Ask HN: Is black-hat hacking harder now than it was 20 years ago?
As a kid I was fascinated with stories of people hacking into high security places like the pentagon. But I recently realized that, while this was surely no walk in the park even 20 years ago, it must have been easier then that it is now. Things like ssh or vpn weren't around back then, and even though I'm sure they had equivalents, they were probably proprietary and thus not as secure as today's time-tested open source solutions. What do you think?
6 comments
[ 3.1 ms ] story [ 26.0 ms ] threadPutting two and two together, I suspect that some extremely clever hacks happened (and still happen, I guess), but many many more were probably fortuitous stumbling on horrible or utterly absent security in some overlooked corner; as per dnsworks comment, except - is logging into a password-less account really 'hacking'?
I might think there is more data like this since more people put more data on computers with less knowledge about how to protect it.
First of all you can now buy pretty good hacking tools in a can (CANVAS, Core Impact) that come complete with non public exploits. If you don't have the money, metasploit is pretty good as well. This drastically reduces the need to know the details of a particular exploit, and reduces the amount of toolsmithing required to pull off a penetration. Also, the reality is that exploits are now a business - they're for sale, for better or for worse, on the open market. If there's one thing our PWN2OWN competition at cansecwest proved, it's that for a sufficient amount of money someone will find you a hole in anything. If you have money, even if you're not that knowledgeable, being a blackhat isn't that hard.
Second, there is more stuff to exploit now than there has ever been before, both on and off the net (I'm looking at you SCADA). At least some of that stuff will be low hanging fruit built by programmers who either did not understand how to build secure systems, or didn't expect that those systems would be reachable in the way they are now. As the internet expands, and stuff keeps getting more smarts added to it, I think there is probably a trend in which new insecure stuff is being built faster than the old stuff is being secured (not that I can prove that). Things that previously weren't considered to be security critical, now are (XSS is still barely considered a "real" exploit).
Third, information about exploits, how to write exploits, and how to find vulnerabilities is now massively more available, both because of the change in philosophy around full disclosure, and because we now have more than a decade (two maybe?) of open research into the field. Bugtraq can be argued to have revolutionized security research because it opened up what was previously secret to the eyes of interested amateurs and academics. Today there is a community of security researchers who openly publish information that previously was only the domain of governments and the occasional large defence contractor. I think probably the public community is better at it too.
Balanced against this is all the research and technology on the defensive side (also helped by full disclosure), the forced public shaming to fix-their-broken-shit of various vendors (full disclosure again), and generally better knowledge of security best practices (anyone want to guess what I attribute this to?). All of which is to say that the things that worked 20 years ago are harder today than they were 20 years ago (social engineering sadly seems to be just as easy, and if anything more prevalent now) but it hardly seems to matter since lots more is easy now.