- Hours after the US airstrike on Iranian territory, Iranian-backed hackers took down US President Donald Trump’s social media platform.
- Users were struggling to access Truth Social in the early morning following the alleged hack.
- As the US continues to insert itself into the ongoing Iran-Israel conflict, the US government believes more cyberattacks could happen.
DDoS is not hacking
The word “hack” is pre-internet. A “hack” journalist or a “hack job” is basically something unprofessional. It is movies that turned “hackers” into someone that gained access to the “mainframe”. In the realm of computer systems, I would argue that a “hack” is doing anything the system was not intended/designed to do. A successful DoS or DDoS needs to find some component of the system that wasn’t designed to handle the amount of traffic about to be sent to it.
There are protections for DDoS (iptables, fail2ban, Cloudflare and so on), you have to figure out a way around them, that’s a hack.
Define hacking.
I’d start with the following, and refine if necessary:
“Gaining unauthorized access to a protected computer resource by technical means.”
* Those first two actually happened in 2001 here in Switzerland when the WEF visitors list was on a database server with default password, they had to let a guy (David S.) go free
** The governor and his idiot troupe eventually stopped their grandstanding and didn’t file charges against Josh Renaud of the St. Louis Post-Dispatch reporter, luckily
When my parents kicked me out, the number of times o got to sleep inside because i could convince people i was the county password inspector was more than zero. It’s hacking.
Wrench? No. But an old colleague informs me that the version done with a machete does count as hacking. I concur.
Those are both way more useful than exploiting a lazy coder’s fuckup, renaming ‘house of many backdoors’ to ‘that package everyone uses in everything’ on github, or some fancy math shit.
Your laws are nonsense bullshit, they’re just excuses for power and I’d appreciate you not defiling language fof the rest of us to justify them.
I never said social engineering, physical breaching, exerting force on people, and other ways of compromising systems weren’t useful. They just aren’t hacking to me, otherwise the term is too broad to be very useful.
You’re free to come up with your own definition, I was asked to define it and that’s my best shot for now.
I think a better definition would be “achieve something in an unintended or uncommon way”. Fits the bill on what generally passes in the tech community as a “hack” while also covering some normal life stuff.
Getting a cheaper flight booked by using a IP address assigned to a different geographical location? Sure I’d call that a life hack. Getting a cheaper flight by booking a late night, early morning flight? No, those are deliberately cheaper
Also re: your other comment about not making a reply at all, sometimes for people like us it’s just better to not get into internet fights over semantics (no matter how much fun they can be)
Your definition is probably better. I can very much vibe with that.
Mitnick mostly social engineered. Most of the big famous attacks at least involved a component of that.
Oh man.
My comment was intended to imply that the term “hacking” defies definition because it has been grossly overused and misconstrued over many decades.
Sure you might be able to convey what it means to you but of course it means different things to everyone else, with each definition being equally appropriate.
Er go, any discussion is one of semantics.
You know my first instinct wast to reply with: “No.”
Maybe I should have stuck with that. I had a feeling this would lead nowhere.
Can be a component of it.
Mailing someone more letters than they’re capable of replying to is not equivalent to, nor a component of, gaining access to the inside of their home.
Disabling network security and edge devices to change the properties of ingress can absolutely be a component of an attack plan.
Just like overwhelming a postal sorting center could prevent a parcel containing updated documentation from reaching the receiver needing that information.
I haven’t heard of a firewall failing open when overwhelmed yet. Usually quite the opposite, a flood disables access to more than just the targeted device, when the state table overflows.
But maybe there is a different mechanism I’m not aware of. How would the DDoS change the properties of ingress?
By denying access to resources in a primary region, one might force traffic to an alternate infrastructure with a different configuration. Or maybe by overwhelming hosts that distribute BGP configurations. By denying access to resources, sometimes you can be routed to resources with different security postures or different monitoring and alerting, thus not raising alarms. But these are just contrived examples.
Compromising devices is a wide field with many different tools and ideas, some of which are a bit off the wall and nearly all unexpected, necessarily.
I mean, I know JK Rowling sucks, and it’s been a long time since the first Harry Potter movie came out, but it was definitely a component and precursor to Hagrid beating the shit out of that door.
To be fair, they had moved to an unsecure location that was a much softer target by that point. Can a DDOS force someone to move their services over to the equivalent of a century old, weather-beaten lighthouse in the middle of England?