How to hack something

Learn to hack quickly? It's not that easy

Tuesday evening, 6 p.m. On other days I start my free time at this time. Today I am learning to hack.

The course from the provider Smart Ninja takes place in the basement of a co-working space in Vienna's ninth district. When I enter, a young man is connecting a laptop to a projector. His name is Markus Angermann, he is an expert in IT systems and is holding the workshop today. The participants, six men between 35 and 65 years of age, open their laptops one by one. Everyone is immediately by you. Markus wants to know what we want to take away from tonight. Hans, the pensioner next to me, wants to protect his WiFi against unauthorized access. Etienne, the French engineer, wants to stay on the ball. I say that I want to find out what cyber security means in practice. Good hackers who protect the systems from bad hackers are currently in great demand. Surveys show that the majority of companies have already been victims of cybercrime.

I soon realize that good hackers basically do the same thing as bad ones. They use different tactics to look for security holes. Internet security students therefore change roles first, learning the tricks of the bad guys - so as not to fall for them.

Create fake websites

The first part of the curriculum is "phishing", a technique that hackers use to access large amounts of data. Via fake emails or websites. Everyone knows the e-mails, supposedly sent by the bank, in which you are asked to enter your credit card details on a website. A large-scale phishing attempt occurred last year. The recipients of a WhatsApp chain message were offered free Milka chocolate when they entered their addresses on the website. Whoever clicked on the link did not land on the real Milka page, but on "milka.com". If you don't want to fall for the trick, you should pay close attention to the spelling of the URL. Markus shows us how to create a website that is deceptively real, and we notice: It's easy. Terrifyingly easy.

The motives of the bad hackers are different. A few just hack for fun, says Markus. Most, however, want to make money with it. They resell the data or blackmail whoever has been hacked. That happened two years ago to the operators of the Seehotel J├Ągerwirt in Kitzb├╝hel. The attacker paralyzed the computer on which the chip cards for the rooms are programmed. The guests stayed locked out until the hotel operators paid the $ 1,500 ransom. Such blackmail attempts could also hit individuals, says Markus: Hackers take over social media accounts, crack the bank account and demand money from the owner.

Large corporations are particularly afraid of these blackmail attempts. Google has found a nifty way of dealing with vulnerabilities. The company has rewarded those who find a vulnerability in the Chrome web browser with thousands of dollars on several occasions.

Lisa1503: Better not to use it

The next topic in the course: password security. When looking for a new password, my motto has long been: the easier it is to remember, the better. Unfortunately, these passwords are particularly insecure. The page "howsecureismypasswort.net" shows me my favorite password could be cracked by a hacker in a minute.

Markus gives us tips on how we can create secure passwords. I already know some of them, for example that you shouldn't use your own name and password for just one account. Others are new to me, such as the fact that a password that does not consist of correct words is better. The reason is that hacking algorithms first try out the dictionaries of all languages. The good advice is to incorporate misspellings. In addition, the longer a password is, the better (but at least twelve characters). If you want, you can also form sentences, for example: "DasistM1neuesFac3b00kPa55wort". A password manager, who securely stores passwords, provides reminder assistance.

On this evening we also learn, among other things, how you can tell that a website is secure, how you can eavesdrop on communication between two computers and how encryption works.

After three hours, I didn't learn how to hack on my own, but I learned a few important lessons on how I can protect my data. (Lisa Breit, February 18, 2019)

Note: Participation in the "Hacking and Internet Security" course took place at the invitation of the course provider Smart Ninja.