Jun 29, 2013

Hacking | The Misconceptions of the Common Man

The other day, a junior of mine was narrating to a group how he hacked into a friend's Facebook profile. Great, I thought. Kids nowadays are turning out to be pretty smart. However, his emphasis was on what he did (about a lame ass chat with a lame ass girl) rather than how he did it. Turns out his friend had left his account open, and he just happened to be there. The meme here says it all.


That is not hacking. Hacking is something completely different. A more popular story comes to my mind. Last year, the digital life of a Wired.com writer, Mat Honan, was completely destroyed by hackers (note that he was targeted just because they liked his three letter Twitter handle). The hacker, who contacted him later, calling himself Phobia, got a link to his personal website, which mentioned his Gmail address. They attempted a Google account recovery, which showed the alternate email address as m••••n@me.com.

The me.com email was associated with his Apple Account. Phobia got his billing address from a whois search on his personal domain. Getting the the credit card number was a bit tricky though. But not tricky enough.

First you call up Amazon and add a Credit Card to your account. All you need is a name, an email and a billing address. After that, you call them again and say you lost access to your account. On providing the name, billing address and the bogus credit card you added in your last call, Amazon allows you to add a new email address to your account. Viola! You have access to the Amazon account.

Next, with the actual credit card number, billing address and name, you call Apple Care and get the account reset. With the access to the Apple ID, you get access to the me.com ID, and then Gmail, and then whatever else is connected. The hackers erased all the information in his iPhone and Mac Book. Mat Honan managed to get everything back though, here's the story in his own words.

Let me tell you another one. Indian born Cornell University student Debarghya Das was requested by his friends to get the results of CICSE a day before they were launched. He studied the poorly written JavaScript in the page and generated a script to extract all the results (which were public surprisingly!) He has described the process in a Quora post. What he did after extracting the results is to analyse them and the  results were shocking. I would not stress on his conclusions but rather his process. Although, newspapers claimed he 'hacked' into the ICSE system, it was a result of simple web scraping.

These two contrasting stories bring me to my very point. Who is a hacker? Simply put, hackers are doers.


As the inforgraphic suggests, hacking doesn't necessarily mean searching for vulnerabilities in a computer system and taking advantage of those. A hacker is simply a computer enthusiast, who loves solving problems. Not just mathematical problems, but real life problems.

The common man, though, has a great misconception. The term hacker in generally associated with something which we fondly call crackers. A cracker is someone who seeks and exploits weaknesses in a computer system or network. Modern media is to blame, who have continuously confused the public with the use of the term hacker for the term cracker! Take for instance, the ruckus they created when Debarghya Das scraped the CICSE results. Newspapers like The Daily Mail, The Hindustan Times and The Times of India claimed that he 'hacked' into the system when it was a case of simple web scraping of publicly available data.

Then, there are personalities like Ankit Fadia are fooling the public with their hacking courses- you can't possibly hack into Gmail or Facebook by pressing a button or with one click. In fact, all those stories you hear are caused by the ignorance of the people, just like Mat Honan suggested. He says had he put a two step authentication in Gmail, his hack could never have progressed.

That being said, how do (read) crackers break into computer systems and networks? It's all about finding the right pattern in the labyrinth of data, which we call noise! You have just got to look hard enough, and you would definitely find the required pattern- and once you do, breaking in is a piece of cake.

In one of the TED talks last year, Angad Nadkarni, a self proclaimed hacker talks about hacking in general and how he 'hacked' into the Indian education system to save students from the noise of education in India- ranging from reference books to coaching institutions. Well, he was right in terms of the use of the term 'hacking' for sure. He named his application Examify.

What the application does is pretty simple. It takes in a large volume of question papers and analyses them to tell you what to study and what not to study. How does the application do it? Well, as it goes through the given data set, it assigns probabilities to different topics. That means the larger the data set, the more accurate the prediction.

It's basically a classic example of supervised machine learning, and more precisely a case of binary classification. Binary Classification involves classifying the members of a given set of objects into two groups based on whether they have some property or not. The process involves feeding the system a data set of past information so that it is able to predict with a certain amount of probability of the category or group of any new data.

In the case of Examify, the binary groups would be whether a question/topic would be asked in the next exam or not. Theoretically, we can go up to an infinite number of properties, but in general, we generally stick with a more humane number.

Examify is an example of how true hackers work. I would like to conclude with a quote by Rasmus Lerdorf, the creator of PHP.
I actually hate programming, but I love solving problems! And programming is an unfortunate way of solving the said problems...
----------

(Link to video: http://www.youtube.com/watch?feature=player_embedded&v=88IJCKhsCTE)

This is written for the IndiBlogger contest 'The Idea Caravan' sponsored by Franklin Templeton Investments partnered the TEDxGateway Mumbai in December 2012.

Liked this post? Have any suggestions? Just let me know. Feel free to comment below!

0 responses:

Post a Comment