The ‘Black Mirror’ of programming: what path must we take to crack the code and find the hacker? -TEISS® : Cracking Cyber Security
Information Security / The ‘Black Mirror’ of programming: what path must we take to crack the code and find the hacker?
Martin Hodgson, Head of UK and Ireland, Paessler on the end of the anonymous hacker. ** Spoiler Alert – if you’ve not finished watching Netflix’s Bandersnatch, you might wish to look away now**
Bandersnatch, Charlie Brooker’s latest Black Mirror phenomenon, is the interactive film we’ve all been talking about. Taking us back to 1984, it offers viewers an immersive, non-linear film experience whereby we control the life of a programmer building his own gaming platform.
Whether viewed as just another film, a gaming experience, or even a unique challenge to remain in play for as long as possible, if one thing’s for sure – it’s that this film contains interesting insights into the world of coding, programming and hackers. It raises questions as to whether a hacker can ever remain truly anonymous and reminds us why we need to better protect our networks.
One insight which rings true to the business world, yet often goes amiss, is the ‘hacker trail’. In the same way that the Bandersnatch protagonist spots us – the Netflix user – to be the hacker by the QR code left within the programme, organisations can also spot foreign bodies entering their systems.
What’s key here is that businesses are able to spot these codes left behind to expose a hacker, and much faster than the intruder would like. But in order to better protect their systems, businesses first need to know what to look out for – preventing attacks before they happen.
We all know that hackers exist. In fact, more than four in ten businesses (43%) experienced a cyber breach during 2018. But what hasn’t been as widely discussed (until now) is the concept of the ‘anonymous hacker’ – what does it mean, and do they really exist?
Also of interest: Interview with hacker FC at TEISS
So, does the “anonymous hacker” really exist?
Previously, hackers could spend their time entering programmes, systems and software without permission or the right to do so – and all with the peace of mind that no one knows they’re there, or who they are. Until now…
Just like righteous programmers, hackers also leave their own mark in the programmes that they code and write – often without realising they are doing so. Now, with the development of Artificial Intelligence (AI), organisations can find clues within this code that can expose hackers, much faster than they’d expect or want.
Also of interest: Inside the mind of a hacker: Black Hat conference bares all
Cracking the code of the anonymous hacker
We all understand how complex the programming landscape can be, with lots of layers coming together to form the narrative. As a result, programmers must consider every single layer of detail to ensure that no problem is left unsolved.
When a hacker enters a programme, they leave their own digital signatures within the programme. Usually, the mark left within the programme is so slight that it is barely visible to the naked eye – but it’s still identifiable. In fact, according to research, it only takes the smallest of code extracts to distinguish programmers from one another.
According to assistant professor at the George Washington University, Aylin Caliskan, should we want to, it’s possible to de-anonymise coders via a process known as “Code Stylometry”. This process requires the extensive binary code of a programmer to be considered and thus identified.
The anonymisation of personal data is possible – for everyone and anyone. However, now, with Code Stylometry, hackers can be traced much more easily, helping companies to better protect themselves against such attacks. Malware developers could be identified and prosecuted.
Such methods would also endanger anonymity on programming platforms, whereby even if the hacker switched accounts in the future, AI technology would still be able to track them down. Like with other explosive topics, such as CCTV or machine learning, we stand here between the two poles of security and privacy – and we have to decide which is more important to us.
Also of interest: What will the bad guys be getting up to in 2019?
Prevention is better than cure
Ultimately, prevention is better than cure. Rather than face the battle between security and privacy, businesses should instead arm themselves before an attack strikes. By identifying potential hackers before they penetrate the security system, IT administrators position themselves ahead of the game, and save the need for the inevitable firefighting which takes place when it’s far too late.
This is where network monitoring comes in.
To stand the best chance of preventing an attack, businesses must have visibility over all operations. Not only will this insight flag any potential threats, but it will also alert to the network becoming overwhelmed or damaged.
For devices that don’t align to network standards, it’s important to ensure stable software solutions can integrate non-IT components through the appropriate APIs and templates. This will help to ensure that the network is maintained in a sustainable manner and allow for problems to be recognised from an informed place before reacting quickly if, or when, problems arise.
If one thing is clear – the world of programming and coding is a maze. IT admins have their work cut out for them. As the world of tech continues to advance at a rapid pace, the challenges are only going to increase. This is why we must work hard to think about the demands of the future, today.