Even those of us who deal with technology on a daily basis fall prey to Hollywood stereotypes of techies. Perhaps the most egregious myth is the movie version of a hacker: brilliant albeit misunderstood, able to sit down at a keyboard and with a few random riffs of his (or her) fingers, the hacker can break any password, penetrate any secure facility. Hollywood would like us to believe the hacker is a special kind of superhuman, as though the hacking ability were tantamount to shooting webs out of one’s wrists.
Not only is this vision woefully incorrect, it continues to diverge from the truth. True, there are brilliant hackers out there, but the world of hacking — or shall we say, Cybercrime and Cyberwarfare — are frighteningly different from the movies. Furthermore, understanding why they’re different will help clarify just how dangerous today’s hackers truly are.
Myth #1: Hackers must be experts in many different technologies and attack approaches.
Reality: Hackers really need to be good at only one particular type of attack. Furthermore, the attacks don’t need to be that exotic. SQL injection and cross-site scripting are still among the most popular exploits to this day.
Myth #2: Hackers go after high-profile, highly secure targets.
Reality: Hackers prefer the easiest targets. Just as burglars would rather go through an unlocked window than break into a locked one, so too with hackers. The simplest way to reduce your risk of being hacked is simply make your systems a bit more difficult to break into than the ones belonging to the next company or agency down the road.
Myth #3: Hacking requires real skill.
Reality: Hacking tools are plentiful, free, and easy to find on the Web. Most hackers simply download various hacking tools and mess with them till they get one to work.
Myth #4: Hackers need deep pockets.
Reality: To break into your systems, a hacker needs to find only a single weakness. The more weaknesses you have, the easier it is. True, somebody needs deep pockets. You do.
Myth #5: As security tools and approaches improve, hacking is getting more difficult.
Reality: The more open, decentralized, agile, and dynamic our technology environments become, the easier it is for hackers to break in. It’s getting easier and easier to be a hacker.
Face it, all signs point to the bad guys winning whatever Cyberwar you care to identify. At this rate, it won’t be long until feuding groups of teenage Script Kiddies run the world, what I call in my book The Agile Architecture Revolution the “cyberpunk nightmare.” We’re already well on our way.