Cyber Talk Radio: Fundamentals of Hacking
Bret Piatt, CTR Host - Episode 163 of Cyber Talk Radio
This past Saturday, November 9, episode 163 of Cyber Talk Radio hit the air on 1200 WOAI and iHeartRadio streaming. I wanted to sit down and discuss how hacking is incorrectly perceived in the media and to give our listeners a more accurate understanding of the fundamentals of hacking.
I start off by discussing the common misconceptions of hacking — it’s been popularized in movies, TV shows and games as a version of espionage. But what actually is hacking? I define it as taking a tech system and breaking down its components and looking for flaws in a system to do something new with it that weren’t intended by its original creators. An easy way to look at it is through gaming — people “hack” to get to new levels and gain points easier, and not all versions of hacking are harmful to others. Most criminal hackers are not, as the media would have us believe, mischievous kids messing up other people’s websites (because it’s easy to be caught this way)! There are two predominant types of criminal hackers. The first type is organized crime, where they buy premade hacking tools to break in, which isn’t really hacking, just criminal — although the general public doesn't usually draw the distinction. The other type of criminal hackers is mission-based hackers, who are usually a group dedicated to a cause or political issue and set out with the intention to harm the website or data of their opposition. There’s a third, sometimes unclear, category — nation states who attack other nation states. It’s unclear if this is illegal because there are no rules of war on the cyber front. Before the break, I discuss different hacking activities and legality — a basic rule of thumb is that if you don’t own the computer/system or have permission to be doing things there, it’s probably illegal!
After the break, I discuss people who hack legally for a living. Computer security research is a legitimate job — given it’s happening in a lab environment and with device manufacturer permission. Other ways to do it legally are in academic research (with permission) and industrial security research (trying to hack software and systems to prevent future customers from being vulnerable). Vulnerability disclosures found from these versions of hacking will be published/disclosed in many ways. Open disclosure means that the manufacturer knows about a vulnerability in their product at the same time as the public. Open disclosure is controversial because it can be dangerous if it gets into the wrong hands before the issue is resolved by the manufacturer. Another legal version of hacking is done to test systems and products, called information security research — white box testing (given full access) and black box testing (just the security). Another version of this is called operational security — penetration testing (not all who do this are hackers). I discuss the pros and cons of getting a Certified Ethical Hacker Certification — it doesn’t always mean that they’re the most capable at it. Finally, I go over the process that hackers use to gain access: scanning systems, hacking the software on your own computer, local exploits, and lastly, remote privilege escalation. Being able to gain user-level access on a remote device is the biggest, most difficult level of hacking to achieve!
Upcoming episode – Saturday nights from 11:00 p.m. to Midnight -
- Episode 164, Saturday, November 16: Google Fiber in San Antonio
Listen to a replay of this episode or past episodes on a Cyber Talk Radio podcast stream. Replays are available via the below podcast services:
Recent episodes – available to stream from our YouTube channel -
- UTSA's New National Security Collaboration Center
- San Antonio Women in Technology
- What’s New at the UTSA Center for Infrastructure Assurance and Security
- National Cybersecurity Awareness Month with Cybersecurity San Antonio
- Finding Cyber Talent with Gaming
- Building a Tech Ecosystem and Storytelling
- Mathematical Security & AI Threat Detection
- UTSA’s Galahad Project
- OATS - Engaging Seniors with Technology
- CNF Technologies' New Cyber Lab at Port San Antonio
Have an idea for a topic or want to be a guest?
Contact Cyber Talk Radio via our request a topic or be a guest form.