All Articles

The (not particularly) dark secret of phone hacking

Between the News of the World's rather shady dealings with voice mail hacking and the amorphous web vigilante Anonymous leaping to the defence of Wikileaks there has been an enormous amount of talk of hacking in the press. From the tone of the press you would imagine these acts are being performed by a cabal of amoral genius hackers (If you were feeling saucy you might imagine them as Lisbeth Salander, but I've chosen the rather more wholesome Matthew Broderick) . After all much of the case has centred around Glenn Mulcaire a private detective hired for the task surely he must be some kind of master of these dark arts. 
Unfortunately the truth of the matter is really quite mundane. Most mobile networks allow you to access your voicemails from  numbers other than your own phone provided you have a PIN. The mobile phone networks in their wisdom enable this feature automatically even though most people don't use it, or even know it exists. Not only that, but unless you have explicitly changed it to something more secure it will be set to a default.  (If you are on Orange it's 1111, for O2 it's 8705, etc). If this has come as news to you then it's highly likely that anyone who knows your mobile phone number and can be bothered to Google the default PIN for your network could listen to your messages right now. 
It's so laughably simple to do that it astounds me that Clive Goodman needed to employ a PI to do it for him creating a paper trail that put him in jail. The real scandal is that no one in the media seems to be criticising the phone networks for giving everyone the same default password, or the government for failing to advise MPs on basic telephone security. 

So we've established that cell phone hacking is pretty simple, but bringing down Pay Pal that must take some kind of \Matrix style genius right?
Not so much. The attacks on companies refusing to deal with Wikileaks was a type of attack known as a Distributed Denial of Service attack or DDoS for short. The name sounds awfully complicated, but it's actually a basic as you can get and isn't really hacking at all. 
You might remember a little while back some hippy types got rather annoyed with Top Shop engaging in alleged tax avoidance and so decided to go and stand outside and cause a nuisance. 

A DDoS attack is simply the electronic equivalent. 
Lots of angry people connect to the Paypal site at the same moment until the servers that power the site are overwhelmed and can no longer do their job. Nothing is hacked and nothing is broken, but rather like Top Shop during the protest so many grumpy people are standing in the way that regular punters get turned away. You may have heard talk of sophisticated software called things like “Ion Cannon“, but in reality a drinking bird pressing the refresh button on your web browser would have the same effect. It's no different to when you hear that a ticket website has crashed as a result of demand for the new Take That tour.
DDoS attacks are sometime carried out using hacked PCs by organised crime to do nefarious things like blackmail online casinos, but in this case it was simply a group of like minded individuals expressing their frustration with the online equivalent of a peaceful protest. 

The fear of the new means the Top Shop story gets reported as people expressing their democratic right to protest while the tone of the Wikileaks story ends up as evil hackers trying to bring about the end of society.
Published 28 Jan 2011

    Engineer & Musician
    Nick Long on Twitter