Two female students have been sentenced each a year in prison for breaking into one of their professors’ system, assigning grades to nearly three-hundred students, and using professor’s personal information to send empty CDs and magazine subscriptions to the professor’s home. Interesting!
It reminded of a brief conversation I had with a then-friend and now colleague over breaking into public systems.
Colleague: “Don’t you break into systems?”
Me: “No. The most I do is attempt a thorough network reconaissance, and that’s it.”
Colleague: “Why not?”
Me: “Because I’m afraid.”
Colleague: “Why? Afraid of being caught?”
Colleague: “Haha. Nothing happens. No-one gets caught. I have been breaking into public systems in the past four years and I have yet to get caught.”
Me: “Lucky you! I don’t quite feel comfortable breaking into a system, knowing full well that I don’t completely and precisely know the ways to remove one’s tracks.”
Often, the excitement and thrill gets the better of most wannabe hackers. It is not like they play ignorant to the fact that breaking into systems without consent is illegal and considered a crime. They are well aware of that. It is the frivolous attitude and irresponsibilty that acts as the Achilles heel for them.
Sure, if a system is left open and is as easy to break into as it is to steal a candy from a baby, it is a sure bet that once the system has been broken into, the administrator would either not notice the break-in, or would get alerted to it way too late, and even if so, would not have the required expertise to perform a proper forensics analysis of the incident or would not care enough to give it a second thought about it. In such cases, you get away with it with impuntiy. It is only a matter of time, though.
I agree: If you break into a system, cover your tracks, keep everything hush-hush and get out, there is a great likelihood the break-in will hardly get reported or noticed. But when you are too cocky to consider the consequences of your actions, and too eager to show-off your escapades to your peers, you are treading on thin ice. Wannabe hackers are prone to just those: cockiness and the desire to boast off their accomplishments to peers. And that is exactly why it gets all so dangerous. If you keep everything quiet, no-one will suspect a thing. Not any sooner any way. The moment you either make it blatantly obvious that a system has been shagged by explicitly posting mock comments just about everywhere in the system, or you disrupt normal functionality and operability of the system, you’re stepping on the sleeping lion’s tail. Even then, wannabe hackers get away with it. I attribute it to sheer luck and to the inability of the attacked system’s administartor to track what happened. Nevertheless, I never let a chance pass to advice friends against breaking into systems, or at most, not damaging the systems they break into. You never know when the ball will rebound and hit you in the back.
You can’t deny that almost 80% of network/system administrators are barely security conscious and vigilant. However, remember that, breaking into systems is still a crime punishable by law, and that it merely takes a single mistake, a vigilant system administrator, and a handful of attorneys to have men in suits knock at your door the next morning.
Disclaimer: Just because people consider me a hacker does not make me one. I am not a hacker, and I surely don’t break into systems
that I can’t find a way into.