Banking Technology Solutions
Home Company Information News Products & Services Success Stories White Papers Partners Career Opportunities
 

White Papers

 
 

Business Strategies

Risk Strategies

White Papers


John Jaser

Toddler Teaches Hacker Techniques

By John Jaser, Internet Services Manager


Perhaps my mind is going mushy, or I’ve spent too much time with my 15-month-old son. But watching him manipulate my DVD player and SUCCESSFULLY get it to play has given me pause.

I would love to say that my son is brilliant, that his success with the DVD player is worthy of a Guinness, perhaps even a Guinness Record. But in fact, he’s just a persistent toddler who doesn’t understanding the word “no.” Replace the word “toddler” with “hacker” and you have taken your first step toward understanding this highly destructive Internet phenomenon.

Without a doubt, toddlers are the universe’s most persistent learning machines. My son studies every person around him, records every movement, and plays back exactly what he sees over and over until he gets the desired result.

Second on the universe’s persistence list are hackers who scan the Internet for exploitable servers, listen to Internet “conversations” for account numbers followed by dollar signs, and launch their exploits over and over until they shake the desired information out of a bank customer.

As you can imagine, I've learned a lot about security by defending my home against a 15-month-old toddler! Here are some of the lessons he’s taught me:


Bank Hacker
  • Security through obscurity doesn’t work. Despite my cleverest attempts to hide what my son wants, he always finds it. Not only does he find things that I’ve tried to hide, he finds things I didn't even know that I had! The security issue: our 15-month-old hacker has practically unlimited time and patience to explore.

  • Security measures have an effective lifetime. Every “child-proofing” device has become obsolete within weeks of implementation. For example: the cabinet latches to keep toddlers away from dangerous items. The latches allow the cabinet to be opened far enough for an adult to depress a tab and release the latch. Within two weeks, my son figured out that he could open the cabinet two inches, reach his hand through the crack and remove any object small enough to fit. Unfortunately, this included everything in the cabinet!

  • Defense in depth is always better than a single “unbreakable” defense. In the face of the hacker toddler’s patience and ingenuity, there simply is no unbreakable defense. He can and will get through – it’s just a matter of time. Given that he will get in, having multiple levels of defense makes sense. Maybe Dad will awaken from his nap in time to prevent the toddler’s penny deposit in the nearest electrical socket!

  • Making exceptions makes disasters. With such a determined opponent, every exception represents a minor victory in the all-out war for your coffee table. Give in once, and soon he’ll be leaping to the end tables and riding the reading lamps. You think I’m kidding?!

  • Never underestimate your opponent. We’re not just talking about cunning. That he has in abundance! I mean the ability to turn the innocuous placement of a book into a full-blown disaster. You may think that books are for reading. But in a toddler’s hands, books can be food trays, stepping stones, or missiles. My son’s imagination creates danger where none has existed since the dawn of civilization – very much like the Internet!

  • Implement security measures before you have a problem. Consider that your opponent has you on all counts: smarts, imagination, persistence and lack of moral gravitas. If you’re trying to build your perimeter in the heat of battle, you might as well forget it! He will hack through your fledgling effort like a hot knife through butter.

  • For your security measures to remain effective, you must test them. Given the uncanny ability of the toddler to outsmart and outlast any security measures, it makes sense to test frequently – if only to predict when a particular defense will need replacing.

While my paternal experiences approach comic proportions, the analogy with today’s Internet hackers is alarmingly clear. Their cunning, creativity and persistence require consistent effort, and unfortunately, less sleep!

Having multi-layer security that changes in the face of threats make sense. So does advance planning and relentless testing. Today’s threat is not only real – it’s everything a toddler is, minus the nap!