Hacking into the future

There are millions of mischief-makers on the Internet, aiming to steal or create mischief. Many are auditioning for high-paying jobs.
Did you ever hear about the computer security expert who claimed he infiltrated those infamous hackers who call themselves Anonymous? He boasted that he’d identified the group’s members through social media and planned to expose them all on the Internet. Anonymous replied by hacking him and the international security company of which he was CEO at the time – crashed the company website, released tens of thousands of company emails online and left the poor guy with egg all over his face. That actually happened, just over five years ago.
Top security professionals are no match for nerdy, youthful outcasts, with nothing to do but spend all day hacking other people’s computer systems, finding security loopholes even the developers couldn’t have seen.
The World Wide Web is like a jungle, full of predators as bloodthirsty as any jungle beast. If they get you in their sights, they can take you down, at will.
The plots being worked out online are as convoluted, with as many crazy twists as Game of Thrones. Many young hackers are auditioning for jobs, as corporate systems security experts. They can make themselves almost as rich as any Silicon Valley sultan.
“For the past 20 years, famous hackers have been highly sought after by big companies, even though the companies are leery of the hacker-turned-employee. But they fully acknowledge the best attackers are the best defenders,” said Charles Mok, Legislative Council member from the Information Technology Functional Constituency.
Ronald Pong, CEO of Nexusguard Consulting Limited, a local security company, agreed, adding data security experts here in Hong Kong are a rare breed. The first course teaching information security didn’t even start in Hong Kong until last year at Hong Kong Polytechnic University, said Pong. Here’s the problem as he described it.
“Most IT staff are graduates of leading universities with long histories in computer science. They turn out an unbroken stream of experts, who are great at designing cyber infrastructure. When it comes to protecting computerised data, most don’t have a clue. They have no practical experience,” Pong explained.
How does a young nerd break into the high-paying world of cybersecurity? Well, he may have to go to jail first. That may not be so bad for them, since they live in a world that’s all about reputation. They get reputation from the sites they’ve hacked, and, as the saying goes, the bigger they come, the harder they fall. Getting caught and going to jail makes some hackers “famous”, or maybe that should be infamous.

Smart minds
The young man who calls himself Messiah-T is a hacker – the self-proclaimed brain of Anonymous Asia.
Messiah-T is the typical hacker who was great at math and computer science in school. He looks the part – wiry frame, wears wire-rimmed glasses. He’s a dropout who describes himself as a social misfit.
“I hate people telling me I should be more social. Most people are just stupid. They spend all their time talking about having dinner together, or going out for karaoke or finding a girlfriend,” he told China Daily between mouthfuls of a quick dinner in a ramen store. That day he had been working for over 10 hours, non-stop.
Messiah-T grew up poor, and he wanted all the things poor kids can’t have. So he found a way. He got an after-school job at 7-Eleven and saved enough money to buy his first computer. Then he set upon “his studies” so that he could get “free stuff”. He started out small, stealing the neighbour’s Wi-Fi, earning small fees by hacking his teenaged clients’ PlayStation Portable for free games. He unlocked the original iPhone so that people didn’t have to subscribe to a particular network. He thinks telecommunications should be free anyway.
He even tried stealing the Hong Kong Advanced Level Examination question papers from the Hong Kong Examinations and Assessment Authority. It took him two weeks to snoop the government’s website. He got around the authentication and authorisation by keying in some malicious Structured Query Language, the language for managing relational database servers, and got into the database. However, the papers he was looking for weren’t there.
As he got deeper into his craft, he learned almost all the standard programming languages, C, C++, Java, C Sharp, Visual Basic, and beyond that learned tricks from his peers in the world of hacking.
Messiah-T is proud to call himself a hacker. “I don’t think there is much difference between hackers and developers. Developers fix bugs, but we find them. We’re always one step ahead.”
Pong agrees. When it comes to home computer users and small-and-medium sized enterprises, he says, they don’t have a chance. Their cyber security systems are next to nothing, as he described them. Pong cited a case of a small foreign trading company comprising only three people that was defrauded millions of dollars, when one of the crew opened a malicious email, disguised as a letter from a client/creditor requesting payment.

Risky business
Messiah-T joined Anonymous Asia in 2009. He has no idea how many there are in the group, but he did say some of his comrades are as young as 12. While he likened the IT departments in most big companies or governments to “security guards” in complexes, he said his peers in Anonymous boast skills at the level of “terrorists”. But these folks don’t consider themselves criminals. They consider what they do a public service. “Should Donald Trump be elected the next US president, global Anonymous is ready.”
The most common attack by regular hackers is called the distributed denial-of-service. Hackers get together, mustering many thousands of computers they’ve “enslaved” all over the world, without the owners’ knowledge, and then bombard the servers on the target website with traffic until the server overloads and crashes.
It’s not foolproof. Messiah-T’s hard work got him arrested by the Hong Kong police four times last year.
Cybercrime jumped 70 per cent in Hong Kong in 2014 over the previous year, according to the statistics from police. In 2015, the Hong Kong Computer Emergency Response Team Coordination Centre handled around 5,000 reports concerning hacking incidents.
While a lot of these guys are doing “job auditions” hacking computer systems, the Hong Kong government spent HK$9 million (US$1.16 million) building a cyber-security centre under the Commercial Crime Bureau, back in 2012. There’s the saying, “You’re either part of the problem or part of the cure.” Many young hackers who end up doing systems security seem to be both.
Despite dozens of Anonymous members being arrested worldwide, Messiah-T is undeterred by law enforcement. He cited the then 23-year-old Filipino, who created the I Love You virus. It was a worm disguised as a love letter that hit the Internet in 2000.
The outbreak was estimated to have caused US$5.5-8.7 billion in damages worldwide. The young hacker earned worldwide fame and got job offers from several leading international technology companies, jobs that typical computer science students would envy.
As for Messiah-T, when he takes up the job of a highly paid, cyber-security consultant, he will go back to using his real name. Others will doubtless follow, spending hours spying out loopholes in computer systems. Some may get jobs as security experts. Some will go to jail. Some may do both. Some, however, risk ending up with nothing more than a criminal record.