Catching a cyber thief: It takes one to know one | Bangkok Post: tech

For the uninformed, the distinction is fine indeed. But for computer expert Prinya Hom-anek, the line is as clear as black and white.

"It's widely misunderstood that hackers are bad. The fact is, hackers are just geeks who want to test the vulnerability in a system. They aren't looking to harm anybody," Mr Prinya said.

On the other hand, "crackers" are those who use their IT knowledge for the "dark side", penetrating databases and computer systems to steal data, money or personal information for their own gain.

White hats, black hats. The giants of modern computing all boasted hacker roots, Mr Prinya said. Linus Torvalds, the father of the Linux operating system, is one. So were Apple founders Steve Jobs and Steve Wozniak, who while creating the world's most prominent computer company spent time hacking the US public telephone system using a "blue box". Richard Stallman, the father of the free software movement, and Microsoft founder Bill Gates also were well-known in the early hacker community.

For a computer geek, hacking is a test of will and skill, where one pits their knowledge against a system designer in search of weaknesses and flaws.

Mr Prinya, a founder of the Thailand Information Security Association, should know. A 26-year veteran in the information technology sector, he is the only Thai to hold accreditations from three leading information security institutions — CISSP, SSCP from (ISC)2 and CISA.

Prinya: All a hacker needs is passion

He said he learned to hack when he was 16 and studying electrical engineering at Chulalongkorn University.

"My motivation really was to extend my playing time with Pac-Man. So I started learning assembly [a computer language] to control my Apple II machine," Mr Prinya said.

Hacking in the pre-internet days was much different then today. Even the most basic books were hard to find in the early days of computing, and software tools and hacking techniques were collected and passed around within small cliques or underground bulletin boards, the predecessors to today's online chatrooms.

"To be a hacker, all you need is passion. You can spend all night trying to find a vulnerability," Mr Prinya said.

"Most hackers do their work from midnight to dawn. I remember several years ago, I was working a case against some crackers who were attacking a local mobile phone operator to divert prepaid calling time. I waited for him and found him late at night."

Mr Prinya said that Aekawit Thongdeevorakul, the 22-year-old Chulalongkorn University student arrested for hacking Prime Minister Yingluck Shinawatra's Twitter account, should not really be considered a hacker.

Mr Aekawit made headlines around the world earlier this month after he broke into the prime minister's Twitter account and posted eight messages attacking the Pheu Thai government's grass-roots policies.

The Information and Communications Technology (ICT) Ministry caught Mr Aekawit within a few days of the incident. He acknowledged using Ms Yingluck's password, stolen by parties unknown, to access the Twitter account.

Mr Prinya said Mr Aekawit was more properly considered a "script kiddy" — a derogatory term in the hacker community to describe an amateur who uses scripts and programs developed by others for their attacks.

Mr Prinya, who helped the ICT Ministry investigation to track the attack, said a more experienced hacker would have understood the importance of covering his tracks in planning an attack.

"Once I recovered Ms Yingluck's e-mail, I found the latest IP address used to access the e-mail and traced it back to the kid's location in Bangkok. And we found that he used a True ADSL account, which in turn led to his name," he said.

A skilled hacker would have known that internet access using landline ADSLs is closely monitored by service providers and that masking one's address and erasing log files are elementary precautions one needs to take to escape detection and discovery.

Mr Prinya said of more interest was how Ms Yingluck's Gmail password, which was then used to access her Twitter and Facebook pages, was discovered in the first place.

One theory is that the hacker used Gmail's "forget password" function to reset the password and gain access to the account.

A more likely explanation is that the password was discovered through an attack against the prime minister's communication team, say through a virus or "keylogger" program planted on their computers.

Another possibility is that the password was discovered using "packet sniffers", or programs used to intercept network traffic, when the account was accessed using a WiFi connection.

Hackers, Mr Prinya said, may work solo or as part of a group with a shared purpose to disrupt networks, websites or databases.

He estimated that there are several thousand of hackers in Thailand today, mostly youths intent on stealing data, money or prepaid phone airtime.

Many use "phishing" attacks to deceive recipients to give up their bank accounts and passwords by accessing counterfeit websites made up to look like a genuine bank website.

Mr Prinya today runs his own consulting and IT security training programme, where he is now paid to help run "penetration testing" against clients such as local banks to test their vulnerability to hackers.

"Real hackers just want to show off. They want to seek system vulnerabilities and feel proud when they can do so and make their mark. For a hacker, breaking in is like planting a flag on the moon," he said.

"A hacker doesn't feel guilty when they succeed. It's the other systems that failed. It's no different from someone who forgets to lock their back door. Whose fault was that?"