Looking for help with hacking/cybersecurity

Status
Not open for further replies.

brianb9986

Registered
Joined
Sep 11, 2019
Messages
6
Reaction score
1
Hey everyone, just joined the forum. I'm working on my first novel and a key part of the plot will involve a character/wannabe hacker snooping around where he shouldn't be and getting into trouble with the wrong people. I only have a general idea about how hacking/firewalls/computer systems work and I was hoping to run my idea for the chapter/plot by somebody that might be able to tell me whether it is plausible or not. I have tried to look up some information on the internet, but it's kind of hard to pinpoint what I'm looking for. Does anyone have suggestions for how to research this topic or find an expert whose assistance I could enlist? Thanks!
 

Bufty

Where have the last ten years gone?
Kind Benefactor
Super Member
Registered
Joined
May 9, 2005
Messages
16,768
Reaction score
4,663
Location
Scotland
Just how technical are you going to get?

Is cyber security and hacking a main and continuing part of the story, or is it just coincidental the character is a hacker who stumbles on 'information', and the story is his keeping one step ahead of whoever the 'wrong people are while deciding what to do with this 'hot' information?
 
Last edited:

BlackKnight1974

Super Member
Registered
Joined
Apr 11, 2019
Messages
233
Reaction score
18
Location
Down Range
As Bufty said, it depends how technical you want to get...

Security will depend massively on who the system belongs to and their security policy. Randomly hacking into secured systems is a lot harder than it was just a few years ago. Most hosting providers have stepped things up considerably of late. That's not to say it's not possible, however it will take a fair amount of skill. The days of doing a lan search acorss IP addresses ala Gary McKinnon are probably gone now.

Furthermore - how critical to the actual plot is the method of hack? The weakest part of any computer system is still the human accessing it. If you can, I'd suggest the character finding a phone device that belongs to someone who works for the target system and who has stupidly recording their credentials on the device, along with multi-factored authentication device (Google Authenticator or similar). That would give you an in, without boring half of your readers to death with technical jargon they don't understand (and the other half, looking for techincal errors).
 
Last edited:

MaeZe

Kind Benefactor
Super Member
Registered
Joined
Jun 6, 2016
Messages
12,775
Reaction score
6,485
Location
Ralph's side of the island.
This is not a subject someone can describe in 25 words or less. If it's going to be a main theme in your work you need to take a week or two and immerse yourself in the online resources and maybe visit the library.

As for how to research, try different search strings. Sometimes that's where the roadblock is.
 

brianb9986

Registered
Joined
Sep 11, 2019
Messages
6
Reaction score
1
Thanks for the quick replies. My idea is that it would be more of a one-time instance that gets him on these peoples' radar, but if the whole situation didn't make sense, I might need to rethink the storyline. Basically, it goes like this:

Guy shows his friend some basic hacking stuff he can do (accessing a neighbor's webcam, for example)

He then shows him how to hack into a website

The website turns out to be for a business that acts as a front for a "white-collar" drug dealing business

The drug dealers notice the website has been accessed, find out who it was, and blackmail him into helping them

I was trying to keep it as simple as possible, but even then I want to make sure that it's a plausible (maybe unlikely, but still realistic) scenario. For example, would he be able to access any sensitive information from hacking this website? Would it be encrypted/firewalled? And would the drug dealers be able to track his IP address and in turn shut down or control his system?
 

Bufty

Where have the last ten years gone?
Kind Benefactor
Super Member
Registered
Joined
May 9, 2005
Messages
16,768
Reaction score
4,663
Location
Scotland
Why does he (presumably your ignorant MC) pick that particular website in the first place? I don't know, but I doubt a site like that would be readily available to random browsers.
 

MaeZe

Kind Benefactor
Super Member
Registered
Joined
Jun 6, 2016
Messages
12,775
Reaction score
6,485
Location
Ralph's side of the island.
Thanks for the quick replies. My idea is that it would be more of a one-time instance that gets him on these peoples' radar, but if the whole situation didn't make sense, I might need to rethink the storyline. Basically, it goes like this:

Guy shows his friend some basic hacking stuff he can do (accessing a neighbor's webcam, for example)

He then shows him how to hack into a website

The website turns out to be for a business that acts as a front for a "white-collar" drug dealing business

The drug dealers notice the website has been accessed, find out who it was, and blackmail him into helping them

I was trying to keep it as simple as possible, but even then I want to make sure that it's a plausible (maybe unlikely, but still realistic) scenario. For example, would he be able to access any sensitive information from hacking this website? Would it be encrypted/firewalled? And would the drug dealers be able to track his IP address and in turn shut down or control his system?
That's no excuse for not doing some decent research on a topic you know little about. Why are you asking us to explain computers to you instead of opening a book or a few web pages?

Sorry for the tough love but I think it's what you need.
 

BlackKnight1974

Super Member
Registered
Joined
Apr 11, 2019
Messages
233
Reaction score
18
Location
Down Range
Thanks for the quick replies. My idea is that it would be more of a one-time instance that gets him on these peoples' radar, but if the whole situation didn't make sense, I might need to rethink the storyline. Basically, it goes like this:

Guy shows his friend some basic hacking stuff he can do (accessing a neighbor's webcam, for example)

He then shows him how to hack into a website
Depends on how/where the website is hosted, but that's quite a broad skillset. Most webcams are hacked due to poor home network security and lazy use of admin passwords on devices (the old classic "admin, admin" credentials scenario). A website should be more secure than that - especially if it belongs to a criminal enterprise. Furthermore, most servers that aren't hidden behind a VPN which requires credentials, MFA etc are secured by IP address. So you would have to find out one of the IP addresses and then simulate it.

The website turns out to be for a business that acts as a front for a "white-collar" drug dealing business
There may be a really obvious answer to this that I am missing - but why would drug dealers have a website that links to their illegal activities? If they are storing drug transactions in a database and haven't secured it, then they are quite possibly some of the dumbest criminals alive. Any data storage should/would be encrypted and most of the systems I have worked on, the database is hosted on a different server to the website. Furthermore, finding a "complete data picture" in a database (which would obviously relate to criminal/drug activities) would take knowledge and skill. Most database have complex designs and require lengthy analysis to understand their contents without documentation. Unless you understand their architecture/purpose, you're not going to work it out in a few minutes (unless you have tables/views named "murders", "drug dealers", "customers" etc)

Criminals generally prefer to operate via mobile phones (burners), because they can be disposed of and replaced very simply. (Look up "County Lines" in the UK for an example). It's also far cheaper than hosting enterprise level solutions.

The drug dealers notice the website has been accessed, find out who it was, and blackmail him into helping them
How? Unless your MC is stupid enough to start copying/moving stuff about - or the criminals are checking login logs (which seems unlikely if their security is so sloppy), they probably wouldn't know. If they aren't prepared to pay to host the site securely, I can't see them investing heavily in intrusion detection.

I was trying to keep it as simple as possible, but even then I want to make sure that it's a plausible (maybe unlikely, but still realistic) scenario. For example, would he be able to access any sensitive information from hacking this website? Would it be encrypted/firewalled? And would the drug dealers be able to track his IP address and in turn shut down or control his system?

See above.

I don't want to be a killjoy and I applaud you for taking something like this on, but as others have suggested, if you're serious about this, you need to spend some time doing some research. Both from a hacking, but also a system architecture perspective. You have to understand the fundamental design/concepts before you defeat them.

If you are sure you want to use the hack website approach (and don't want to spend a few weeks learning the basics of IT), why not make him hack a neighbours computer and access if that way? A single persons lapse is more likely than an organisational one. As I said above, the weakest part of computer security is the person sat in front of a keyboard.

Good luck
 

brianb9986

Registered
Joined
Sep 11, 2019
Messages
6
Reaction score
1
Thanks @BlackKnight1974. Your post was most helpful. Seems I need to both rethink the situation and continue my research on this topic.

That's no excuse for not doing some decent research on a topic you know little about. Why are you asking us to explain computers to you instead of opening a book or a few web pages?

Sorry for the tough love but I think it's what you need.

@MaeZe - Sorry if I came off this way, but that wasn't the intent. I have done some internet searches, watched youtube videos, etc. I was just hoping to get some answers as far as methods of research I might not have thought of yet or finding a way to get in touch with an expert that I'm not aware of. Any information directly provided to me is a bonus and greatly appreciated. I just didn't want to continue down this road plot-wise if it was going to be too much of a stretch.
 

BlackKnight1974

Super Member
Registered
Joined
Apr 11, 2019
Messages
233
Reaction score
18
Location
Down Range
No worries - if you do want to learn about architecture/hacking, then rather than trying to work it out by trawling the internet or finding a suitable book, I'd suggest taking a look on Udemy for a training course. They have sales on a monthly basis, where for the price of a book you can get lifelong access to a web course (including updates) covering your chosen subject. I use it for subjects that I need to get up to speed on (and in IT, there are quite a few!).

Hope this helps.
 

brianb9986

Registered
Joined
Sep 11, 2019
Messages
6
Reaction score
1
This is great. I had heard of Udemy but never thought of it as a tool for research. Thanks a bunch!
 

Al X.

Super Member
Registered
Joined
Jul 9, 2017
Messages
1,042
Reaction score
587
Location
V-Town, check it out yo
Website
www.authoralexryan.com
The problem with going in to too much technical detail here, is that you are likely to appear not knowledgeable to a technical audience, and may lose a non-technical audience.

Or you can take the NCIS TV crime drama series approach, and throw out a few strings of gibberish technical words, and instantly hack in to any video feed, anywhere in the world. (Yeah, right.) Of course you can't fall back on a famous former rap star to keep your audience entertained, either.
 

jclarkdawe

Feeling lucky, Query?
Super Member
Registered
Joined
Jan 18, 2007
Messages
10,297
Reaction score
3,859
Location
New Hampshire
Ever hear of Silk Road -- https://en.wikipedia.org/wiki/Silk_Road_(marketplace)? You might want to look at it how this both worked and didn't work in the real world. But anyone knowing about Silk Road is going to expect a writer to have some serious knowledge of the dark web, TOR, and similar areas of expertise.

At this point in time, a web site selling drugs is just as likely to be an FBI plant as a real selling place.

Further, a web site tends to be most effective for national or international sales, not local ones. So are your bad guys shipping drugs through the mail or UPS to the buyers? Again, the FBI and DEA have this area pretty well covered.

Ignoring the hacking problems Blacknight pointed out, the likelihood of a drug selling website surviving for longer than two years is an incredible long shot. I'd give it a projected life span of about six months before the site is taken down by the Feds.

Jim Clark-Dawe
 

AW Admin

Administrator
Super Member
Registered
Joined
Apr 19, 2008
Messages
18,772
Reaction score
6,285
If you're writing about hacking and you aren't a pro, you're going to sound silly.

Moreover, the more specific you are, the more outdated you'll be. Technology changes, quite literally, at the speed of light.

The most common efforts rely on one or more of three things:

  • Social engineering; that is, exploiting human frailties and foibles. The number of people who use FrodoLives as a password, or write the root password on a post it near the server is mind boggling.
  • Poorly maintained; not updated in terms of known problems and breaches
  • Stupid, arrogant developers / engineers create back doors. They are almost inevitably exploited. Don't create a door if you aren't prepared for its use.

In general, don't be overly specific. People are the weakest link in the tech chain.
 

brianb9986

Registered
Joined
Sep 11, 2019
Messages
6
Reaction score
1
The whole idea with the website was that the character selling the drugs needed a "legitimate" business as a disguise, say an import/export business. So the website would just be very generic; none of the sales would happen through the actual site. But this was where I was running into trouble connecting the dots as to how the character legitimately gets into trouble with these drug runners as it was becoming to seem too implausible.

I'll do my due diligence to research the topic further, but I'm thinking I will probably have to take a different angle with this aspect of the story. That's kind of why I came here in the first place - to see if it was worth going down that road.
 

jclarkdawe

Feeling lucky, Query?
Super Member
Registered
Joined
Jan 18, 2007
Messages
10,297
Reaction score
3,859
Location
New Hampshire
The reason one does research is because it will frequently send you sideways into a good idea. The original idea here has some serious problems, but there's a good idea in here.

Guy hacks into a neighbor's security cam. Not that hard to do and somewhat a common problem. Now if the security cam is set up to connect to the guy's computer, a little bit more work will get you into the neighbor's computer. Now let's say the guy is the bookkeeper for organized crime. Now the books won't be kept in any sort of easy to understand system, but how about some five and six digit payments when this shady construction company gets government contracts?

Some sloppy security and this works fairly easily. As the favorite password continues to be "password," we know a lot of people have sloppy security. And now we can get into the threat stage of the story with a good underpinning.

By the way, the reason I can come up with this idea is from the fact that something similar was done in the real world.

Jim Clark-Dawe
 

WeaselFire

Benefactor Member
Kind Benefactor
Super Member
Registered
Joined
May 17, 2012
Messages
3,539
Reaction score
429
Location
Floral City, FL
Two issues here. First, your web site being run by drug lords isn't plausible. It just doesn't happen that way. And they certainly don't run their own sites, they use other online sources, like Silk Road and the rest of the dark web.

Second, your drug guys aren't going to blackmail your MC. They have no bargaining chip. Are they going to tell the FBI he hacked their site selling drugs? When they find who he is, they'll either simply kill him or fold the site and move. Or both. They already have access to stronger Kung Fu than your guy will ever have.

By the way, my neighbor's WiFi router password is the manufacturer default used by the installer and he has no password on his computer. His internet access is slower than mine so I could care less. Can't tell you how many times I had lunch at McDonald's and browsed someone else's file system. None of it terribly hard. You could learn it online with a little of that stuff writer's do... Um.... I think it's called RESEARCH!

Jeff
 
Last edited:
Status
Not open for further replies.