Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Be paranoid: 10 terrifying extreme hacks

Roger A. Grimes | June 16, 2015
Any device with a computer chip can be hacked, but not all hacks are created equal. In fact, in a world where tens of millions of computers are compromised by malware every year and nearly every company's network is owned, truly innovative or thought-provoking hacks are few and far between.

A source code review by several companies led examiners to conclude that it would have taken many teams, composed of dozens of people each, a year or longer to write such a malicious computer worm. However, since Stuxnet's discovery, several other advanced computer worms have been discovered. As futuristic as Stuxnet was, most experts believe it is now a common baseline from which all future cyber warfare programs will begin. The digital cold war has started.

Extreme hack No. 7: Road sign hacks

Hacking electronic road signs — aka portable changeable message signs — is illegal and can get you in serious trouble. But it's hard not to crack a smile at a good "Caution! Zombies! Ahead!!!" road sign hack on an otherwise unused sign that does not create a dangerous situation.

Some road sign hackers are former Department of Transportation or construction employees who programmed signs as part of their job. But the truth is, road sign manuals are readily available on the Internet, and they almost always contain built-in default passwords as simple as "password," "Guest," "Public," and "DOTS." Hackers can simply find the model of the road sign they are targeting and download the manual.

For most road signs, physical access to a locked-up panel is necessary, although often the panels are left unlocked. Once the hacker gains physical access, they use the console keyboard to log on with a default or guessed credential. Barring that, they can often reboot the sign's computer while holding down a series of keys, as defined in the manual, and this resets the sign back to the manufacturer's defaults, including default built-in passwords. Even in the case where a road sign has distinct user and admin credentials, the sign's message can be changed without admin rights, which are necessary mainly for changing power, fan, and other equipment settings.

Extreme hack No. 8: The NSA's order book

Anyone who has been paying attention to revelations from former NSA employee Edward Snowden knows the NSA has what is essentially an "order book" for ordering advanced hacks and advanced hacking devices. This book is nearly the definition of extreme hacking.

One such advanced hacking method, known as Quantum Insert, sees the NSA and other nation-states using readily purchasable packet injection tools to imperceptibly redirect target victims from one website to another website where they can be further manipulated. If the redirect page is rendered to look a lot like the victim's intended website, they probably won't know they've been redirected. Enforced encryption (HTTPS) can help thwart packet injection attacks, but most websites don't require encryption and most browser users don't enable it when it's optional. This hack has been in use since 2005.

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.