I know nearly nothing about computers, and definitely less than I did when I had a Windows. I'm writing a scene in which a college age comp-sci student is hacking into a corporate database. Anything I should know jumping into this?
hey g_man - theres a member here who spent time in prison for his hacking activities, you might want to find him. I think his post was entitled "Writing my first novel through my own personal experiences" or something like that - good luck!
You can have a look at the movie Takedown (2000) to get some ideas about what hacking is about. It's far from accurate, but I think it captures the essence pretty well, that it's mostly about exploring what is possible rather than deliberately trying to access and steal information.
Thanks, I'll look into that. Yeah, the character isn't *looking* for something; she happens upon something by accident and with curiosity piqued, decides to take a peek.
Having studied comp sci and worked in an it for many years I can say that real hacking is dull and most of it is done via off the shelf kits. Hacking a corporate database from outside isn't easy. But one way that security analysts are always warning about are social engineering based attacks. The idea is to get into the building or get someone to load software directly onto a computer. For example you leave a usb key or cd labeled "confidential employee salary reviews" for someone to find. When they put it into a computer it deploys software that allows you harvest data or gain remote access to the machine. Maybe your hacker likes to go to the bars where executives go to drink. A little flirting, some slight of hand and she slips the prepared usb stick into their pockets and then later on when he connects it to his laptop she gains back door access. Also a database probably isn't what you want in terms of interesting areas. They are useful for criminals and people looking to steal data but I'm guessing you want confidential files.
Thank you! I'm not going to confirm or deny that last bit as I don't want to give the game away, but if I may ask, what kind of work did you do in comp sci? I imagine that information will also be massively useful for my character.
Well IT is a massive field and there are many different parts. I've done host of jobs. -Programming back end systems -Business Analysis -Managing Off shore teams -Designing Data Mining and Data Warehousing systems. -App Development I've worked on multi-million pound projects with teams of over two dozen people that after a year of work were completely scrapped because they weren't going to do what the business wanted. I've worked on projects that had the potential to do really cool things with customer data. Ever hear of smart meters? They report your energy usage in real time to the supplier. Well with the right data model and a well designed data mining systems they can input your address and find out what your working hours are, when you run the washing machine, even if you have air conditioning. I didn't work on that system but I have worked on similar types of things in other areas.
Hmm...I think I can give the game away for this, but I would love to know if such an occupation as what I'm about to describe exists (it would really help with this character). This character emerged out of conceiving of the scene I've described above. She's a comp-sci major at a private (American-style) uni, set to graduate in a few months. She wants to work creating adaptive computer security systems, and she hacks into these corporate confidential files not to obtain any specific information, but she feels like she has to say that she can; if she wants to keep someone out, she has to be the best at getting in. The best analogy I can come up with comes from the movie Inception, in which Ken Watanabe's character asks Leo DiCaprio's how he can be protected against the best extractor: "Because I am the best extractor." Unfortunately she succeeds, and then the story begins in earnest.
Sure what you're talking about is often called a white hat hacker or a security analyst. They tend to specialize in penetration testing, which is when a company hires the firm to test their security by trying to break into their systems. They tend provided comprehensive reports on their findings. The area you'll want to read up on is InfoSec (Information Security). Although Adaptive Security systems doesn't really mean anything.
Oh yeah, that latter bit was just my noobish way of describing someone who can then use their white hat findings to program a security system that is adaptive, unless that doesn't exist. And thank you so much for all of this, this is really helping me.
That's what I've gathered. I'm fairly illiterate when it comes to computers, but luckily a friend of mine is a pro and knows a fair deal about hacking. I, too, have a hacker in one story (specializing in the illegal stuff), and it truly is a daunting project to write the character without sinking to Hollywood-level silliness. Then again, I'll learn a great deal about a world that has always interested me, but which I have never explored for the very reason that the subject is so advanced for regular dumbasses like yours truly.
Have you looked into all the books/movies/articles by and about Kevin Mitnick? I'd think they would give you quite a bit of info and insight into this world.
Thanks for the heads up! Definitely some useful stuff, added his books to my already far too long to-be-bought -list.
I wonder if anyone truly knowledgeable about hacking would be inclined to open up to someone labeling himself a G-Man.
Yeahhhh, not particularly farsighted of me. But then when I made this account I never imagined I would ever ask about something like that.
Most guys/gals I've met who are the real deal when it comes to hacking seem quite selective about to whom they reveal the secrets of their trade. The friend I mentioned earlier told me they have closed forums (invite only) only accessible via TOR where they discuss these things more freely, but that they don't really open up on any public forums. I suppose they've got a good reason for it since a lot of the information is, well, usable for less than legal actions. If only I was born with a penchant for computer literacy; to me it all sounds like so much gibberish and I constantly have to ask stupid questions just to understand even the basic concepts being discussed. Even then I usually look like
I'm sorry powers that be if reviving old threads is frowned upon here, but I once again have a question for anyone with hacking knowledge. Would it be out of the ordinary for a particular corporation's confidential files to take up to a few months of prodding at to obtain access? Or rather, how long can it take until an uninvited hacker (i.e. not a white hat) could break through a tight security system?
There's a lot to be learned in these books: http://www.amazon.com/dp/1416507787/?tag=postedlinks04-20 http://www.amazon.com/dp/1593271441/?tag=postedlinks04-20
