Cyber security has always been a passionate interest of mine. Part of it I owe to my incredibly smart friends with whom I have had the opportunity to work and get to know. Take for example my good friend Dennis. I have always been in awe of his capabilities. I am told, he used to climb and fix microwave antennas when he was younger. Back in 2003, I helped my friend to build one of the very first VoIP companies (way before Vonage came to be). Building a system using such a cataclysmic technology has been one of the coolest thing I have ever done in my life.
Dennis could look at our network logs and identify lost/dropped packets like a mechanic could reach out and pick the right size wrench socket out of a pile inside a tool kit. To me, it looked like finding a needle in a haystack. Yet, he could immediately point it out and trace the reason - totally amazing!
I did not start writing this article to tell you about my good friend Dennis. I wanted to tell you about why we are in such deepdoodoo, from the security perspective that is.
During Covid, while everyone has been busy zooming, luck just had it that I ended up with some free time in my hands. With no job, nothing to do, no place to go and no person to see, I decided to spend my time learn a little bit about what people like my friend Dennis know.
But where would I even begin? I needed to learn how the Internet works and know exactly what goes on from the time I get behind my computer (or on my mobile device), make an HTTPS request to getting a web page. Among many things like seven layers of the OSI model and its associated complex protocols, specifically I needed to dig in deep into the belly of the beast and learn about the packet – what makes a packet, where it comes from, who makes it, who gets, and how it is transported, etc… There was a lot to learn. I studied tirelessly with a goal to obtain CISSP. Soon I realized that there was a lot that I did not know nor understood the intricate details under the hood. I actually needed to roll up my sleeves and get busy experimenting with things.
I watched many hours of lectures delivered by professors from MIT in Cambridge MA, to SIIT in Bangkok Thailand. The more I learned, the more curious I became. My desire forced me to learn the tricks of the trade, while mesmerizingly watching black hats on youtube doing digital tricks like magicians – disguising their IP, masquerading their ID, spoofing, smurfing, and fooling everyone. Step by step, and carefully, I could follow their instructions. I discovered how easily, and freely, I could download all the tools I need to help me capture, analyze and make sense of the data. In search of the packet, I got to learn how to use many cool tools like Wireshark, EtherApe, Cain & Able, and many more alike.
Before I knew it, within a short few months, I discovered that I could disguise myself in a parking lot using a Yagi and a Pineapple and pretend to be a hotspot for the coffee shops in my neighborhood and direct the web traffic through my gateway. With my free tools running, now I could see and make sense of the packets, just like my good friend Dennis.
The moral of the story is this; If I could learn how to intercept and see what web pages people visit, what pictures they look at, what messages they send over the air, no one is safe. I realized we are indeed in deepdoodoo!
Image via Pascale Communications
