第150期 不黑"一般人"的骇客
日期:2020-10-21 06:12

(单词翻译:单击)

Welcome back to Geek Time advanced. This is Brad. Hi, LuLu.

Hi, Brad.

So in the earlier episode, we talked about the basics of hacking and now we’re movein to the advanced hacking.We’re going to talk about hacking people or social engineering as it’s called.

How do you hack people? Again, you’re freaking me out. Are we in danger of being hacked?

Not hacked as it in like computer.

OK.

Basically, what social engineering is all about is convincing people that you belong in a place or you basically playing on people’s good nature.

So it’s like tricking people. Can you give us an example?

Like if I was wanting to hack a company, it might take me a long time to try to hack a company from outside of the company.

OK.

But if I wanted to get in much easier, if I could get inside of the company, I could do it. So what social engineering is is me going into the company saying I’m a new employee or I’m from this office and trying to convince them that I work for them, or coming in and saying that I’m an IT guy who’s been hired to come in and look at the server, and I try to drop someone’s name who works in the office and said Paul Stevens called me in and said that I need to go and look at this particular server.

Oh, wow. I think I’m really in danger of being hacked, because if you walked in and they say you’re the IT guy, you’re going to fix the computers, you are going to check the program, I mean, as long as you don’t look too suspicious, I’ll definitely let you in. I’d be like I don’t know anything about computers just get on with your work.

One of the things that they do is like, for example, they might wait outside of a company with a camera, take pictures of people who are walking in and out of the company, taking pictures of their like IDs and things like that. And so they can try to replicate a person’s ID or if they know which IT company goes there, they can try to replicate their uniform or their IDs, and so makes it looks even more professional.

All of these is just for the purpose of getting into the companies so that they can install some programs or that they consider like hack into their system from within.

Mhm.

Ah. But that is still company, right? That’s mostly company.What about our personal computers? How do we lead to the real method one?

Those are some different ways that people might go into a company and actually like break into a company. But if we want to like talk about like real hacking methods, we’re talking about the actual technology and computers, there are some different ways that hackers typically would run. One of the first things that hackers need to do is get information about the company. One of the things that they might do to get information about the company is things like dumpster diving.

Dumpster diving? You mean the real dumpster diving? Going through their rubbish?

Yeah. Going through the rubbish. Now a company typically nowadays they don’t throw away data as much though it actually like shred data or send it out to another company for it to be destroyed. But in the past, it was fairly common for companies just threw out paperwork into the trash. So people would jump into the trash and actually rummage through it. You know, if you’ve ever seen the movie Hackers like one of the original movies about hackers, there’s a scene where they actually are dumpster diving. They’re jumping into a dumpster to go through like paperwork.

Sounds like a lot of hard work and dirty work as well.

Typically they wouldn’t throw away like food, people who work for a company like that.

True. It’s like business rubbish that sort of corporate rubbish. OK, and apart from that, do we have like any techniques, any methods that are more high-tech rather than going through their rubbish?

Yeah. So one of the things that isn’t just necessarily going to hit companies, but it can hit anyone really is things like fishing or like spoofing, right? Fishing is when they send you an email, and they say there’s been like a strange login on your bank account please click on it.

I never trust those. I’m very... I am really really careful not to click on any of the really weird external links.

Mhm. And then they’re spoofing, whereas like they try to mimic a website and if you click on anything on that website, it’ll install something on your computer.

The fake website. So, for example Toabao, it looks like Taobao but it’s actually not Taobao.

Right.

So if you key in any information then they can basically access your password.

If you didn’t type t-a-o but you typed in t-o-a, you know, then it would be like maybe going to different websites. What companies will try to do now is they’ll try to get all the alternative spellings of their website. And so if people miss type it actually gets redirected to their website.

Like anti-fishing, basically.

One of the reasons for this was actually a website called Untied. And that comes to united airlines had united.com and someone who was making fun of the company bought the phrase Untied, which is united just flipping the t and the i.

Wow.

But it was like… it wasn’t a hacking site by any means, but it was a site that people used to take their grievances about the company. But that’s like one of the first times where that type of thing came out and like I think that’s where that kind of like Hey, we can make websites that mimic.

That really look like.

And we can use those as a way to hack.

To hack. And what about cracking codes like passcode? It always looks like something that hackers would do. And then you see them run some sort of algorithm run some program, and then immediately they got your passcode.How likely is that?

It really depends on how long your passcode is. So if you have any passcode that’s less than like six or seven characters. They can probably get your code in about 2345minutes, something like that.


By running in...

By running in a brute force code, right. Because there’s 26 letters, 10 numbers, and they just basically take the hash code, which is basically just the bits. And they try to find out what it is based on the algorithm. If they do that, then it’s easy, but the longer your passcode is, the longer it takes, they have to break it by brute force. So if you have a really long password that includes letters, numbers, and special characters, it becomes much, much more difficult to break. And so the brute force method is something that could take months depending upon how difficult your password is.

They usually need to install like a program or plug in, at least.

There’s like if you in my cyber security program, we use a special operating system, which is a Linux-based operating system. And within that it comes with a lot of those types of programs already. So that way you don’t have to do it yourself. But there’s different ways you can do it, right? You can buy like several computers and you can tell each computer bank to run like different sets.

I see.

And so if some information about the person, for example, like their family name, their birth date, their things like this, you can actually type that information into the search parameter and make it a little bit easier. So if someone’s dog’s name is Max, for example, they might put that into their password.

I see.

And so they can put those keywords in.

So the more information you get, the easier it is to crack someone’s pass code. Anything else?

Other than that, there’s different things like bot networks where people will… they’ll basically hack a computer, they’ll get into a computer and slave it. And they’ll have that computer actually running processes for them.

Yes. I know bot network is what we call like zombie network. In Chinese we use the word zombie.Okay, so that is basically like a virus.

They might use a virus to install the program on your computer. Some people do this for like Bitcoin mining and stuff like that where they make your computer run the process for the Bitcoin mining. But other hackers will use this as a way to build a network for different attacks or for brute force hacking.

I see. All right, that’s a lot of technicality. But if you base it on all these TV shows and movies and stories, it seems like some governments, especially like the US government and if they get hacked into by some really amazing hackers and they can’t beat them, they can’t beat these hackers, they will try to invite them to join the government, they will recruit them, is that an actual thing or is that just in the movies?

That’s an actual thing.There’s a lot of times where a hacker has finally been caught. And instead of being put in prison, they will tell them you can go to jail or you can work for us and basically work comes…have you seen the movie Catch Me If You Can with Leonardo Dicaprio, right?

Yeah.

He was doing something… he wasn’t hacking but he was making checks, right?

Mhm.

He was actually asked to help them in their task force. It’s basically the same type of thing just with hacking, right? When a hacker is caught, they are given an alternative, either go to jail and stay in prison for 5, 10, 20 years or work for us and do some good. They try to entice them to come in through…either they’ll try to trick them to come in this method

Or actually wanting them to. OK. In the previous episode we also mentioned that hackers sometimes they do it out of curiosity but they are also like anonymous. They are trying to let’s say promote more transparency to make sure that companies don’t hide information from the general public. So it sounds like they almost see themselves, some hackers at least see themselves, as cyber vigilantes.

Mhm.

Do you think that is a fair sort of assumption?

It’s probably one of the main reasons why a lot of people start to get into it when they’re younger is they have that feeling that they want to help the world somehow.

The righteous one. But obviously that means sometimes challenging authority, challenging the government. So would you actually say that hackers are in some way anarchists?

They are in some way they’re definitely for a governing body of some sort. You can see that when they come together, but it’s for a government that’s fair and just.

So they basically want to keep the government let’s say they want to keep the government more transparent or at least urge them to be. But obviously some hackers they also do it for the money.

Yeah, there’s always gonna be the bad people and they end up with hacking because they want to make money, they want to get revenge for something. They use it for in a various means. And you’ll see that with just about anything.

That’s true. In the end, I just want to ask, for us, average people, like I really wouldn’t call myself tech-savvy, for people like me, I still use Internet, I use all of these devices same as any other people every day, are we in any danger of actually being hacked?

Aside from getting fishing emails and things like that, there’s probably not going to be any person who is going out of their way to attack you in particular.

Is it because I’m not interesting enough and not important?

If you’re a CEO of a company, they’re definitely going to be gunning for you. You’re a CEO of a company, you have control of the company, you have access, you have money, right?

Data as well.

And so if you’ve done something bad, anonymous is going to come for you, right?

But for average Joe, you probably won’t be the target.

Yeah, for you average person that a hacker isn’t going to target a person unless...

For revenge.

Yeah, for revenge. Like you’ll see this with like people who have broken up, right? Someone might be like, that person broke up with me, why did they do that?

Be grudging. An ex with a grudge.

Go and get some scripts and use it to attack them or something like that.

Don’t mess with hackers again.

Now there have been sometimes where a hacker has like gone after someone not really because of who they were, they just gone after someone and like they couldn’t get in and they just decide that I’m going to get in and they just don’t stop until they get whatever they want. So it’s sometimes as they say, it’s just for the Lols. Okay. And that was one of those things that anonymous kind of said right at the beginning when people are getting into it, sometimes they just did it for the Lols.

So basically for us average Joe, unless you hold specific information, data, you probably don’t have anything to worry about; or if you have an ex with a grudge who happened to be a hacker.

Right.

All right, thank you Brad for coming to the studio and for those of you who have just listened to the show if you have anything to add, anything to ask, leave as a comment in the comment section. We’ll see you next time. Bye.

Have a good day.


更多英语资讯,获取节目完整文本,请关注微信公众号:璐璐的英文小酒馆。每天大量英语干货更新!

分享到