Ins and outs of a hacker's life is as dull as office work

Many do it for fun, some think it is right and others want cash, but all are looking to break in

PUBLISHED : Sunday, 21 April, 2013, 12:00am
UPDATED : Sunday, 21 April, 2013, 4:39am

Hackers range from children playing with computers to virtual hitmen, who destroy corporate data for a fee. Armies and governments also employ hackers to collect intelligence and secure their networks.

China's efforts to collect intelligence and intellectual property seem to be greater than other countries, say cyber experts.

Hackers advertise services including the sale of virtual assets, infiltration of corporate services or the sale of victims that have been infiltrated, known in Chinese as chicken meat. It's a competitive market. One hacker named Shi Se tried to get more attention by rebranding himself as the most beautiful female hacker in China, but others were suspicious.

Computer science professor Frederick Lochovsky at Hong Kong University of Science and Technology said one of the oldest and simplest ways still works in many cases: guessing passwords. He said: "A high percentage of people use passwords which are easy to guess, and there are software programs which can guess passwords based on dates of birth and other available data."

According to the Hong Kong Computer Emergency Response Team, people can also be tricked into revealing passwords on cleverly faked websites. These look identical to the real thing except that the domain has been subtly changed. For example an l and a 1, or o and 0, can be exchanged, which is hard to spot.

There are many other ways to break into computer networks. Databases on web servers can be compromised by so-called SQL injection, and vulnerabilities in Internet Explorer can be used to run malicious codes on the computers of visitors to hijacked or booby-trapped websites. But usually some form of human error is required, and this is where social engineering comes in.

A common tactic is the so-called phishing e-mail, which contains a link or attachment with a Trojan. This will install a backdoor which the programmer can use remotely to install software, download data and control the computer remotely. These e-mails can be convincing; hackers use publicly available sources, such as social media, to build a person's profile before sending one.

Mobile computing is the new frontier. Android systems are increasingly being targeted, so be careful next time you download an app from Playstore because Google does not check for malware. Apple checks apps before they are allowed on its store, which makes iPhones safer, at least for now.

Some hackers do it for fun or believe it right and others for money. For some hackers, life is dull, as it is just another office job, and a badly paid one. Just like office workers, they kill time browsing the web, or social networks or update blogs. One such blog is believed to be by a Shanghai-based PLA hacker whose online alias is rocybird; he describes a typical day: "In the morning, The Boss, who was in an evil mood, crept up behind my workstation and stood silently staring at my screen … Fortunately, at that moment, I was looking at the TLF Zero Day software updates, (unpublicised software vulnerabilities for which there are no publicly available security patches), so it didn't matter, otherwise I would have been put on short rations.

"I despise this kind of behaviour! Why is he paying me this attention, so early in the morning? Is it connected to those vague instructions last night: 'Let's see if we can put Trojans on USB drives; if so, then let's write one'.

"Last night I searched but didn't find much info. This is a really new area to me and I'm in shock … I don't understand the keyboard structure; I'm unclear whether common storage on chips is available; the memory uses a very narrow range … colleagues, too, are at a loss, don't know where to start … What can we do, we have to come up with something … I was busy enough already until this came up, now they've overloaded my brain and don't care how I cope! It's the system which causes these leadership problems!

"In fact today I didn't do much. In the morning I fixed my code, then in the afternoon I swam. As far as work goes, if you master it to a degree, as long as you don't get on the wrong side of The Boss, it's okay. That's the way it goes under this system."

It is unclear how successful the USB Trojan was, but Britain's MI5 has warned British businessmen on trips to China to avoid using USB drives given to them.