I’ve spent 30 years hacking computers. I’ve done just about
every trick in the book.
Many people I’ve known over the years have spent time in jail or
in some other capacity that is specifically unclear after their hacking was
uncovered.
And many people I know have never been discovered.
A) THE ABCs OF HACKING
I want to stick to the basics so people can understand what they
are seeing in the news and think intelligently about it.
I also want to underline what the real problems are and not just
the isolated problems we saw in this past election (although they are serious
and I use them to demonstrate why the real issues could be much more serious).
First: what is hacking? How do people hack? What’s the
difference between the movies/TV and real hacking? What is legal in this
particular situation and what is illegal?
First, the WHAT: How does someone hack in today’s world (and the
rules and techniques change constantly since 30 years ago).
TECHNIQUES:
1) HOLES
IN THE NETWORK
One time a friend of mine was playing a joke on a well known
media company.
For the sake of explanation, let’s say that media company had
the initials “M” “T” “V” and just for the purposes of why it would have such
strange initials, let’s say that stands for “Music TeleVision”.
MTV had a hole in their network. Every network has thousands of
“ports”, like a massive cruise liner.
An “open port” sends messages back and forth. Like someone
waving from a cruise ship as it pulls away.
Most ports are simply closed. But some are open in order to
receive various special messages.
For instance, there is a port that listens for requests for web
pages.
Like when
you type into your URL box: “http://mtv.com” a message
is sent (usually) to port number 80 at a computer at MTV (or wherever MTV
stores their web pages).
Then a special language is spoken between your browser and the
server at MTV that is listening to port 80.
An example conversation in the special “HTTP language” might be:
(from the browser) GET /pages/index.html(from the server after
sending the html): HTTP 1.1 200 OK
(this is very rough and abbreviated).
There are other ports open to listen to other computers on the
local network: requests for files to be transferred in non-HTTP protocols (like
FTP), and most importantly, requests for email.
Some software will OPEN unassigned ports for their own nefarious
purposes.
Malicious software that keeps track of every letter typed on the
keyboard might open and use such a port. VERY common.
Back to: One time in 1995 I was having fun with a friend of
mine. He was pulling a prank on MTV.
MTV had an open port that they weren’t protecting properly. It
was the SMTP (EMAIL!) port.
I logged directly into it (rather than send an email) and
pretended to be “legal@mtv.com” and then I
sent an email to my friend from that address saying he was in “BIG TROUBLE”
unless he called immediately and confessed.
Fun things happened.
Most companies (maybe 99.99%) have now covered up basic holes
like that and it’s much more difficult.
That said, for every type of software that does any network
communication, there are always holes in the ports that are forgotten until
someone hacks them and then they are patched.
If there’s a new computer or phone, then there are new security
breaches. 100% of the time!
2)
PASSWORD LAZINESS
Again, 15 or so years ago, I was in charge of a particular
website.
Someone was causing a lot of problems on the site. He was a
massive troll and was harassing people.
I tried to reason with him, but he ignored me.
So this is basic hack #2.
Most people use the SAME password for everything, or for most
things. Hackers know this.
I looked up the password he was using for my site. I then tried
it out on his email site.
BING!
I logged into his email (yes…illegally) and learned everything
about him. Then I “messed his email up”. I won’t describe what that means but
he wasn’t a problem on the website anymore.
This is what happens to trolls: trolls graduate to worse things.
15 years later this person is now in jail for 30 years to life for first degree
murder.
This is a longish post because I’m explaining the basics of
something that others have put their 10,000 hours into in order to get really
good.
But #1 and #2 are the basics of almost all hacking right now.
There’s a #3 and #4 but they are infinitely more complicated and
don’t really work except in the movies.
#3: For instance, “packet sniffing” is when someone hacks into
the actual network pipes (or wireless) that sends information from outside of a
company into a company.
If you can gather all the packets, and then like a giant puzzle,
put them in order, you can see every password and piece of information going
into a network. Which is a big assumption.
And then you have to assume that packets aren’t encrypted at the
“firewall” level of a company, which they almost always are.
So this method is mostly useless.
#4: BOT ARMIES
This is related to other techniques and probably occurred (and
is still occurring) with the Russian hacks.
A “bot” is a small piece of software that sits on your computer
and sits on most of the other computers in your company’s network.
A Bot is malicious.
It has some code that is ready to do something bad to your
network. It got into your computer through some other technique similar to the
Russian hack which we will describe below.
Millions of bots exist on computers around the US. Maybe 70 or
80% of companies are infected with “bot armies”.
They are like sleeper cells waiting for a message to act.
Millions of hours of effort are spent identifying bots and
eliminating them from networks.
I once visited a company manned by about 100 PHDs that were
trying to figure out how to fight bot armies.
They told me something that stuck with me: “No matter how smart
we are, the people creating these bots are smarter”.
The answer then is…who knows. Bad things are happening and
there’s nothing we can do about it.
But since networks and security are constantly being updated in
various unknown ways each year, it’s often hard for the bots to stay updated.
This is probably the best defense. So a “sleeper bot” that infected a computer
a year ago might be useless today.
What is the best defense against a bot army? There is really
only one if you think you are infected.
THROW OUT your computers, throw out your routers and pipes and
everything that created your network and buy totally new computers straight out
of the warehouse and then you MIGHT be safe.
If your computer is logged onto the Internet for about ten
minutes without any security then there’s a decent chance a bot has infected
it.
There’s a #5, #6, #7 but they are more advanced versions of what
I described above.
The one exception is not so much a hack INTO the network but a
hack that destroys your network called a “denial of service attack”.
Since this is not related to the Russian election hack (yet) I’m
not going to deal with it now.
The only thing I will mention is that often the reason a bot
army is so dangerous is because they are very effective at initiating denial of
service attacks to bring down a network.
When you hear something like, “Netflix was down from a hacker
attack today” it usually means a massive bot army sent billions or even
trillions of requests for “House of Cards” at the same second to Netflix and
the Netflix servers went down.
And since the bot requests are coming from unsuspecting
computers all over the world and hitting every open port at Netflix, it is very
hard to block.
Congratulations! Those are the ABCs. Now for the more advanced
stuff so you, too, can hack election systems on the world’s most powerful
country.
B)
PHISHING AND SPEAR PHISHING
As opposed to all the movies where hackers are trying to figure
out passwords and do packet sniffing, etc. almost all hacking today begins with
a Phishing email.
A Phishing email might look like this:
“Dear James,
Someone just tried three times in a row to unsuccessfully log
into your Gmail account. At Google, we take security very seriously.
We will be shutting down your Gmail account effective
immediately unless you log into our secure site and confirm that the Gmail
log-ins were legitimate or not.
We also strongly suggest you change your password when you log
into our security site.
Please click HERE to validate your account. Thank you.
– The Google Security Team”
“HERE” is
a link to a page that looks like Google and the URL might be a bit.ly link, which
looks somewhat obscure but we are used to seeing obscure shortened links so we
might not care.
Once you click on HERE, you did two things:
– you notified the hackers that you are the type of person who
can potentially respond to a Phishing attack. So even if you don’t proceed
further, you might on the next one (coming, say, from your bank).
– you might type in your password. In which case, not only do
the hackers instantly download all of your emails and storage, etc but they
have access to your password, which means they probably know your password for
Facebook, twitter, your company accounts, etc. (see above).
Millions of these phishing attacks are sent out every day and
you can find them usually in your Spam folder. Often the ISP that provides you
Internet access will recognize these attacks and block them before you see
them.
SPEAR IT:
Which is why SPEAR PHISHING is often more effective and is the
technique used in the “Russia hacks”.
SPEAR PHISHING is when the mail is directed very specifically TO
YOU. You are “speared”.
This happened when Russian hackers attacked Norman Podesta at
the DNC and revealed his various unusual tastes that embarrassed the Democratic
campaign of Hillary Clinton.
It’s a spear because very specifically emails were sent to
officials at the DNC and although I don’t know what they said, they probably
had enough information about the recipient to make it even more likely that
they would pass through the network security servers and make it more possible
for Podesta to click the link.
In fact, the email was so specific, he apparently sent it to his
IT department and said, “Is this real?” and they wrote back right away,
“RESPOND TO THAT IMMEDIATELY!” So he did.
He logged into a fake server. Typed in his password, and the
rest is history.
Another example of a spear phishing attach worth mentioning:
MALWARE
instead of clicking on a link and typing in a password the
Phishing email might say,
“Hey John, here’s the latest info on the delegates in Indiana
you should know about”.
Then there’s an attachment. John clicks on it. It’s a simple
Microsoft Word document and John is working on a Microsoft Windows machine.
Microsoft Word, every now and then, has a security breach.
MS Word can talk to other pieces of software on the computer.
For instance, the software that controls the printer. Or the software that
controls the web browser. Or the software that controls the calendar.
And some MS Word documents are much more sophisticated and can
download applications right into the operating system.
These applications can never be detected.
For instance, a hack that I “have never done” is where you get
someone to accidentally download a “keystroke logger”.
The keystroke logger is installed inside the operating system
and can never be detected.
It opens up a new port (see above) and starts sending every key
ever typed. So you can get every password for every service the person uses and
then do whatever you want.
The port sends all the passwords to a server that is offshore
and untraceable. The hacker logs into it and sees all the information about who
ever has the malware.
The ONLY solution if you suspect you have been hacked this way:
change every password and throw away EVERY computer and phone you own.
I can say for sure: this type of attack works and is more common
than people think.
People who are good at this form of attack should never even be
allowed to touch a computer or phone because it might only take seconds to
execute in one form or other.
C) WHAT
WAS THE RUSSIAN SPEAR PHISHING ATTACK
The true answer, despite the NSA leak, is that we don’t know and
will never know.
All we know are these facts:
– Some election company was targeted by someone in sophisticated
Spear attack.– This was a “double spear” attack: once the first company was
infiltrated, they used fake accounts at the first election company to then
launch spear attacks at other election officials.
They speared and then went viral.
For instance, it’s one thing if you get a random email from
someone. It’s another if you are an election official in Ohio and you get an
email from someone who appears to be working at one of your election software
vendors (the first company attacked and infiltrated) and they say, “Hey, we’re
just testing the software to make sure Ohio is safe. Click HERE.”
The first successful Spear Phishing led to an even more
successful Spear Phishing. Hence the “DOUBLE SPEAR”.
– According to the NSA leak, the initial Spear attack seems to
have come from a Russian military team that is set up just to do Spear Phishing
attacks against the US.
Similar to teams we probably have set up at the NSA, the CIA,
the DIA, the FBI, and probably places with initials we don’t know.
What we DON’T KNOW:
– what information they received from us.– how they infected the
software of the election vendors or the election offices– if they left any bots
or malware behind (e.g. 2020 might be their target and not 2016).– who told
them to do this. This was probably their normal jobs. It’s probably not the
case that Putin made a specific call and said, “hack this software election
provider”.
It’s more likely they have a general mandate to disrupt our
elections all of the time in every possible way. Just like we have teams that
do the same. This is not excusing them. This is reality.
What we SUSPECT but DON’T KNOW
– Did Trump, or someone from Trump’s camp, talk to Putin, or
someone from Putin’s camp and said “don’t just disrupt the election but do
something specific that hurts Hillary and helps Trump.”
We simply don’t know that although the inference is often made
because the attack on Podesta seems like this attack was very focused on
Democrats.
That said, Podesta and his IT team were particularly foolish and
even Obama, afterwards, said, no election services were effected. But….he would
really have no idea. Nobody would.
– WHAT SPECIFIC VENDORS WERE ATTACKED AND WHAT DAMAGE COULD THEY
CAUSE?
According to the NSA leak, it’s still very unclear. Some possibilities.
A) VR SYSTEMS (and probably similar companies)
VR Systems makes an electronic poll book. This has nothing to do
with counting votes.
This has entirely to do with how people register to vote.
For instance, when people come into vote they are either
registered to vote or not. A database needs to be checked (it used to be all on
paper until fairly recently).
The electronic poll book allows for quick checking, and even
registering of new voters.
Two very bad things can happen if pollbook companies like VR are
effected:
A)
REGISTRATION SCREWUPS
Any damage or interference on an electronic poll book could
cause voter turmoil among a targeted class of voters (e.g. Democrats, or people
from a specific county, etc).
It doesn’t stop people from voting (there are backup ways to
find out who is registered) but can make it so inconvenient that people give
up.
If the Russians wanted the Republicans to win, for instance,
they can disrupt or slowdown the registration checking process in mostly
Democratic counties.
B) DEEPER
PHISHING
Companies like VR Systems are in email contact with election
officials in every state. It could be that pollbooks / registration systems
were not the final target but a leaping off point for a deeper Spear Phishing
attack.
An election official in Indiana can get an email from VR (as
described above) that says, “Doing a last minute check. Click HERE”. And now
the entire Indiana election system is in question FOREVER.
Not only registrations but these election officials are
presumably also in contact with the software companies that COUNT votes. These
companies can now be targeted for future elections.
My guess is this is what happened and the attacks are far from
over.
– WHO IS GUILTY?
Possible guilty parties that have been mentioned include Russia,
rogue groups within Russa, the Russian military that operated independently
from Putin.
On the American side, guilty parties mentioned include: Trump,
Jared Kushner, other people working for Trump, the Republican party, rogue
participants that wanted influence, etc.
It’s also possible that Putin wanted Trump elected, he got his
people to hack, and he never notified Trump’s team of this at all. There is no
law broken here. But if evidence is found that this is true, some punishment
(sanctions, tariffs, cyber warfare) would have to be put in place.
What do we know?
Nothing.
What is legal?
Unclear.
It’s grossly illegal to effect a US election.
But it’s also VERY UNLIKELY Trump (or anyone hired by Trump)
simply called Putin (or anyone working for Putin) and said, “use your hackers
to make sure I win the election.”
That would be incredibly stupid and so obviously illegal as to
defy belief.
Here’s the worst case scenario: someone maybe working for Russia
(maybe!) called someone maybe working for Trump (maybe!) and said, “we can do
something” and the Trump person most likely said, inappropriately, “I don’t
want to hear about it but…I DON’T want to hear about it”. In other words, a
wink.
But this is not illegal. If this happened (which is just my
worst-case scenario guess), the American side could have said, “Don’t do
anything” but that might be just as illegal also (to have any communication
whatsoever with a bad participant).
This is where guys like Comey and Flynn get involved and we
still don’t know the extent of what they knew and who they spoke to.
The law is very unclear on ALL of this and even Democrat-leaning
lawyer Alan Dershowitz has stated no crime was committed by a US citizen in
terms of this attack or any influence on the elections. And Barak Obama,
probably prematurely, said there was no direct attack on the US election
system.
But….we don’t know and never will.
WHY IS
THIS IMPORTANT?
So many US elections have been improperly influenced (Nixon 1972
is most prominent as an attempt to influence, Reagan 1980 and his pre-election
discussions with Iran were an influence, Kennedy in 1960 in Chicago was an
influence, and probably every pre-Kennedy election) that it is not a trivial
issue.
Every year there are improvements to the systems to prevent any
influence. A lack of faith in the election system would be a lack of faith in
the entire republic that the system creates.
As much as I dislike the way the system is built and think there
are opportunities to rebuild from the ground up, this is the reality and the
law.
CAN
HACKERS EFFECT THE SYSTEM?
Yes, and they probably have, and their ability to do so again is
probably stronger than ever.
ARE AMERICANS
INVOLVED?
No, probably not. When you let the thief in door, nobody is
safe, not even people who think they are colluding. Everyone knows this.
BUT…Americans certainly hack the elections of others just like
many attempt to hack our elections. This is my guess but why wouldn’t it be
true?
CONCLUSION:
A) The US
election system is hacked beyond belief.
– Passwords of top officials are known– Computers are sending
every keystroke to bad agents– Bot armies are ready to shut down election
centers at the press of a button– registration software is probably hopelessly
infected– vote counting software is probably effected but this is much more
difficult since there are many backup systems for storage and replication of
counting.
B)
Hacking is not difficult.
When a team of fairly intelligent people are spending 24 hours a
day trying to infiltrate 100s of companies, bad things are unavoidable. There
is no stopping this.
C) WHAT
CAN WE DO?
1) Awareness is the key.
– party officials can be hacked and embarrassed (Podesta,
Hillary, etc), grossly effecting elections.
– registration software can be hacked. Awareness includes backup
systems that are disconnected from each other and used to check each other’s
work.
– vote counting software can be hacked.
– electors, congressman, election officials can be blackmailed
when their emails are read.
2) Punishment of bad parties
At the hint of any other government involvement (or even country
involvement without the government being aware) we should threaten immediate
sanctions that can’t be stopped without some sort of super majority in
Congress.
This would incentivize other governments to work to prevent any
hacking of our elections.
3) Mutual Assured Destruction
While cyber warfare is different than nuclear warfare, we should
certainly scale up our own efforts to be “bad agents” towards every other
government.
Knowledge is power and, unfortunately, hacking gets the
knowledge.
4) What about fixing the problem on our side?
Answer: it CANNOT be fixed with better software. Again, however
smart the “good agents” are, the “bad agents” are simply smarter and it’s
easier to break in than to block.
HAVE I
LEFT ANYTHING OUT?
Yes.
I’ve left many many things out. These are the basics.
But the basics provide enough knowledge to understand what is
happening in the news, how to learn more about basic hacking, what actually
probably happened in the US election, and what the probable involvement of
everyone was.
I’m sure we’ll be learning more. But we’re not going to be
learning that much more .
The reality is: we were hacked more than will ever be revealed.
And the hacking will cause damage.
And like the 44 elections prior, most of which have been
manipulated, the US will survive, flourish, and move forward like it always has
done.
Reprinted
with permission from The Altucher Confidental.
Copyright ©
2017 Altucher
Confidental
Previous
article by James Altucher: The 10 Worst Things You Can Do
