Hacking for Everyone?: An Introduction to Cyber Security

Introduction

About the Author

I have been working in computer security or ‘Cyber Security’ for over thirty years. Working for large businesses, government agencies and military establishments has given me a wide experience of many of the problems and issues ordinary computer users have with security associated with their use of computers. So, I decided to write this book to explain many of the features of modern computer use that have been with us for over thirty years and that give rise to many of the problems we have today.

I found writing this book very challenging. I wanted to write a book that explained to the general reader how a now all-pervasive technology came to be and how all the inherent weaknesses of this technology can be exploited by resourceful hackers intent on causing a variety of outcomes. Unfortunately, the computer industry is not consistent in its use of terms, so often hackers are referred to as ‘bad actors’. The terms are interchangeable.

I did not want to use heavy technical descriptions that would explain to the technical specialist just how certain techniques work. As I stated earlier, this is intended to be a book for the ordinary computer user, not the technical specialist. As such, I have had to re-think information, skills and technologies that I have used and been familiar with for over thirty years. That process has not been an easy one. This book will not teach you how to become a hacker; that is not its aim. Rather, it teaches you about the common techniques hackers use and how they work so you can start to protect yourself. Protection from hacking or being hacked is not something that can be completely automated; it is something each and every one of us has to get involved in if we are to protect ourselves. In any hacking situation there is usually a chain of events; this chain involves people, processes and technology. If there is a failure in any one of these components, this increases the vulnerability of the system or person.

To begin with, there is no simple definition of a hacker. In the 1960s and 1970s such a person would have been seen as an engineer trying to work out how some system worked. This role then evolved into people hacking for money, for extortion, for political purposes and many other reasons. This now includes organised crime and state-sponsored activities. Hackers use a variety of techniques that will be explained in this book. Clearly, in a small volume like this, I cannot go into detail about every single hack and exploit. I cover a selection of the most common with example screenshots and suitable explanations. But, before we begin, some essential concepts need to be understood from the outset.

Some Definitions

Firstly; the Internet is NOT the same as the World Wide Web (WWW). In modern talk and journalism the two are seen as the same thing. They are fundamentally different. If I were to use human language as an example, the Internet is comparable to all human languages. This means there are many of them. The World Wide Web is just one of these languages, albeit a very popular and pervasive one. The reader can think here that the World Wide Web is the English language while the Internet is every language in the world, including English. In Internet terms, these languages are called protocols, a system of communication and control. The World Wide Web uses a protocol called Hypertext Transfer Protocol or HTTP. This is only one of the over two hundred protocols available on the Internet. Each of these has its own strengths and weaknesses that a knowledgeable hacker can utilise. If one secures one’s web interface, there remain many hundred other protocols that a competent hacker may exploit.

Secondly; the Internet was never intended to be secure in the sense we mean today. In the late 1960s and early 1970s, when many of the core principles were being laid down, it was seen as being a trusted network (largely for military purposes) for communication amongst a trusted community with very limited access to the network itself. No-one then foresaw how it would develop. In the early 1980s, one report speculated that if the Internet carried on growing there may well be as many as 3,000 computers or devices on it. Clearly, given the over four billion computers, tablets, phones, printers and other devices on it today, and its use in controlling many industrial systems, things have come a long way, but all these systems still use those open, trusting protocols that can be exploited by the unscrupulous.

Thirdly; there is, once again, in common and journalistic parlance, a tendency to use the words ‘coding’ or ‘programming’ to mean creating web pages. When these words are used in this book, they mean computer programming or computer coding. This means we use computer languages such as Java, C, C++, BASIC, FORTRAN and Assembly language. These are specific technical languages that allow the programmer to control the underlying hardware that comprises the computer system the programmer wishes to control. This approach and technique is called ‘software engineering’. Web page design uses a language called HTML (Hypertext Markup Language). These last two words give the game away. They do not say Programming Language! In a markup language, commands say things like position this box here, colour this box blue display this text in bold. This is not the same as the very detailed instruction in a programming language. There are some similarities between the two approaches but only similarities. Throughout the book, I use the