Hackers want in. Don’t make it easy for them.
With all the controversies swirling around hacked emails and cyber-threats, I was asked to come in to USC-Annenberg, and speak to the students about what they need to know about security. Basically, I had to come in do a digital “Scared Straight” to try to get them to recognize how they will be targeted, and the steps they need to take to avoid having their emails, texts, private photos and snarky internal comments leaked out for maximum damage.
I start out with the “attack map” from Norsecorp. And if you’ve never seen it, it’s a real show-stopper. It looks like the climactic scenes from Wargames – only it’s taking place right now. Every second of every day, cyber-attacks zoom back and forth, testing the intrusion counter-measures on Google, Facebook, Microsoft, the US government, NORAD, the international banking infrastructure, etc. etc. Check it out – it’s hypnotic. And then very chilling.
Particularly when you realize that a lot of the attacks are aimed at getting into America’s command-and-control infrastructure, to either lock us out from controlling our nuclear arsenal … or maybe to launch the damn things. Who knows the motives of a bunch of nihilistic haxx0rz?
Next up, and this one really makes people paranoid – I show off Wireshark and other so-called “packet sniffers.” These are programs that allow a devious user on a wi-fi network, to monitor unencrypted traffic, and pull out passwords and other data packets winging their way back and forth to the router.
Pause for a second. Remember all the times you sat in a Starbucks and surfed the web, with nary a thought about internet security. Checked your email. La-de-dah …
Yep. That quiet guy in the hoodie over in the corner could have been monitoring every single thing you did.
And if that wasn’t enough: check out John the Ripper; a password cracker that basically guesses passwords to try to brute-force its way around your login credentials.
These are actually tools for what we call “Script Kiddies.” These are amateur hackers; kids barely into their teen years, usually, who are entranced by the images they see of Anonymous and Mr. Robot and other “internet freedom fighters,” and want to try on the glamorous lifestyle. For a while. Right up to the point where they have to do more than point and click to launch an attack.
Internet Security Presentation
For the whole thing, check out my presentation, which I have embedded here. If you want the context to make sense of all these slides … well, you’ll just have to reach out and contact me, won’t you?