Hacker Tools

Yesterday I attended a cybersecurity talk aimed generally at university faculty and staff. It was mostly attended by staff related to I.T. and digital services (library, educational resources, etc) and there were hardly any faculty – that’s too bad, but perhaps not surprising since faculty members tend to think they’re too busy for such events even when they are well-advertised and scheduled at a convenient time.

I was familiar with most of the material since it centered around phishing attacks, their strategies, and how to avoid being a victim. For many years now I’ve served on university committees related to informational technology. And these phishing attacks are getting more numerous and sophisticated. Maybe most faculty members correctly deduced the content and thought that they already knew the needed information. Why waste time attending a seminar delivered by an I.T. professional?

Although the speaker was not the most dynamic, she cleverly kept the audience involved with Poll Everywhere questions and small prizes. But to me the eye-opener was her demonstration of the tools that hackers use. I had never seen such live-demos before and I was floored by how easy it was to use free hacking tools. I had imagined someone needing detailed sysadmin information plowing their way through jungles of back-door code. But no! Within seconds, anyone could set up a variety of nefarious schemes by just choosing from menu options. Clone a login page? Set up a fake pdf attachment? Insert a power script? Use a keylogger? I saw it being done in a matter of seconds. For me, that was an attention grabber.

I always imagined that seeing such easy-to-use ‘software’ in a movie or TV drama was fake – like when CSI would show chemical analyzer software that spits out the exact compound identity when a heterogeneous sample was loaded on to the (spectrometer) ‘machine’. Easy-to-use scamming software isn’t fake. It can be deployed quickly and effectively. I shudder to think at what the proprietary versions can do – according to the seminar speaker, there were many more options and the free version was somewhat limited.

Demos are popular in chemistry because they catch the students’ attention. That being said, many of them are more of the ‘that’s cool’ variety rather than significantly demonstrating the power and strangeness of chemistry. Part of this is the disconnect between the nanoscope world of atoms and molecules that we cannot observe directly and the macroscopic world which blurs or statistically lumps together what can be observed by our naked eyes. Computer simulations can somewhat bridge this gap, and can eye-poppingly demonstrate the intricacy of chemistry at the molecular level, but it doesn’t seem ‘real’. And it’s not. The simulation is often a simplified approximation; modeling the full system would be intractable. Chemistry hackers do amazing work, but it can be challenging to demonstrate this power to a broader audience. We need better hacker tools.