My degree at University includes a second year module titled ‘Computer Security Management’, and although it is clearly aimed at Computing students it is my belief that everyone should be given this sort of information. Computer Security is a massive part of any IT professional’s life but the average user at a desk should be aware of the risks they are facing too. Knowledge is power!
As part of this module, we were asked to give a group presentation on any topic that we like (apart from topics already covered by our lecturer). My group consisted of Nathan (previously mentioned in my Java client server coursework) and Dan (@DannySlaney) and it took us weeks to find a topic that we thought would be interesting enough and have an element that we could demonstrate.
Eventually, after a few hardcore researching sessions at my house, a project came to us. We titled it “Is Hacking Now Pervasive?”. What we meant by this was, is the information and are the techniques traditionally only available to hackers readily available and easy enough to use? In short, our answer is yes.
Obviously Google is pretty helpful at finding information. The right search terms and you could be lost forever in the darker regions of the internet among the l33t haxx0rz. But surprisingly, the tools of the trade are made readily available, pre-compiled, and sometimes with a nice GUI on Open Source operating systems such as Backtrack. Backtrack is SUPPOSED to be used by the good guys for penetration testing, which is where ethical IT professionals use hacker type tools to test that their systems are secure and not vulnerable to common (and not so common) attacks.
Even more surprisingly, we found that tools are also available for your regular Android phone to perform a wide variety of ethically-questionable actions. WiFi Kill, FaceNiff, and Anti are just a few tools build as simple Apps for a rooted Android based mobile phone that use a variety of sophisticated techniques (such as ARP Spoofing) to perform attacks such as man in the middle, denial of service, and many more.
Being aware of the availability of these tools helps to be proactive in defending against them. Oh, and also, we got a first for this presentation (75%).