Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/25/2015
10:30 AM
Peter Gyongyosi
Peter Gyongyosi
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Youthful Side Of Hacking

If the iconic 1955 movie Rebel Without a Cause was remade today, would James Dean be a computer hacker?

Teenage rebellion against authority is nothing new, but now it’s targeting faceless entities such as telecommunication firms in the recent TalkTalk breach.

Recent history shows that young cyber attackers are not a new phenomenon. The most high-profile cases that involved teenagers were probably the actions of the LulzSec hacker group. They claimed responsibility for several, mostly denial-of-service attacks against high-profile targets such as the US Senate, Sony Pictures, News Corporation, and the CIA. The group triggered an international investigation and was brought down during the second half of 2011. At least two members of the group, Ryan Cleary and Jake Davis, were identified as being under the age of 20 at that time.

A more current story is the hack of the AOL account of the CIA director John Brennan. The attacker then contacted The New York Post to describe his or her actions that involved acting as a Verizon worker to trick other employees into revealing personal information about Brennan and then using that information to ask for a password reset. The attacker got access to documents that Brennan forwarded to a personal account, some containing sensitive information. While claiming to be an American high school student, the FBI has just started their investigation, so the attacker’s true identity, including his or her age, hasn't been verified yet.

Our own company organized a global hacking competition at this year’s Black Hat USA conference, the eCSI Hacker Playground. It wasn’t too surprising that a high number of the best players were in their early 20s.

Can teens today channel rebellious urges into positive activities?  
Image Source IMDb
Can teens today channel rebellious urges into positive activities?
Image Source IMDb

In the post-Snowden era, we are all attuned to how legislation such as the controversial Stop Online Piracy Act (SOPA) or various "eavesdropping" laws such as the Electronic Communications Privacy Act (ECPA) heavily affect our increasingly digital lives. This applies especially to the millennial generation who conduct the majority of their social lives online. For them, these laws are not about abstract ideas such as the right to privacy or freedom of speech: it's about taking away their possibilities to communicate with their friends in private or at all.

Very often the success of these rulings depends on how data carriers and service providers relate to such governmental requests; a company that's compliant with the authorities and does not even try to protect the privacy of its users can expect vocal, and maybe active, opposition from them. 

Tools do get easier all the time, but easy-to-use software packages that can get through sloppy defenses through well-known vulnerabilities of unpatched systems have been around for a long time. The term "script kiddie," describing someone, presumed to be quite young, who can merely use such ready-to-use attack tools or "scripts" but lacking the advanced skills required to find vulnerabilities themselves, started to gain widespread adoption in the early 2000s.

There are toolkits that are designed to make the job of penetration testers easier but also present opportunity for attackers with a relatively limited set of skills, such as the Metasploit Framework or various security-oriented Linux distributions, and these have a track record running back at least 10 years or more.

In the year 2010, multiple distributed denial-of-service (DDoS) attacks were organized by the members of the 4chan message board using a simple tool called Low Orbit Ion Cannon against the Church of Scientology and organizations opposing WikiLeaks, and participating in that attack was as simple as downloading and starting an application.

On the other hand, just the fact that the alleged TalkTalk attacker is 15 does not necessarily mean that one needs trivial-to-use tools to achieve their goals. The history of computer science is full with young contributors. One example of that is the technologist, entrepreneur, and hacktivist Aaron Swartz, whose life and tragic death was documented in the critically acclaimed 2014 documentary "The Internet's Own Boy.” Swartz became the member of a tech group working on some of the most important new Internet communication standards at the age of 14 and along with the legal academic (and presidential candidate) Lawrence Lessig, is counted as one of the original architects of the Creative Commons organization.

Some 15-year-olds are using their talent to hack into corporate networks for fun, profit or to make a point, and as an industry we can make an impact to discourage the pursuit of criminal activity. By sponsoring events such as our hackathon we hope to inspire today’s young security experts to use these talents to create something great for the future. 

Péter Gyöngyösi is product manager of Blindspotter with Balabit. A graduate of Budapest University of Technology and Economics, he has been creating security products for over 10 years and is a frequent speaker at industry events. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Alainduflon
50%
50%
Alainduflon,
User Rank: Apprentice
6/17/2016 | 4:00:04 AM
Re: Interesting
One of the best inspiration is maybe to watch the new serie Mr Robot.

Now it could be cool to be an hacker, so maybe James Dean should love to be cool in this days ;)
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
11/28/2015 | 9:23:54 PM
Re: Interesting
IoT has made so many devices accessible as well as exploitable. It's amazing to see how it is influencing lives from smart phones to home automation. But security needs to be at the forefront of the SDLC...This does not seem to be the case in a lot of instances.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2015 | 10:48:39 AM
Re: Interesting
Agree, fixing is less of an issue anymore, it is just recycle oriented world.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2015 | 10:45:59 AM
Re: Interesting
I would think, hacking would be more intuitionalize simple because we know that countries have each other so there will be lots of money would be spent in the hacking sector in the future.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2015 | 10:39:12 AM
Re: Interesting
I would agree, hacking is becoming a way of living, a life style.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2015 | 10:37:58 AM
Re: Interesting
Agree. IoT is like a heaven for hackers, their play ground will be extended dramatically so more fun.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2015 | 10:35:41 AM
Hacking; fun and exciting
 

Lots of young people who are in IT want to know how to hack simply because it is fun and exciting. So no wonder there why we see too many young age people who are into it. The other reason there are vast amount of tool to try different hacking strategies and tactics, that gives additional incentives for hackers.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
11/26/2015 | 7:53:36 AM
Re: Interesting
That's an interesting idea, though I have read others with the opposite of opinions. The ease of use with which new generations of children will have with their technology, apps rather than programs, touch-screens versus controller and mouse/keyboard input, will lead to less tinkering and less inquisitive behaviour - as they will rarely have to fix anything. 

In comparison, 80s and 90s  computer users were forced to spend plenty of time fixing and fiddling to make things work. 

It won't be black and white, but there's a fair argument to suggest that we may have fewer numbers of homegrown hackers in the future.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/25/2015 | 11:15:17 PM
POI
Just a simple point of information: Lessig is out of the race as of around the start of this month.

One can always throw their support behind John McAfee...
gyp
50%
50%
gyp,
User Rank: Author
11/25/2015 | 12:26:22 PM
Re: Interesting
That can be a factor, too. Security and hacking (in the "making" or "tinkering" sense of the word) has always been sexy. It is now that more and more of our lives go digital that actually becoming an expert in it and making a living out of it is becoming accessible for more and more people. 
Page 1 / 2   >   >>
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0234
PUBLISHED: 2019-07-15
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of ...
CVE-2018-7838
PUBLISHED: 2019-07-15
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP C...
CVE-2019-6822
PUBLISHED: 2019-07-15
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
CVE-2019-6823
PUBLISHED: 2019-07-15
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
CVE-2019-6824
PUBLISHED: 2019-07-15
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.