Hacking - how easy is it?

Would it surprise you to learn that there are over 20,000 videos on YouTube alone that are devoted to hacking? And that the most popular of these video tutorials have millions of views?

You may think that as long as you have up-to-date anti-virus software that you would be safe online, but these tutorials are designed to teach users how to hack numerous online accounts including social media accounts, secure online payment systems and smartphones. There are 6,000 videos on how to hack Facebook alone.

The average duration of these videos is three minutes and the most popular of these videos tend to be under three minutes long.

Although there are a variety of hacking tutorials available two distinct techniques have been identified – ‘man in the middle’ and ‘SQL injection’. A specific search for ‘man in the middle hacking’ returns over 1,000 videos with the most popular video viewed more than 200,000 times.

‘Screencast’ videos are being used more and more as they are accessible and easy-to-follow because they demonstrate exactly what the user sees in their own screen. The viewer needs only to replicate what they see online and they have become a hacker. It is unnerving to see that this video has been viewed more than half a million times.

The other common form of hacking video – SQL injection – exploits a weakness in a website that allows the hacker to deliver a specific line of code that causes the website to inadvertently reveal information from its database.

Although these hacking tutorials provide a fast introduction to hacking, they are not for the seasoned professional. There are online communities with thousands of contributors where the science of hacking is constantly evolving. The beauty and danger of the internet means that these communities are easily found.

Looking to test the effectiveness of this content, CPP recruited a small group of volunteers in a controlled experiment to see if they could use an online tutorial. After signing a disclaimer saying they wouldn’t use the information for illegal or malicious attacks they were taken through a ‘man in the middle’ technique using Cain and Able software. The tutorial used a Screencast technique so as they were taken through the presentation they were also undertaking the hack themselves. From the beginning of the lesson to the point each volunteer was able to intercept another member’s of the group passwords took 14 minutes.

When we broadened the investigation and asked the general public their views on the issue, over seven million people in the UK claimed to have had their password-protected accounts accesses without their permission.

Asked if they were concerned about the potential for unauthorised access, most people said they were concerned and an overwhelming majority (87%) do not want this type of information online. Many thought it increased the risk of identity fraud and wanted the Government to take action to remove this type of content. Only 1% of people thought ‘hacking’ tutorials were ‘light hearted fun’ and nothing to worry about.

As the Sony data breach has recently shown, it is important for both businesses and consumers to keep anti-virus and firewall software up-to-date and change passwords regularly. To ignore this, puts us all at risk.