This week was a real eye opener for me as far as IT security is concerned.
We’ve all seen movies or TV shows where hackers sit down in front a computer and say "just give me a few seconds." Then, hey presto, they’ve hacked into someone’s account or even business or government systems.
As someone who had never studied hacking of any kind I really had no idea how you would begin to hack someone, but was pretty sure it takes a lot longer than Hollywood would have us believe.
This week, though, I got my first taste of hacking action. It was all ‘pretend’, if you like – a carefully set up and harmless exercise as part of my 101 hacking tutorial with Rapid7.
Like I said, I had no idea about any of this stuff but within an hour I had completed my first hack. It was a basic one but you have to start somewhere. For people who really do know their stuff it could actually have been completed in a matter of seconds. I definitely have a long way to go before I get to that kind of level but I definitely learned a lot.
My tutor, Mike Belton, is the assessment team lead for Rapid7’s security services group. He gave me an amazing presentation about the history of hacking, explaining how it has developed over the years and how attacks are advancing year-on-year.
Something that we talked about, which I found particularly interesting, was the importance of stealth when hacking. Generally, when you hack someone you don’t want to access all available data. You want to gain as much as you can without making any ‘noise’. In other words, you want to take what you can without being detected.
Content from our partners
Companies that employ skilled security staff and implement the relevant technologies may be capable of detecting such hackers. For those who are not so clued up and prepared, they might already have been compromised without ever knowing about it.
After this class, from an individual’s point of view, the most important thing I could probably say is "patch, patch, patch."
Unpatched software is vulnerable software. A specific patch wouldn’t even exist if a specific vulnerability didn’t exist. If you don’t install patch updates promptly, you’re leaving yourself open to attack.
Also, change passwords regularly. In the old days, hacking took far longer and the advice back then was to change your password every month. Even then, the advice wasn’t good enough.
Now that you can be hacked in a matter of seconds or minutes, we should all think about changing our passwords far more often – although changing them every few seconds might be a tad excessive.
