cropped-icon-Logo-320.png
AhmadFaizun.com

Hacking Journey to the Future

Information Security expert that recognized as global contributor on  encryption and development of new security testing tools and protection system.

back to overview

Hacking Journey to the Future

By Ahmad Faizun (international money laundering and cybercrime investigator)

hack (v.2), since 1984 has new popular meaning as "illegally enter a computer system". And continue to have negative connotation although many individual that has transformed their profession into “legal good guys” try to name themselves by white hackers or white hat. While people who still acting illegally to entry a computer system has new terms: “black hat or black hacker”. 

These terms, in my view, comes from people who although their activities still the same, which is “hacking”, their conscience told themselves, their good guy that performing hacking. They are performing the hacking activities for the goods of the people who own and use the system. So that the black hacker will no longer have access to the system. 

Furthermore, those white hacker want to spread their knowledge to their pupil. Then, they create a curriculum called ethical hacking. A standardized method to do hacking, the early adopters of these systematic learning method called CEH (“Certified Ethical Hacking”), with standardized exam to proof that the CEH curriculum adopters have the same knowledge and skill.

Todays, this certification has grown into sect, likes OSCP, PenTest+, CCNP/CCIE Security, CyberOps Associate, CyberOps Professional and many more. Looking back, we can note several historical milestone to understand more about Hacking.

1960s

Interestingly, the term “hack” did not originate from computers. Rather, it originated with MIT’s Tech Model Railroad Club way back in 1961 when club members hacked their high-tech train sets in order to modify their functions. They later moved on from toy trains to computers, using the elusive and expensive IBM 704’s at MIT to innovate, explore, create new paradigms, and try to expand the tasks that computers could accomplish.

These MIT students – along with other early hackers – were interested only in exploring, improving and testing the limits of existing programs. In some cases, these hacks even produced programs that were considerably better than the pre-existing ones, as was the case with Dennis Ritchie’s and Keith Thompson’s UNIX operating system.

1970s

While computer hacking continued to flourish in the 1970s, the decade also gave way to a new type of hacker: one that toyed with telephone systems. Dubbed “phreakers,” phone hackers, such as the infamous John Draper, exploited operational characteristics in the telephone switching network, which had recently gone completely electronic.

Draper legendarily discovered that a toy whistle found in Cap’n Crunch cereal produced the exact tone necessary – 2600 hertz – to indicate to long lines that a line was ready and available to route a new call. This allowed him and other phreakers to dupe the network and make free long distance calls.

The phreaker subculture not only gave way to influential hackers like Draper but also to digital visionaries, as well. Before they went on to found one of the most successful computer companies in the world, Steve Wozniak and Steve Jobs were, in fact, humble phone phreakers.

1980s

The 1980s was a watershed decade in the history of hacking, as it marked the introduction of turnkey personal computers to the general public. No longer limited to businesses and prestigious universities, computers were available for everyone to use for their own purposes – whatever that may be. Unsurprisingly, the wide availability of personal PCs led to a rapid increase in hackers.

It was not the only big change to occur in the hacking community. While there were still a large number of hackers interested primarily in tinkering with operating systems, a new breed emerged that was more concerned with personal gain. Instead of using their technological know-how for improving computers, they used it for criminal activities, including pirating software, creating viruses and breaking into systems to steal sensitive information.

It did not take the law long to respond. The emergence of cyber criminals was swiftly met in 1986 with the first legislation related to hacking, the Federal Computer Fraud and Abuse Act.

Meanwhile, this was also the time that the idea of hackers being digital savants capable of doing both great and terrible things entered popular culture. A number of books and films were made that popularized the idea, mostly notably the 1983 flick War Games in which a suburban teenager finds a backdoor in a military central computer and nearly starts World War III.

1990s

Riding on the coattails of the big changes that occurred in the 1980s, the 1990s were when hacking really began to achieve notoriety. The term hacker was tarnished by an ever increasing number of cybercrimes perpetrated by “crackers” (or malicious hackers) and the high-profile arrests that followed.

Kevin Mitnick, Kevin Poulsen, Robert Morris and Vladimir Levin were some of the more notable crackers to come out of the decade, having been arrested and convicted for the likes of stealing propriety software from big name corporations, duping radio stations to win luxury cars, launching the first computer worm, and leading the first digital bank heist.

The once close-knit hacking community also saw its breakdown in this decade. In an effort to crack down on computer crime, the Secret Service launched sting investigations, conducted early morning raids and arrested a number of hackers. Trying to avoid conviction, members in the hacking community began to inform on each other in exchange for immunity.

2000s

Ethical hackers continued to see their good name dragged in the dirt in the 2000s as attacks launched by malicious hackers dominated the headlines.

New and dangerous types of hacks emerged that victimized government entities and prominent businesses. Microsoft, eBay, Yahoo! and Amazon were among those taken down in massive denial-of-service attacks, while the Department of Defense and International Space Station had its systems breached by a 15-year-old boy.

2010s

The world now firmly in the digital age, the hacking community has become more sophisticated, complicated and complex than ever.

Lone wolf hackers and small hacking groups still exist in every corner of the internet, either optimizing software or launching ransomware and Wi-Fi attacks depending on their hat. That said, it’s “hacktivist” groups, such as Anonymous, that have taken center stage in this decade, releasing highly classified documents, exposing government secrets and leading vigilante digital crusades in the name of defending the public from being harmed, exploited, or withheld information.

In reaction to both hacktivists and cyber criminals, government entities and big corporations are scrambling to improve security while computer giants work hard to tweak their systems. However, while cyber security experts continue to be recruited, systems upgraded and technology innovated, hackers—good and bad—consistently and unsurprisingly stay one step ahead.

A picture containing text, screenshot, design Description automatically generatedA picture containing text, screenshot, design Description automatically generated

Although Hacking already has 60 Years evolution phase, it has 8 Common Hacking Techniques that can be executed alone or combined with other techniques to create a more deadly attack.

Many attacks that infiltrate target computer or mobile handset need to be trigger by human click. Which nowadays, hacker starts to use timer to initiate their attacks, later well-known as time bomb.

  1. Phishing
    Phishing is the most common hacking technique. All of our inboxes and text messaging apps are filled with phishing messages daily. These are messages that are disguised as either as a trusted organization (Amazon, Netflix, etc.) or a person that you trust and will, in most cases, tell a story to trick you into clicking on a link or opening an attachment.
  • Bait and Switch Attack

Using trusted marketing methods such as paid-for advertising on websites, attackers can trick you into visiting malicious sites. When websites sell advertising space, it can be purchased by rogue attackers. The bona fide advertisement can be replaced with a ‘bad’ link that can be used to download malware, lock up your browser, or compromise your systems.

Alternatively, the advertisement may link to a legitimate website, but it will be programmed to redirect you to a harmful site.

  • Key Logger

A key logger is a small piece of software that, when downloaded into your computer, will record every keystroke. The key logger will capture every keystroke on the keyboard, every username, password and credit card number, etc., exposing all of your data and personal information.

  • Denial of Service (DoS\DDoS) Attacks

A Denial of Service attack is a hacking technique designed to flood your web server with a myriad of requests to the point that it overloads the web server resulting in a website crash.

To do this, hackers will deploy botnets or zombie computers that have a single task, flood your web site with data requests.

  • ClickJacking Attacks

This method tricks you into clicking on something different from what you thought you were clicking. The clickjacking element could be a button on a web page that, when clicked, performs another function, allowing others to take control of the computer. The host website may not be aware of the existence of the clickjacking element.

  • Fake W.A.P.

A hacker can use software to impersonate a wireless access point (W.A.P.), which can connect to the ‘official’ public place W.A.P. that you are using. Once you get connected to the fake W.A.P., a hacker can access your data.

To fool you, the hacker will give the fake W.A.P. an apparent genuine name such as ’T.F. Green Aiport Free WiFi.’

  • Cookie Theft

The cookies in your web browsers (Chrome, Safari, etc.) store personal data such as browsing history, username, and passwords for different sites we access. Hackers will send I.P. (data) packets that pass through your computer, and they can do that if the website you are browsing doesn’t have an SSL (Secure Socket Layer) certificate.

Websites that begin with HTTPS:// are secure, whereas sites that start with HTTP:// (no ‘S’) do not have SSL and are NOT considered secure.

  • Viruses and Trojans

Viruses or Trojans are malicious software programs that, when installed on your computer, will send your data to the hacker. They can also lock your files, spread to all the computers connected to your network, and perform many other nasty actions.

Hacking will never revolt, it always evolute and find a way to 2-3 steps ahead the security perimeter that protect the system. Thus creating new era, cyber war. China is one of the leading countries that has cyberwar army, hackers from China steal NASA data and prove to be guilty by US courts.

Criminals have a long history of conducting cyber espionage on China’s behalf. Protected from prosecution by their affiliation with China’s Ministry of State Security (MSS), criminals turned government hackers conduct many of China’s espionage operations. Alarming as it may sound, this is not a new phenomenon. An indictment issued by the U.S. Department of Justice last year, for example, indicated that the simultaneous criminal-espionage activity of two Chinese hackers went back as far as 2009. In another case, FireEye, a cybersecurity company, alleges that APT41, a separate cohort of MSS hackers, began as a criminal outfit in 2012 and transitioned to concurrently conducting state espionage from 2014 onward. But there’s reason to believe that since then, China has been laying the groundwork for change.

A spate of policies beginning in 2015 put China in a position to replace contracted criminals with new blood from universities. The CCP’s first effort in 2015 was to standardize university cybersecurity degrees by taking inspiration from the United States’ National Initiative for Cybersecurity Education — a NIST framework for improving the U.S. talent pipeline. One year later, China announced the construction of a new National Cybersecurity Talent and Innovation Base in Wuhan. Including all of the Base’s components, it is capable of training and certifying 70,000 people a year in cybersecurity.

The trend of ethical hacking school is copied by China government up to creation of World Class Education facility to generate the Next Generation of Hackers. Left behind the old cyber-criminals that utilized by Government to espionage foreign countries. This new business model, backed by Government official. Indonesia should be prepared to seriously consider the full range of options to meet the challenge of China’s next generation of hackers.

This industrial model to create hacker will fasten the supply of high-quality hackers, security experts and new tools and techniques to perform hacking. In the near Future, only well-prepared enterprise and government bodies (especially like USA, their Department of Defense has $ 9,85 Billion CyberDefense, 52% of total State CyberDefense budget in 2021) can protect their system from well-develop hackers group – that grooming from industrial model and supported by Government Official.

The hacking methodology is very simple, i.e. reconnaissance, scanning, Gaining Access, and Clearing Track. But when to practice it needs strong foundation, Future direction (Grand Design) and achievable Road Map to accomplish the mission unnoticed. 

Undetected, unknown, unaware – stealth mode hacking is what I called excellent hacking. If China hackers still get caught by US government, then they did not follow the methodology in correct manner – they forget to clear the track, potentially creating tension between government of both parties.

In Hacking, some techniques can be called breakthrough, innovative or even revolutionaries. But actually, is can be considered as applicative science, it’s not pure science like math. Hacking evolute according to the underlying technology available in the market. While the market is formed by Enterprise class of software and competitive open-source software developed by communities. Both technology still run on top of architecture from processor manufacturer – enterprise company. 

True hacker will optimize his hacking techniques with all available technology in the market. Even now, the IoT, is the next big thing for enterprise, already being exploited by hackers. By following the market trend, hacking techniques surely applicable in most attack target.

This is a race between security experts that try to close all the vulnerabilities that can be exploited by the hackers. Meanwhile, the hacker will always sharpen their skills and take opportunities whenever their find a security whole in a system. Remember, given enough time and money, their no system that stays secure.

Reference:

  1. https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-evolution-of-hacking/
  2. https://www.netsurion.com/Corporate/media/Corporate/Images/Blog/Infographics/evolution-hacker.png
  3. https://www.giac.org/paper/gsec/3055/evolution-hack-attacks-general-overview-types-methods-tools-prevention/105082
  4. https://www.oceanpointins.com/ri-business-insurance/cyber-liability-insurance/8-common-hacking-techniques/
  5. https://www.oceanpointins.com/ri-business-insurance/cyber-liability-insurance/8-common-hacking-techniques/
  6. https://ccdcoe.org/uploads/2018/10/Ch06_CyberWarinPerspective_Koval.pdf
  7. https://techcrunch.com/2021/11/12/chinas-next-generation-of-hackers-wont-be-criminals-thats-a-problem/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAIwWJbfeyvJ68b0u0TDtv9lX-acj2N5IzWt_CoX2Quv0lGV1uuZ-WBuwUR_PQCU6Z025Nc8EVeW1JO0f3hhLSEX4-mEPt8OEQUFMjAO_nOTO0QRrvJc7vChx_Zv9Ah6AGu2mjfAc6OoIy_xRVtv_dPwjsUMtzf8S5lYdAmS3GGmA
  8. https://www.kobo.com/us/en/ebook/hacking-the-next-generation
  9. https://www.vice.com/en/article/dypgkw/the-14-year-old-who-founded-girls-who-hack-is-inspiring-the-next-generation-of-hackers
  10. https://www.blackhat.com/docs/us-16/materials/us-16-Hecker-Hacking-Next-Gen-ATMs-From-Capture-To-Cashout.pdf
  11. https://encyclopedia.kaspersky.com/knowledge/a-brief-history-of-hacking/
  12. https://www.etymonline.com/word/hack

 

Scroll to Top