There’s a hack for everything Part 1.

The trick is to find it. The only exceptions to this rule are death and stupidity. Now, at first blush, stupidity appears no fall under the category of the corollary rule, namely: Most problems will go away if you throw money at them. But I would postulate (follow the recursive logic here) that if you are stupid and hire a bunch of smart people to get around the fact that you are stupid, that makes you pretty smart. 
I’m a hacker, thinking outside the box is what I do. Ergo, I, a penniless author (Hey, I have five kids, three of which are teenage boys that play football. My food bill alone would cripple a third world nation) should be able to make it onto the NY Times best seller list. 
If you are a new author and and you Google book promotion, here is what they tell you to do: Make your book available. (with millions of books published every year, that puts it at the bottom of a very big pile) Get accounts and engage with readers on Facebook and Twitter. (That will work if you already have hundreds of thousands of friends and followers) Get a video up on You tube. (See: the bottom of a very big pile) Write a blog to get people interested. (A different very big pile) Then be patient and wait. The internet is full of “success” stories from people who did this. They will tell you that after two years, they had sold a thousand books and were now selling at the breakneck clip of 5 or 6 per month!
Correct me if I’m wrong, but at that rate, the best seller list is a mere 10,000 years away! Well, I did everything they told me to do with my novel Playing God, and then I waited. And I waited, and I waited. After about 60 seconds of this waiting nonsense, I’d had enough!
I bet your first reaction is: The best Seller List can’t be hacked. Am I right?
Would it surprise you to know that it already has been? I’ll explain how in part 2.

Advertisements

Defacing a Porn Site

Don’t get excited, this is not a “how to”. That I covered in my book, Playing God . If you are like me, you grew up with computers. My mother worked for the defense department and, as a very young kid, I remember playing with stacks of punch cards. Looking back, I could have been cutting up any number of cool 1960’s era DOD projects. My mother said she could tell me what they were but then she’d have to kill me. This may help explain a lot of my issues.
I learned my first programming using “basic” coded onto a cassette tape. Remember those? No? Alright then, forget it- you are obviously much younger than me so don’t rub it in. 
Then high school happened, and girls happened, and rock and roll happened and suddenly it was desperately more important to wail away on an electric guitar like Eddie Van Halen than it was to continue playing with computers. Then, the eighties happened and suddenly tall thin heavy metal musicians with long dark curly hair were way too popular for their own good. Enough said about my experiences during the eighties, call it the trauma that caused my arrested development as a hacker. 
I returned to computers in the 90’s just when things were getting interesting and, among other things, I became a script kidde. (remember when token rings seemed like a good idea?) I had an IBM xt and a Mac IIsi and in-between teaching myself HTML and catching up with programming, I broke into things. Yeah, ok – it took me longer to mature than most.
The safest thing to try newly acquired hacker skills on was porn sites. (Yes Virginia, they really are as old as the internet.) So… I did. The cops were still writing reports on electric typewriters using two fingers, so it was a safe bet they weren’t in a rush to chase blossoming cyber criminals, especially when it was a porn site that lodged the complaint. So, if you made a mistake, or did something stupid you would live to hack another day..
But that is where my interest in security began. After all, if I could break in, somebody must need me to teach them how to properly lock the door. I reformed my ways and left the dark side. However, like a reformed alcoholic, the lure is always there. The dark side always beckons.
I think that is what made writing the sequence where my main character breaks in and defaces a modern porn site so much fun. I got to be a script kidde again and grab the low hanging fruit.
And low hanging fruit was all my editor left me after she heartlessly ripped out all the really complex stuff. Keep it simple stupid, this is not a textbook is what she said. She was probably right, but it was fun writing it anyway.

The Screen Hackers Guild

The Screen Hackers Guild or SHG (pronounced shg, or for those of you mentally challenged individuals that demand a vowel amongst your consonants, shug) is an uber elite organization whose Screen Actors Guild members are 313371337. This is a designation that I’m sure you all aspire to but few if any of you will ever attain. Sadly, most of you will never rise above 1337 status. To be truly 313371337, you must pass the usual Screen Actors Guild qualifications, i.e. physical conditioning, perfectly straight ultra-white teeth, the ability to cry and sweat on cue, etc. Once you have met these rigorous qualifications, you will then need to take the SHG exam. This is an exam that many try to take, but few, if any pass. Its difficulty has been compared to that of working out the very last decimal place of PI in your head while you need to take a pee. Not for the faint of heart, right? I’m going to give you the test in a minute, but I want to caution those of you with fragile egos against even attempting this test. It will hammer home your humble 1337 status and has been known to leave test-takers in tears of frustration and rage. For the rest of you who fail, it will help you come to grips with your 1337 status and allow you the enjoyment of cheering when an SHG member comes onstage in a movie or TV show knowing that they truly are 313371337.
Okay, are you ready? Here’s the test:
You have EXACTLY 30 seconds to complete this test. First, sit in front of a computer terminal. Second, wrinkle your brow and adopt a look of intense concentration (method actors may wish to contemplate intangibles such as why their last girlfriend dumped them or how they ended up with spinach on their teeth at the last red carpet event.) With the clock at 30 seconds, begin typing in rapid fire bursts using all your fingers (playing air guitar is a good practice for this section of the test). When the clock hits EXACTLY 29 seconds, sit up, look to one side and say “I’m in!” Couldn’t do it? You are not alone. Common mistakes are: actually typing something, not frowning hard enough, and finishing before the 29 second mark. Remember, just because you are 1337 doesn’t been you are 14/\/\3.
Till next time.

Breaking into the NSA Mega-server Part 2

So, here we are, standing in front of a room with no doors and no windows. A room that we absolutely have to get into. (No getting around that.) Time to lift the skirt up on the novel writing process and show a little leg. We know that hacking into the NSA is not possible. Well, theoretically it is … but then so is cracking a 15 digit ascii password.(which, incidentally, is the next thing that has to be done.) Faced with the impossible, we are at a crossroads. We can take the high road or the low road. Although the low road is infinitely easier, we’ll end up with the literary equivalent of the old Godzilla movies. In other words, a man in a rubber suit picking up toy buses while hundreds of people scream in Japanese. Not exactly the effect we are looking for. So what’s needed here is a little bit of real Hollywood magic. After all, a man can’t fly … but Superman can. So how does Superman fly? He’s suspended by invisible wires against a green screen while a background zips by. Why do we believe it? Because through careful editing and crafty storytelling, the filmmaker creates a situation where we want to believe it. This is what’s known as the “suspension of disbelief,” and it has to start long before we get to the point where we have to do the impossible. In my novel “Playing God”, the process started at the beginning with a tutorial about using an old satellite dish and a couple of parts to make a long distance wifi antenna for leeching. Then a little later, the step by step process for getting free wifi at a prepay access point, and then a bit more low hanging fruit as I detailed the process for defacing a porn site. Some password cracking with Caine, a splash of Backtrack, then a judicious bit of lock picking and a segment about using “Scrooge” to jackpot an ATM machine and by that time, I was closing in on “too much information” which is exactly where I wanted to be as I prepared to attack the NSA. By striking a delicate balance and creating a situation where the facts were just teetering on the brink of getting in the way of a fairly fast moving story, I was able to approach my impossible feat. Low level access codes, a description of VPN’s, a leap over into a few more low level accounts and an escalation of privileges and I was ready to take on the next impossible task. Cracking a 16 digit ASCII password with a dictionary and a little program written in Ruby. A lot of fun to write, and hopefully, a lot of fun to read.

 

Breaking into the NSA Mega-server Part 1.

How many of you have ever broken into the NSA Mega-Server? Raise your hand. THWACK – That was the sound of a ruler cracking down on the knuckles of anyone who raised their hand because you’re lying your ass off. That includes anyone who’s part of an incursion team in Beijing. It hasn’t been done, and most likely, can’t be done. Just trying will earn you a spot in the Federal Penitentiary System. You could probably plead temporary insanity though, because after all, what were you thinking??
So where is this blinding glimpse of the obvious going, you might ask? Straight into a quandary.
Because I had to do it! There was the cursor blinking like a gun to my head while my main character sat in limbo glaring at me for my incompetence. Rather than sit there glaring back, I poked at every NSA reference google had to offer. Then I kidnapped a google spider and tortured it (they get into everything) but it died without giving up anything useful. I carefully disposed of the carcass and then considered my options. I could write to China with something like: Dear fellow world citizen, hows it going? Break into the NSA yet? Care to share? Thanks. I eventually rejected that option as unproductive and moved on. My options at this point looked pretty limited. This wasn’t going well.
To be continued in part 2.

Botnets, Botnets, and more Botnets.

Someone once said that comparing a botnet to a supercomputer is like comparing a bunch of snipers to a nuclear bomb. Whilst I would argue (and I do like to argue) that it depends on how many snipers you’ve got, we’ll leave that aside for the moment. Despite its inherent flaws, the analogy got me thinking: What if Microsoft, under the control of [insert your favorite paranoid theory here-i.e. The Freemasons, the Bilderburgers, The Council on Foreign Relations, etc.] released a really polished operating system with a price so low that they had near universal adoption? What if there was a back door built into the operating system that allowed a central controller to access the spare processing power of each machine? That would be 2.1 billion processors (unweighted for dual processor machines).
Anti virus programs would ignore it because it’s integrated into the system so seamlessly that it’s just another running process. Most people use their computers for mundane tasks like checking emails, updating Facebook, watching porn, etc. Their computer processors aren’t even breathing hard. What if The NSA, at the behest of [insert your favorite conspiracy as above] ran the command and control functions from their megacomputer and programmed an actual operating system for the whole mess? You’d have a secret world wide supercomputer! Node redundancy would be an issue, but a good algorithm could minimize its impact because we’re all creatures of habit. Besides all the new computers are shipping with dual and quad core processors. That’s one of the things that made writing PLAYING GOD so much fun, I got to create and control the worlds largest botnet!

But… what if the government gets wind of this and decides to impose it as a “processor tax” so they can spy on us more effectively????? Just because you’re paranoid doesn’t mean they’re not all out to get you…