Two weeks ago I was cycling in the gym, watching cable TV. Roger Federer was beating Andy Murray live from Melbourne; after losing a point he looked at his tennis racket in puzzlement, as if trying to understand what just happened, and then he resumed winning
game after game without even the basic courtesy of showing signs of sweat. Murray gave him a decent British fight, but the outcome was set after set of Swiss precision.
So at some point I started flipping through the other channels, and saw a low-budget film starting. The actor names flashing in and out were mostly unknown, but then the opening scene was about computer viruses and this caught my attention.
A few minutes into the movie I realized this is a 2000 direct-to-video film called
Takedown about hacker
Kevin Mitnik. The movie is based on a highly controversial novel, but I don’t want to get into that. I’ll just say that watching it brought a wave of romantic nostalgia.
Why romantic nostalgia? Two things. First, Kevin Mitnik was known for shrewdly combining social engineering skills with hacking know-how, and the film does a good work presenting the social engineering elements: calling company employees to get access to
non public data; contacting a code developer and tricking him to send over some design documents. Most of the social engineering used for today’s online fraud is very different: it’s almost an exact science, a methodology to maximize response rates to mass
phishing, rogue Anti Virus, and crimeware infection links. It’s clever, but in a different way.
Second, because the film takes place in the nineties. The Internet was still in diapers, cellular phones were a novelty, and hackers were still doing it mostly for bragging rights, not for profit. They were engaged in Cybercrime, but not the sort of Cybercrime
we have nowadays: Mitnik and his supporters always maintained he never misused any data he stole. Very much like good old
War Games.
Today, cybercrime is a nasty business. The vast majority of those involved do it for sheer profit. I’m not saying the weapons they use are not state-of-the-art: in comparison, the tools people like Mitnik developed fifteen years ago seem very much like the
computers on board Apollo 11.
But unlike the hacking infrastructure of the nineties, today’s crimeware is primarily built for point-and-shoot functionality like cell phone cameras, so almost everyone can use them – not just the fraudster elite. Take the latest spear phishing attack which
spoofed NSA emails; the Trojan used was Zeus 2.0, the most popular Trojan kit on earth – and not a highly complex, custom-built crimeware, which are almost an endangered species these days.
Well, like any nostalgic look-back, I’m probably exaggerating a bit. Today’s top cybercriminals are not less clever and determined; the tools they build are formidable, and in retrospect everything always looks nostalgic. I’ll bet that in fifteen years we’ll
look back, sigh, and say: gosh, those were the days.