How does hacking work, why does it happen, and who does it?

In this blog post, we’ll take a look at hacking as a weakness in internet security.

 

The whole world is connected to the internet, including our country. Every day, millions of people use social media to communicate their thoughts, buy and sell goods, conduct various commercial activities such as online banking and stock trading, and enjoy cultural activities such as games, movies, and music. Communication technology developed for military use is the basis for Second Life, where people can live anonymously or under a single identity under a security specification called SSL. However, this topic inevitably raises two-sided issues: internet addiction, violence, and security. In this context, I’d like to talk about hacking as a weakness in internet security: how it happens, why it happens, and who does it.
When we think of security, the first thing that comes to mind is passwords, or passphrases. After all, we’re talking about passwords, or code. Naturally, this code has some connection to math. What’s interesting is that advances in math pose risks to security. For example, one of the current mathematical challenges is to uncover the regularity of prime numbers, which, if solved, could jeopardize the security of the entire world. Currently, the most popular approach is to use the product of two arbitrary primes. In layman’s terms, when two people want to share something, they each know one prime together, which the other person doesn’t know, and they each know another prime, which they don’t share with the other person. In other words, they multiply their private prime by the shared prime, and that’s the security treatment. You can do things like square roots and things like that to make sure that you can decrypt each other’s material. In practice, if you have a really big number, like 6784379427……., there’s no way to know which two primes it’s the product of, because it would take an enormous amount of time to crack it. But if you find a regularity in the prime numbers, the algorithm can easily crack it.
However, this is a primitive way of trying to deduce the password itself and crack it directly, so the most popular modern method is to use a virus called a “Trojan horse,” which is a form of peeking at the password rather than deducing it. Like the myth of the Odyssey, it infiltrates the target’s device and learns the passwords, credit card numbers, etc. that the user enters. There are many other ways to hack, such as the recently popular DDOS attack, which tricks the system into flooding and making it unusable.
But while it’s easy to discuss the technical aspects, it’s hard to answer the “why” question: why would anyone want to break security? The reasons can be divided into four categories. The first category is “crackers,” who are out for the sheer bragging rights – for example, hacking the Pentagon in the U.S. They’re so good, they sometimes work as security experts for companies or as white hat hackers for countries. White hackers are technologists who develop technologies to improve security and defend against hacker attacks, and are sometimes trained by countries.
The second category is the financially motivated, or online criminals, who make a lot of money from illegal activities such as taking money out of people’s accounts when they bank online, stealing credit card numbers, and buying and selling personal information. Crime is always driven by money, which is why it’s so predictable on the net.
The third category of criminals is those who are not motivated by money, such as protesting or expressing their opinions. For example, Anonymous, the group that wore the mask of “V” and launched a massive attack on Sony’s servers that paralyzed the company that sued the hackers.
The final category is nation-states and governments, which is reminiscent of “information warfare” and the fight for secrets between nations. For example, the Dutch certificate authority DigiNotar was hacked. This certificate authority sells people’s certificates under a specification called SSL. It’s believed to be a Middle Eastern country that hacked DigiNotar, and it was a state operation to identify dissidents. In a similar example, a Trojan called the “Scuinst Trojan” was discovered in Germany, which was a program for the German government to spy on its citizens.
In the end, it only creates a great deal of anxiety for citizens using the surface of the internet. It can become a dystopia where even reality is controlled, so we need a counter-horse to protect the unique identification code, the certificate, which is one identity on the Internet, and to become an Internet society where we have the same rights. On a small scale, we need more people to care about security, and on a larger scale, we need white hackers for the masses, not the state.