Despite being declared dead by Marc Zuckerberg back in 2010, privacy is still alive and kicking in some circles and thanks to recent PRISM revelations, it’s a hot topic for some people. However, government spying was hardly the first warning we had – hackers have been telling us to tighten our security for years. They’ve done it in a variety of different ways, but they usually fall into one camp or the other: releasing our information as a warning, or telling us that they could do.
It’s scary stuff, to think that there might be people out there looking to steal your identity or read your secrets, but as with everything a bit frightening, it’s the fear of that unknown that’s likely to give you the willies.
With that in mind, KG put out the feelers to see if one of the hacking collective would step forward to explain some of the ways they might be able to use what information we make publicly available, to take over huge parts of our digital lives.
For the purpose of this interview, the person we spoke to has asked to remain anonymous, though you can find their name on a certain social network’s wall of fame for their bounty collections. Since we both turned out to be fans of the 1995 movie Hackers, we’ll call them ZeroCool, or ZC for short.
KG: Hey [name deleted], thanks for speaking with us today.
ZC: Hey there! No sweat.
KG: So, let’s get a bit counsellor-like here and take it back to the beginning. What got you into hacking in the first place?
ZC: Well, most of my exploration started around the school network, friends’ websites, other hackers’ websites etc. Starting with the basic net send and remote shutdown. Getting caught. Got suspended. As I grew up, say 15/16 I started learning much more advanced techniques such as SQL injections and XSS flaws.
KG: But how does that work as an adult? Are you some sort of security consultant, or is it still more of a hobby for you?
ZC: I do actively play around with security and I’d love to move into a job that allowed me to hack and explore full time, but at the moment my day job is a software developer. I’ve been programming since I was 13 years old. I actually accidentally fell into programming by some guys at school telling me that I was “too dumb” to do it, and fell in love with the problem solving aspect of it. Year 11, friends are at parties etc, I’m defacing the school intranet page. But yeah, I’ve basically been programming my entire life since then.
KG: Are you behind any software we might recognise? Or is it a lot of internal stuff?
ZC: It’s mostly internal, but the company I work for is pretty well known (especially where I live).
KG: So, to cut to the chase a little bit here. While celebrities might use “I got hacked,” as an excuse for leaks, a lot of the time we hear quite scare mongering stories of identity theft, credit card fraud etc. from the media with regards to hackers. Does the general public have something to fear from people like yourself?
ZC: Well me personally, I’ve never gone out of my way to attack anything. I’ve certainly “stumbled” upon some flaws in other websites which I’ve reported, but I’ve never maliciously attacked anyone. That said, based on my experience, I think everyone should always have some concern regarding hackers. After all the online world is their world.
Scaremongering aside, there are the hackers who want to steal all your credit cards, break into NASA and get “evidence of aliens” etc, but really most of us aren’t interested in reading your emails and downloading your porn. They’re after targets that have pissed them off and want to get one up on them.
Just keep your social media as private as possible.
KG: Is that an important one for people wanting to stay safe online?
ZC: Oh man, Its amazing how much juice a Facebook profile that’s open can give us and doorways it can open.
KG: Like what?
ZC: Facebook is a scary tool for hackers. They always have your full name, which is a great start for someone wanting to steal an identity. Have your date of birth visible? Awesome, that’s two of the most important bits of information you need. Even if there’s not a lot of direct information there, you can learn a lot by looking at pictures.
When the new search tool is out, it’s going to be worse too. You’ll literally be able to type, “people who work in [company]” and you now have a list of employees for potential social engineering at the firm. You don’t even need to do any “hacking.”
Mobile Facebook is even worse, as it often gives your GPS location.
What stops you from creating an account with their name, information and pictures and messaging their friends? “Hey guys, my Facebook got hacked. Please delete it and accept this new one.” 9/10 people will fall for that
KG: And then you’re in.
ZC: People are a company’s biggest weakness. They can have all the firewalls and security they want, but one person letting you into their social circle can bring it all down.
KG: I take it Facebook isn’t the only site that’s dangerous in this respect?
ZC: Linkedin is just as bad. You can start searching for their friends on there and you know where all of them work suddenly. Combine that with a Google search and it’s amazing what you can learn about people.
KG: So to calm our audience’s quaking knees at this point, what are some of the things they can do to help protect themselves online, specifically with Facebook?
ZC: Well privatising their profile would be a good start. Also, use a profile picture that doesn’t really show all of you off, but enough that if a friend sees it they’ll recognise you. Also, avoid posting things that will get you a lot of negative attention and keep personal information off Facebook and hidden.
Don’t leave your Facebook unattended either. Log out. It can get a lot worse than coming back and finding that you suddenly “like penis.”
KG: And this will keep the hackers off our case?
ZC: As I said, they’re not really after individuals unless you make them mad. Don’t be cruel to animals or kick off big race wars. Just stay off the radar.
KitGuru Says: Thanks to ZeroCool here for talking with us. They’ve promised to stay in touch, so if you guys have anything you’d like us to ask them, or any topics you think would make for a good interview, let us know on the Facebook page, or in the comment section below.KG interviews a hacker on the dangers of public profiles,