Admit it: you use the same password, or a slight variation of it, or the word "password," for all of your accounts. You probably know this is not a smart idea. But it's what you don't know about technology that's really dangerous. And you're not alone, because the general public - meaning anyone not well-versed in IT - is generally clueless about scary technology hacks.
The world might not come to an end because of an evil computer genius doing dastardly deeds in a basement somewhere, but savvy hackers can still wreak havoc on our lives by accessing our bank and email accounts, airplanes, Wi-Fi networks, and supposedly technologically secure homes. They can harm just about anything connected to technology, which these days is most things in our lives.
Real hackers with inside knowledge of how technology can take a terrifying turn took to Reddit to break down the things they've come across that the public doesn't really know about.
From Redditor /u/rrobukef:
GPS can be spoofed (faked). You can override the GPS signal with hardware of $1,000. This can be used to move the position of a GPS receiver to something else. Like say: an airplane is 1,000 feet higher than it actually is. Combine this with an autopilot and... bye-bye plane. (This can also be used with boats.)
Air traffic control can be spoofed too. With $1,500... of equipment you can create your own virtual airplane on the screens at an airport. Create 10 fake airplanes and you will have a "Where Is Waldo" game with planes. You can even make them crash. Even autopilot will react to avoid crashing into the ghosts.
Let's just say that I'm very happy I don't have to fly often and there are enough planes that I'm unlikely to be on one specific airplane.
From a former Redditor:
Every single network maintains something called an ARP table. ARP stands for Address Resolution Protocol. It's basically a table that matches an internal IP address (assigned by your router to each local machine) to a MAC address (a hardwired ID for every network card on a device). So it knows what machine gets what data.
The super scary thing about this is, it is 100% entirely unsecured on nearly every local network. Anyone can write ARP data, even the data for other machines. Which means I can tell every single device on the network that my MAC address, and therefore my machine, is the router. Which means all data on the network will come to my laptop, before my laptop sends it to the router. I see literally every piece of data sent or received by every computer in the network.
Not only do I see the data, but I can edit it on the fly. I can enact a DNS spoof, assign myself as the DNS server for the network, and decide which domain names go to which IP. You search www.google.com, and maybe I send the data to "biggiantblackd*cks.com." Or maybe even worse, I set up my laptop as a web server with a fake Facebook page and redirect all domain names to my IP. Instead of logging in to Facebook, you just willingly give me your account credentials.
Not only is all of this possible, it's really easy. Script kiddie sh*t, automated entirely. Public wi-fi is extremely insecure for... pretty much everything. In fact, it doesn't matter if it's a public network at all. Anyone on nearly any network can do this.
From Redditor /u/DatJazz:
You can have the strongest IT system in the world. You can spend billions on software and hardware protection, but if I can ring the new employee called "Cathy" and say, "Hey, Cathy, you're new here, right? Yeah, it's John from IT Security. There's been a breach and I need the Sys Admin password quickly so I can patch it up." "Okay," says Cathy, under stress to fix the problem And there I have it. I got the password.
It's called Social Engineering and nine times out of 10 that's how people hack accounts.
From Redditor /u/SirSpam28:
Professional Hacker (Penetration Tester) here.
I would say the scariest thing I run into on a daily basis is how shoddy in the security sense most of the code out there is. I deal mainly with web applications, and it is amazing some of the things the developers come up with. It might be super fast and functional, but horrible security wise. The number of big development firms that have no security cycle or qa cooked into their dev cycle is astonishing.
The second is just how little understanding in the general public there is about how tech actually works, what it's doing. Everyone uses it for everything, yet there are people out there in charge of commerce apps that take your financial data that don't know what a web browser is.
I actually think the general population is getting more tech illiterate. As devices have become more user friendly, the level of IT knowledge required to use them has gone down dramatically. So what we have now is the equivalent of a bunch of toddlers running around with bazookas and not knowing what makes them go boom.