Can Computer Experts Really Do This?

[New Ager]

I am not a computer expert and have only been on the internet for four years. But, I was wondering about something I see on TV and in the movies all the time.

Scenario......

The good guys break into the bad guys lair and find their computer.
They immediately know how to work everything and retrieve info, even sometimes finding passwords or backdoors, in a matter of seconds.

Is this really possible? Are there really computer experts so gifted that they can break into anyone's computer and know exactly how to run it in a matter of seconds?

I think it would take me longer to figure out how to turn it on.

 

[IllegalArgument]

Not possible, unless the agent knew in advance what kind of computer the bad guy has. There are a few tricks but general you need to know your target, if you want to do anything quickly.

 

[ManfredVonRichthoffen]

My favorite:

Independence day. Jeff Goldblume writes a virus for an alien computer system.

Luckily, they were using Microsoft Windows.

 

[IIRichard]

I am not a computer expert and have only been on the internet for four years. But, I was wondering about something I see on TV and in the movies all the time.

Scenario......

The good guys break into the bad guys lair and find their computer.
They immediately know how to work everything and retrieve info, even sometimes finding passwords or backdoors, in a matter of seconds.

Is this really possible? Are there really computer experts so gifted that they can break into anyone's computer and know exactly how to run it in a matter of seconds?

I think it would take me longer to figure out how to turn it on.

There are several things that are standard across Windows machines such as the file for cookies, cached internet pages and the default locations for various types of files. Microsoft Word documents contain hidden information about the author, editing and the like that are there if you know where to look.

So the computer's internet history, documents, if not encrypted, and the like could be found easily. If the computer is password protected, documents encrypted, file extensions changed, then it becomes very hard work to get at anything useful.

A lot of hacking is "social engineering" getting people to cough up passwords by lying to them.

 

[Darat]

Re: Re: Can Computer Experts Really Do This?

...snip...

A lot of hacking is "social engineering" getting people to cough up passwords by lying to them.

Hi IIRichard - I was wondering if you could help me out here? I have a million dollars that I'm having some difficulty getting transferred out of Nigeria because I don’t have a dollar bank account. So I need someone who does have one to help me out, obviously I don’t expect help for nothing - I'm not a crook or anything! I'm happy to give you a 10% helpers fee, so that’s $90,000 once the transfers have been completed. Now I need to be ready to do the transfer on a moments notice (Nigerian banks are notorious for giving short notice) so if you could let me have your account details and log in details and we'll both be feeling wiser come Monday morning!

 

[wahrheit]

My favorite:

Independence day. Jeff Goldblume writes a virus for an alien computer system.

Luckily, they were using Microsoft Windows.

Goldblum was using a Mac, if I remember correctly. Makes it even more miraculous!

One of the most ridiculous moments in movie history, anyway.

@New Ager: It's the movies, not real life. The depiction of science or technology in movies most often is, mildly put, questionable. In case of computer stuff and "hacking", it is outright absurd.

 

[ShowMe]

I am not a computer expert and have only been on the internet for four years. But, I was wondering about something I see on TV and in the movies all the time.

Scenario......

The good guys break into the bad guys lair and find their computer.
They immediately know how to work everything and retrieve info, even sometimes finding passwords or backdoors, in a matter of seconds.

Is this really possible? Are there really computer experts so gifted that they can break into anyone's computer and know exactly how to run it in a matter of seconds?

I think it would take me longer to figure out how to turn it on.

It would take longer to actually "power up" than it takes these experts in the movies.

There are hundreds of operating systems, but realistically there are only a few that are in widespread use. And there are basic hacking aspects to each system.

But showing a couple of hackers spending a few hours trying to break into a computer isn't too exciting so the movies give them super-hacker powers. It seems these powers actually increase bandwidth & computing power, so people can download a map of the entire New york subway system into their cell phone in a matter of seconds

Interestingly the most realistic depiction of hacking I saw was on a series called Buffy the Vampire slayer. They stole the entire hard drive and spent a few days trying to decrypt it.

 

[CFLarsen]

Re: Re: Can Computer Experts Really Do This?

A lot of hacking is "social engineering" getting people to cough up passwords by lying to them.

Very true. The most famous hacker, Kevin Mitnick, was OK with a computer, but his real skills lay in social engineering. He talked his way into the systems.

 

[Soapy Sam]

For anyone interested in the reality of hacking, I strongly reccommend Bruce Sterling's book "The Hacker Crackdown of 91",
available for free download electronically from the following site among others. You will read much about Mr.Mitnick and friends there.

http://www.instinct.org/texts/the_hacker_crackdown/

Steven Levy's "Hackers" is also a good read.

 

[IIRichard]

Re: Re: Re: Can Computer Experts Really Do This?

Hi IIRichard - I was wondering if you could help me out here? I have a million dollars that I'm having some difficulty getting transferred out of Nigeria because I don’t have a dollar bank account. So I need someone who does have one to help me out, obviously I don’t expect help for nothing - I'm not a crook or anything! I'm happy to give you a 10% helpers fee, so that’s $90,000 once the transfers have been completed. Now I need to be ready to do the transfer on a moments notice (Nigerian banks are notorious for giving short notice) so if you could let me have your account details and log in details and we'll both be feeling wiser come Monday morning!

Not a problem:

Bank: Bank of the Mississippi

Acct No: 0339 28629 01113

ABA Transit No: 1155 0286

Account balance: - $2.99

 

[Yahweh]

Re: Re: Can Computer Experts Really Do This?

Interestingly the most realistic depiction of hacking I saw was on a series called Buffy the Vampire slayer. They stole the entire hard drive and spent a few days trying to decrypt it.

Well, there was the other time when Willow used a ancient spell to search through the entire contents of the internet in seconds...

 

[Vagabond]

Goldblum was using a Mac, if I remember correctly. Makes it even more miraculous!

One of the most ridiculous moments in movie history, anyway.

@New Ager: It's the movies, not real life. The depiction of science or technology in movies most often is, mildly put, questionable. In case of computer stuff and "hacking", it is outright absurd.

If the aliens had three irises and 3 fingers as HG Wells predicted wouldn't they program in trianary?

 

[Vagabond]

I am not a computer expert and have only been on the internet for four years. But, I was wondering about something I see on TV and in the movies all the time.

Scenario......

The good guys break into the bad guys lair and find their computer.
They immediately know how to work everything and retrieve info, even sometimes finding passwords or backdoors, in a matter of seconds.

Is this really possible? Are there really computer experts so gifted that they can break into anyone's computer and know exactly how to run it in a matter of seconds?

I think it would take me longer to figure out how to turn it on.

I would say yes and no. Nobody can get into a computer in ten seconds. Nor could anybody break into a pentagon computer while they were getting a blowjob in 1 minute. Like they did in whatever movie that was. But, they aren't going to show them taking an hour to do it on screen either. However, computer security is like a padlock. Most people are using locker locks that can be cut off with any bolt cutter. But, there are locks like banks use that aren't so easy to break. Same with computers. A few years ago I would have said any computer could be broken into, but not so sure anymore. I think security is ahead of the hackers at least temporarily.

 

[LW]

Luckily, they were using Microsoft Windows.

Haven't you realized that Intel and Microsoft are just alien facade firms preparing the Earth for conquest?

 

[LW]

There are a couple of things that may make "instant hacking" possible in real world cases when you have physical access to the machine:

1) an user writing his (or her) password on a yellow postit-note and attaching it to the monitor or the underside of the keyboard.

2) booting the computer with your own bootable cd and then examining the hard drive (doesn't work with networked data).

3) really stupid password choices such as "" (empty) or "password".

 

[Vagabond]

There are a couple of things that may make "instant hacking" possible in real world cases when you have physical access to the machine:

1) an user writing his (or her) password on a yellow postit-note and attaching it to the monitor or the underside of the keyboard.

2) booting the computer with your own bootable cd and then examining the hard drive (doesn't work with networked data).

3) really stupid password choices such as "" (empty) or "password".

The post it is a dead giveaway I would think even if you got on the hard drive the password would be encripted so you couldn't find it even with a cursory search. Not that it is impossible but just something that would require some expertise.

I personally use a word I made up and not something that is in the dictionary. Because it is possible to use a program that just tries every word in the dictionary. Also don't use a pet or child or spouse's name. Somebody who knows you would know these and would try those first.

 

[Stitch]

The post it is a dead giveaway I would think even if you got on the hard drive the password would be encripted so you couldn't find it even with a cursory search. Not that it is impossible but just something that would require some expertise.

I personally use a word I made up and not something that is in the dictionary. Because it is possible to use a program that just tries every word in the dictionary. Also don't use a pet or child or spouse's name. Somebody who knows you would know these and would try those first.

If you can gain physical access to a machine, then there are tools that will happily brute force a Windows machine in a matter of hours. They usually try a dictionary attack first, which doesn't take long and then it moves on.

Passwords - make it as long as you can realistically remember, phrases or sentences are better than single words. Mix letters in with numbers and even extended characters if you can.

 

[sophia8]

Passwords - make it as long as you can realistically remember, phrases or sentences are better than single words. Mix letters in with numbers and even extended characters if you can.

I use a street address for mine. No, not my current one or one belonging to any of my family, but one that has significance for me and that nobody else in the world is ever going to guess at. It's long, has numbers and letters and upper case and lower case. Pretty well ideal, I reckon.

 

[LW]

The post it is a dead giveaway I would think even if you got on the hard drive the password would be encripted so you couldn't find it even with a cursory search. Not that it is impossible but just something that would require some expertise.

If you have a physical access to an unencrypted hard drive, you don't need a password anymore: you just look at the data itself. You have several options in doing that: you can boot the machine with your own boot media and bypass the security checks that way or you can open the computer, steal the hard disk and mount it to your own computer at home, etc.

Of course, this doesn't work if the data is on a network drive (so, there isn't really physical access) or if it is encrypted. Even in those cases there might be unencrypted local copies in memory caches.

Most people store their data locally and unencrypted. (Most large companies don't so this wouldn't work so well in their cases).

 

[Doc Dish]

If you can gain physical access to a machine, then there are tools that will happily brute force a Windows machine in a matter of hours. They usually try a dictionary attack first, which doesn't take long and then it moves on.

You can also intercept network traffic ('sniffing') to obtain encrypted passwords, which you can then brute force attack away from prying eyes. @Stake's LC 5 (http://www.atstake.com/products/lc/) will do this for you.

This is why securing your wireless network is so important. With wireless a hacker doesn't even need physical access to your premises, let alone one of your PCs.

Passwords - make it as long as you can realistically remember, phrases or sentences are better than single words. Mix letters in with numbers and even extended characters if you can.

My Active Directory tutor claimed that the security of passwords peaks at about 10 characters. If longer than that people tend to write them down. Of course, if you're anything like the users I support, you'll write down the username and password and stick it to the wall in sight of a window.