Ethical hacking. Could there be a bigger oxymoron? But as Abhijeet
Parandekar ushered me into his lab in the Asian School of Cyber Laws,
Pune, he showed no signs of guilt. “This is my playground. I work for
eight hours here and play after that,” he said with a grin. It was
after much coaxing that the computer expert had agreed to share his
secrets and teach me to hack “with ethics”.
For Abhijeet, to be
an ethical hacker is to be the good guy. You attack a security system
on behalf of its owners, looking for weak links that a malicious hacker
could exploit. In short, you know all the low tricks but use them for a
better cause. And, from my experience of interviewing an ethical hacker
a year ago, I also know that they are, well, quite cool. “I will first
teach you how to hack passwords, then how to hack documents and then
how to hack a computer,” he said with surprising matter-of-factness.
So,
we made an MS Word document, which he asked me to lock with a password.
“It could be anything,” he said. “Fly,” I said. To hack, you need the
right software. (Abhijeet refused to disclose the name of the software
we were using. So if you thought I ran out of the lab and into the
exciting life of a hacker, you are mistaken.)
On the desktop in
front of me, were numerous tools—with names like the Horse Riding, the
Action and the Bleak Reader. I chose the first and clicked. In a few
hundred seconds, the device dived into the sea of words that had been
keyed into the system and fished out five. The third was “fly”. “Oh,
god. It’s actually happening,” I said. “Yes, and it can happen in many
more ways,” said Abhijeet primly. “This technique compares each word in
the dictionary with the password and matches it,” he says.
More
mock hacking. I created documents, locked them with passwords and then
prised them open. But before I got ideas about a life in crime,
Abhijeet intruded to point out how each password that I had managed to
crack was first given out by me. “People give out passwords on their
own through different ways and the software helps us trace them. It’s
near impossible to break into accounts,” he says.
Lesson 2: how
to gatecrash systems. The software at my disposal were Digit Byte and
Counterfoil. “ What you have to do here is make a fake document out of
original icons like MSWord, Internet or Photoshop and email it to the
user. The moment he clicks on it, you will have access to his computer
from your machine,” he says.
I was hooked. So I made a fake Word
document, exported it to the neighbouring computer, clicked on it and
came back to my seat to watch some fun. It worked. I could see all the
documents, the desktop icons and even the view through the web camera.
And, mind you, the web camera on the other computer was turned off.
By
now, I had turned into the child who wants all the toys in the shop.
So, I asked Abhijeet to go to the next step. And there I was, shutting
the monitor of the neighbouring computer, opening its disc drive and
shaking its screen—all while sitting on my seat. Believe me, I felt
like a small cyber megalomaniac.
But Abhijeet did not really care
for my self-assuring smirk. “I’ve taught you just three or four tools.
There are some 50 like this,” he said.
It was time soon for
Abhijeet to return to his playground. I walked back with a buzzing head
and told myself, “Change your password, girl!”
Parandekar ushered me into his lab in the Asian School of Cyber Laws,
Pune, he showed no signs of guilt. “This is my playground. I work for
eight hours here and play after that,” he said with a grin. It was
after much coaxing that the computer expert had agreed to share his
secrets and teach me to hack “with ethics”.
For Abhijeet, to be
an ethical hacker is to be the good guy. You attack a security system
on behalf of its owners, looking for weak links that a malicious hacker
could exploit. In short, you know all the low tricks but use them for a
better cause. And, from my experience of interviewing an ethical hacker
a year ago, I also know that they are, well, quite cool. “I will first
teach you how to hack passwords, then how to hack documents and then
how to hack a computer,” he said with surprising matter-of-factness.
So,
we made an MS Word document, which he asked me to lock with a password.
“It could be anything,” he said. “Fly,” I said. To hack, you need the
right software. (Abhijeet refused to disclose the name of the software
we were using. So if you thought I ran out of the lab and into the
exciting life of a hacker, you are mistaken.)
On the desktop in
front of me, were numerous tools—with names like the Horse Riding, the
Action and the Bleak Reader. I chose the first and clicked. In a few
hundred seconds, the device dived into the sea of words that had been
keyed into the system and fished out five. The third was “fly”. “Oh,
god. It’s actually happening,” I said. “Yes, and it can happen in many
more ways,” said Abhijeet primly. “This technique compares each word in
the dictionary with the password and matches it,” he says.
More
mock hacking. I created documents, locked them with passwords and then
prised them open. But before I got ideas about a life in crime,
Abhijeet intruded to point out how each password that I had managed to
crack was first given out by me. “People give out passwords on their
own through different ways and the software helps us trace them. It’s
near impossible to break into accounts,” he says.
Lesson 2: how
to gatecrash systems. The software at my disposal were Digit Byte and
Counterfoil. “ What you have to do here is make a fake document out of
original icons like MSWord, Internet or Photoshop and email it to the
user. The moment he clicks on it, you will have access to his computer
from your machine,” he says.
I was hooked. So I made a fake Word
document, exported it to the neighbouring computer, clicked on it and
came back to my seat to watch some fun. It worked. I could see all the
documents, the desktop icons and even the view through the web camera.
And, mind you, the web camera on the other computer was turned off.
By
now, I had turned into the child who wants all the toys in the shop.
So, I asked Abhijeet to go to the next step. And there I was, shutting
the monitor of the neighbouring computer, opening its disc drive and
shaking its screen—all while sitting on my seat. Believe me, I felt
like a small cyber megalomaniac.
But Abhijeet did not really care
for my self-assuring smirk. “I’ve taught you just three or four tools.
There are some 50 like this,” he said.
It was time soon for
Abhijeet to return to his playground. I walked back with a buzzing head
and told myself, “Change your password, girl!”
No comments:
Post a Comment