A couple hackers… hacked their brethren in the recent DefCon 16, a yearly convention for, what else? Hackers. They won cheers from their fellow hackers, and are probably the buzz driving the grapevine right now. Here’s what you need to know:
The beauty of the technique presented by Alex Pilosov and Kapela is that hackers don’t need to break into websites or plant malicious computer code to control and tamper with data travelling the Internet, the presentation showed.
That’s because instead of trying to subvert security systems, the hackers concentrated on fooling compuers into sending their data to the wrong destination. Currently, the networks responsible for managing the traffic on the internet enjoy an automatic trust. If one network claims that they have the ability to move the data the fastest, then they are made responsible for accepting the information and making sure it reaches its destination—without any question of the network’s legitimacy.
All Pilosov and Kapela was to make their network claim that they could handle the data most efficiently, and they were able to gain access to the information practically everyone at DefCon was sending online. Theoretically, by applying this exploit on a more massive scale, it will be possible for hackers to pretend that they’re someone else. By mimicking a trusted website for instance, it’s possible to get people’s personal and credit card info.
Kudos to Pilosov and Kapela for making their findings public. Staying transparent about vulnerabilities is always the ideal way to deal with them, as the information needed to counter such exploits is as widely available as possible. Let’s see how companies and manufacturers respond to this.
Tags: 16, Alex Pilosov, DefCon, exploits, World wide web, Tony Kapela
Popularity: 1% [?]
Entries (RSS)