drawing certain symbols in public places.

A development in Warchalking is the use of QR codes. QR_Stenciler is a free tool which converts QR codes into stencils. The user can then create and use this stencil to spray-paint the QR code onto a wall, pavement or any surface. The F.A.T. Lab, creators of the QR_Stenciler, also created QR_HOBO_CODES which are a set of stencil designs of “hobo codes”, including icons used by Warchalkers.

Apps like WiFiFindr, Fing and WiFiMap can all be used to locate networks, without the need for warchalking. Furthermore, WiFi finder apps can be used to track connection paths, users and infringements on WiFi networks, making them a valuable tool for controlling your network connections.

Resources:

Glitchr https://twitter.com/glitchr
Glitchr https://www.facebook.com/glitchr
Hacking methods http://www.cybertraining365.com
Warchalking https://en.wikipedia.org/wiki/Warchalking