• Choose a category
• All
• Classic-Fiction

By Root 1220 0

and networks for the intellectual challenge and for the pleasure of gaining insight into how technology works. But their electronic breaking-and-entering stunts are just that—stunts. These folks, these benign hackers, illegally enter sites for the sheer fun and exhilaration of proving they can do it. They don’t steal anything, they don’t make any money from their exploits; they don’t destroy any files, disrupt any network connections, or crash any computer system. The mere fact of their being there, snaring copies of files and searching emails for passwords behind the backs of security and network administrators, tweaks the noses of the people responsible for keeping out intruders like them. The one-upmanship is a big part of the satisfaction.

In keeping with this profile, our Danny wanted to examine the details of his target company’s most closely guarded product just to satisfy his own burning curiosity and to admire whatever clever innovations the manufacturer might have come up with.

The product designs were, needless to say, carefully guarded trade secrets, as precious and protected as just about anything in the company’s possession. Danny knew that. And he didn’t care a bit. After all, it was just some big, nameless company.

But how to get the software source code? As it turned out, grabbing the crown jewels of the company’s Secure Communications Group proved to be all too easy, even though the company was one of those that used two-factor authentication, an arrangement under which people are required to use not one but two separate identifiers to prove their identity.

Here’s an example you’re probably already familiar with. When your renewal credit card arrives, you’re asked to phone the issuing company to let them know that the card is in possession of the intended customer, and not somebody who stole the envelope from the mail. The instructions with the card these days generally tell you to call from home. When you call, software at the credit card company analyzes the ANI, the automatic number identification, which is provided by the telephone switch on toll-free calls that the credit card company is paying for.

A computer at the credit card company uses the calling party’s number provided by the ANI, and matches that number against the company’s database of cardholders. By the time the clerk comes on the line, her or his display shows information from the database giving details about the customer. So the clerk already knows the call is coming from the home of a customer; that’s one form of authentication.

The clerk then picks an item from the information displayed about you—most often social security number, date of birth, or mother’s maiden name—and asks you for this piece of information. If you give the right answer, that’s a second form of authentication—based on information you should know.

lingo

TWO-FACTOR AUTHENTICATIONThe use of two different types of authentication to verify identity. For example, a person might have to identify himself by calling from a certain identifiable location and knowing a password.

At the company manufacturing the secure radio systems in our story, every employee with computer access had their usual account name and password, but in addition was provided with a small electronic device called Secure ID. This is what’s called a time-based token. These devices come in two types: One is about half the size of a credit card but a little thicker; another is small enough that people simply attach it to their key chains.

Derived from the world of cryptography, this particular gadget has a small window that displays a series of six digits. Every sixty seconds, the display changes to show a different six-digit number. When an authorized person needs to access the network from offsite, she must first identify herself as an authorized user by typing in her secret PIN and the digits displayed on her token device. Once verified by the internal system, she then authenticates with her account name and password.

For the young hacker Danny to get at the source code he so coveted,