Blog article
See all stories »

Hacking - how easy is it?

Would it surprise you to learn that there are over 20,000 videos on YouTube alone that are devoted to hacking? And that the most popular of these video tutorials have millions of views?

You may think that as long as you have up-to-date anti-virus software that you would be safe online, but these tutorials are designed to teach users how to hack numerous online accounts including social media accounts, secure online payment systems and smartphones. There are 6,000 videos on how to hack Facebook alone.

The average duration of these videos is three minutes and the most popular of these videos tend to be under three minutes long.

Although there are a variety of hacking tutorials available two distinct techniques have been identified – ‘man in the middle’ and ‘SQL injection’. A specific search for ‘man in the middle hacking’ returns over 1,000 videos with the most popular video viewed more than 200,000 times.

‘Screencast’ videos are being used more and more as they are accessible and easy-to-follow because they demonstrate exactly what the user sees in their own screen. The viewer needs only to replicate what they see online and they have become a hacker. It is unnerving to see that this video has been viewed more than half a million times.

The other common form of hacking video – SQL injection – exploits a weakness in a website that allows the hacker to deliver a specific line of code that causes the website to inadvertently reveal information from its database.

Although these hacking tutorials provide a fast introduction to hacking, they are not for the seasoned professional. There are online communities with thousands of contributors where the science of hacking is constantly evolving. The beauty and danger of the internet means that these communities are easily found.

Looking to test the effectiveness of this content, CPP recruited a small group of volunteers in a controlled experiment to see if they could use an online tutorial. After signing a disclaimer saying they wouldn’t use the information for illegal or malicious attacks they were taken through a ‘man in the middle’ technique using Cain and Able software. The tutorial used a Screencast technique so as they were taken through the presentation they were also undertaking the hack themselves. From the beginning of the lesson to the point each volunteer was able to intercept another member’s of the group passwords took 14 minutes.

When we broadened the investigation and asked the general public their views on the issue, over seven million people in the UK claimed to have had their password-protected accounts accesses without their permission.

Asked if they were concerned about the potential for unauthorised access, most people said they were concerned and an overwhelming majority (87%) do not want this type of information online. Many thought it increased the risk of identity fraud and wanted the Government to take action to remove this type of content. Only 1% of people thought ‘hacking’ tutorials were ‘light hearted fun’ and nothing to worry about.

As the Sony data breach has recently shown, it is important for both businesses and consumers to keep anti-virus and firewall software up-to-date and change passwords regularly. To ignore this, puts us all at risk.


Comments: (2)

John Dring
John Dring - Intel Network Services - Swindon 27 May, 2011, 14:09Be the first to give this comment the thumbs up 0 likes

Yes that's unnerving.  Its one of the reasons I do not just have a couple of passwords for the many sites/systems that need them and as a result I have to have a password vault to store them all.  I am a big fan of OneTimePassCodes and would much prefer to use the same token for many sites.  But it relies on the 'something you hold' factor.  Imagine a token-in-the-cloud ?  So you could get a OTP for any online service without carrying the physical thing.  But how to protect the cloud token :)

A Finextra member
A Finextra member 01 June, 2011, 01:17Be the first to give this comment the thumbs up 0 likes

I suppose we could ask RSA, Lockheed or even PBS, they all seem to tragically have fresh first hand experience.

As I have long pointed out, all your secrets are gone and nothing is secure. Although I myself am unable to hack, I can by casual observation conclude that it is child's play with the snake oil salesmen forever on their back foot. In fact much innovation is child's play, often stolen or missappropriated by their elders.

I myself have enjoyed the education provided by some unique attacks I have witnessed. It is strangely satisfying being attacked by a means as yet unreported 'in the wild' and to recognise it as an attack. It makes you feel special. I guess it's a bit different if you fail to spot it.

I have little doubt that all minds lean towards a particular common idea of a solution for the finternets, yet it is fraught with difficulties to impose it, and without the exact right approach, it will merely compound the problem.

That isn't to say there isn't a solution. A solution to many issues, and when those other issues are recognised the solution to them all will be obvious.

According to WHO that solution shouldn't require too much exposure to your mobile phone or you may increase your risk of brain cancer. I suspect there are a few world leaders and bankers who have spent too much time on their phones. Perhaps a checkup might explain a few things.

Blog group founder

Retired Member

Member since

19 Mar 2009


Blog posts




This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

See all