The reality is: we were hacked more than will ever be revealed.
And the hacking will cause damage.
By
Updated 8 years ago,September 7, 2017
Ive spent 30 years hacking computers.
Ilya Pavlov
Ive done just about every trick in the book.
And many people I know have never been discovered.
First: what is hacking?
How do people hack?
Whats the difference between the movies/TV and real hacking?
What is legal in this particular situation and what is illegal?
Ilya Pavlov
MTV had a hole in their data pipe.
Every connection has thousands of ports, like a massive cruise liner.
An open port sends messages back and forth.
Like someone waving from a cruise ship as it pulls away.
Most ports are simply closed.
But some are open for receive various special messages.
For instance, there is a port that listens for requests for web pages.
Some software will OPEN unassigned ports for their own nefarious purposes.
Malicious software that keeps track of every letter typed on the keyboard might open and use such a port.
MTV had an open port that they werent protecting properly.
It was the SMTP (EMAIL!)
If theres a new computer or phone, then there are new security breaches.
100% of the time!
Someone was causing a lot of problems on the site.
He was a massive troll and was harassing people.
I tried to reason with him, but he ignored me.
So this is basic hack #2.
Most people use the SAME password for everything, or for most things.
I looked up the password he was using for my site.
I then tried it out on his email site.
I logged into his email (yes…illegally) and learned everything about him.
Then I messed his email up.
I wont describe what that means but he wasnt a problem on the website anymore.
This is what happens to trolls: trolls graduate to worse things.
15 years later this person is now in jail for 30 years to life for first degree murder.
But #1 and #2 are the basics of almost all hacking right now.
Which is a big assumption.
So this method is mostly useless.
A Bot is malicious.
It has some code that is ready to do something bad to your web link.
It got into your machine through some other technique similar to the Russian hack which we will describe below.
Millions of bots exist on computers around the US.
Maybe 70 or 80% of companies are infected with bot armies.
They are like sleeper cells waiting for a message to act.
Millions of hours of effort are spent identifying bots and eliminating them from networks.
The answer then is…who knows.
Bad things are happening and theres nothing we can do about it.
This is probably the best defense.
So a sleeper bot that infected a computer a year ago might be useless today.
What is the best defense against a bot army?
There is really only one if you think you are infected.
Those are the ABCs.
almost all hacking today begins with a Phishing email.
At Google, we take security very seriously.
We also strongly suggest you change your password when you log into our security site.
c’mon click HERE to validate your account.
you might bang out in your password.
(see above).
Often the ISP that provides you Internet access will recognize these attacks and block them before you see them.
SPEAR PHISHING is when the mail is directed very specifically TO YOU.
and they wrote back right away, RESPOND TO THAT IMMEDIATELY!
He logged into a fake server.
Typed in his password, and the rest is history.
Then theres an attachment.
John clicks on it.
Its a simple Microsoft Word document and John is working on a Microsoft Windows machine.
Microsoft Word, every now and then, has a security breach.
MS Word can talk to other pieces of software on the computer.
For instance, the software that controls the printer.
Or the software that controls the web net web surfer.
Or the software that controls the calendar.
And some MS Word documents are much more sophisticated and can download applications right into the operating system.
These applications can never be detected.
The keystroke logger is installed inside the operating system and can never be detected.
It opens up a new port (see above) and starts sending every key ever typed.
So you might get every password for every service the person uses and then do whatever you want.
The port sends all the passwords to a server that is offshore and untraceable.
The hacker logs into it and sees all the information about who ever has the malware.
I can say for sure: this punch in of attack works and is more common than people think.
All we know are these facts:
Some election company was targeted by someone in sophisticated Spear attack.
They speared and then went viral.
For instance, its one thing if you get a random email from someone.
The first successful Spear Phishing led to an even more successful Spear Phishing.
Hence the DOUBLE SPEAR.
What we DONT KNOW:
what information they received from us.
2020 might be their target and not 2016).
who told them to do this.
This was probably their normal jobs.
Its probably not the case that Putin made a specific call and said, hack this software election provider.
Just like we have teams that do the same.
This is not excusing them.
But….he would really have no idea.
WHAT SPECIFIC VENDORS WERE ATTACKED AND WHAT DAMAGE COULD THEY CAUSE?
According to the NSA leak, its still very unclear.
A) VR SYSTEMS (and probably similar companies)
VR Systems makes an electronic poll book.
This has nothing to do with counting votes.
This has entirely to do with how people register to vote.
For instance, when people come into vote they are either registered to vote or not.
A database needs to be checked (it used to be all on paper until fairly recently).
The electronic poll book allows for quick checking, and even registering of new voters.
Democrats, or people from a specific county, etc).
B) DEEPER PHISHING
Companies like VR Systems are in email contact with election officials in every state.
And now the entire Indiana election system is in question FOREVER.
Not only registrations but these election officials are presumably also in contact with the software companies that COUNT votes.
These companies can now be targeted for future elections.
My guess is this is what happened and the attacks are far from over.
There is no law broken here.
What do we know?
Its grossly illegal to effect a US election.
That would be incredibly stupid and so obviously illegal as to defy belief.
Heres the worst case scenario: someone maybe working for Russia (maybe!)
called someone maybe working for Trump (maybe!)
In other words, a wink.
But this is not illegal.
And Barak Obama, probably prematurely, said there was no direct attack on the US election system.
But….we dont know and never will.
WHY IS THIS IMPORTANT?
Every year there are improvements to the systems to prevent any influence.
CAN HACKERS EFFECT THE SYSTEM?
Yes, and they probably have, and their ability to do so again is probably stronger than ever.
No, probably not.
BUT…Americans certainly hack the elections of others just like many attempt to hack our elections.
This is my guess but why wouldnt it be true?
CONCLUSION:
A) The US election system is hacked beyond belief.
B) Hacking is not difficult.
There is no stopping this.
C) WHAT CAN WE DO?
- Awareness is the key.
party officials can be hacked and embarrassed (Podesta, Hillary, etc), grossly effecting elections.
registration software can be hacked.
Awareness includes backup systems that are disconnected from each other and used to check each others work.
vote counting software can be hacked.
electors, congressman, election officials can be blackmailed when their emails are read.
This would incentivize other governments to work to prevent any hacking of our elections.
Knowledge is power and, unfortunately, hacking gets the knowledge.
- What about fixing the problem on our side?
Answer: it CANNOT be fixed with better software.
HAVE I LEFT ANYTHING OUT?
Ive left many many things out.
These are the basics.
Im sure well be learning more.
But were not going to be learning that much more .
