So I have this character that is supposed to be "really good" at hacking. But I don't really have a reference for what is realistic. And really, there is so little mainstream information on top of the line hackers (presumably the really good ones stay hidden) so the character trait almost borders on a superpower where you can just make up how good he is. I'm sure there has to be a line drawn somewhere between obviously unrealistic and possibly realistic. For example... I was thinking of having the guy have a phone "app" where he can scan a fingerprint (this is a crime story) with his phone and compare it to the national police fingerprint database that he has gained access to through hacking.
The IAFIS, I am assuming the story is in America, works like this form my understanding. I keep ending up in jobs that need to have my finger prints submitted. You take the finger prints at a police station, or at the scene. These are then scanned and sent to the FBI. The FBI computer there automatically starts looking through its 66 million criminal and 25 million civil prints. So I think your character needs to fool the automatic system into thinking that he is a legitimate requestor of the information. No clue if that is do able.
That's an idea. But your saying "no clue if that is do able" is kind of the point. I'm wondering if I could just make up a reason like you described (or not explain how he does it at all), and they pretty much have to take my word that he is able to do it right? I guess I'm just making sure the act of doing this sort of thing seems plausible. My theory is that as long as he isn't downloading the information and using it maliciously, he's not going to draw that much attention from people who try to catch these hackers.
yeah make the system think his phone is a police station, is probably an acceptable break from reality. Also remember he needs to still take a strip of the finger print. The system is designed to look at it on white paper. Something they get right in crime shows.
well its more then possible to carry around a portable fingerprint scanner. Law Enforcment Officers are using them now, well in some areas. Not sure if it would work the same on a phone app... but bending the truth in this matter wouldnt bug to many people. As for gaining access to IAFIS. I say just have him hack into it and leave it at that. Hackers can gain access to much bigger things. Take example Scott Lunsford at IBM. He told a Nuclear Power Plant that he could gain access to their systems using the Internet. They told him it was impossible. Within the day of starting his team gaine access. Within the week he had full control. Now granted it wasnt a single hacker... but heres the thing. It was possible. He would later claim that it was the easiest penetration tests he has ever done(im going to resist a dirty joke right now) Now maybe IAFIS had/has better security then that Nuclear Plant. The point is. Being able to gain access to it through hacking is more then withint he realm of possibility. In fact its actually a tad scary as to what hackers could gain access to. N
Well, my theory when it comes to hacking and security is that they tend to put more security where it is needed. So maybe hacking into the Pentagon or something like that is going to be hard to do. And even if you do succeed, you are going to have most major cybercrime police agencies on your tail. But something like the fingerprint database there really shouldn't be as much security because.... it's just fingerprints. Anyways, I think based on your responses most would find it believable.
I would imagine the FBI, of all agencies, would have more security than that. When information is compromised, that means other things can be compromised as well - what those in cybersecurity need to do is change the code and keep the code inaccessible. Once in the hands of a hacker, the code can be easily manipulated. Look into the modding community for Video Games such as minecraft - its essentially the same thing. There's no need to understand the actual coding, just the theory.
Also remember that unlike movies the response is rarely/ if ever instantaneous For criminal requests it can be up to 10 hours For civil requests it can be up to 24 hours
Wow... really? I figured there was a system in place so that someone in some crime lab somewhere would be able to match fingerprints essentially at the speed up the process. I just know that I need to add in a delay in when they get answers back on the request.
IMO, it'll all be fine if you explain it well enough. Sure enough, it's unrealistic if your character goes "brb, taking 2mins to hack the pentagon," but the only limit that hacking has is the sky (hehe). Also, how old is your character? Writing the delay could actually be pretty easy depending on how old he is
Part of it is how many finger prints we are talking about. Over 66 million criminal and 25 million civil. Mine always end up taking a while and they are in the civil group.
Actually, I think the plan now is to do the opposite. Because this character is "relatively" new to the story, so there is potential comedy from him not explaining it. The dialogue might go like this: Hacker: It looks like there's a fingerprint there. *digs into his pocket* Main Character: Yeah... wait what are you doing? H: Getting my phone. M: What for? H: If I can get a picture of the fingerprint I have an app that can check it against the fingerprint database. M: Your phone can do that? How? H: Just push a button. M: And we should find out who this print belongs to soon? H: It takes awhile for it to respond, maybe an hour or two. Something to that effect. I would have to clean it up but I imagine if I went into some long drawn out explanation... it would take the wonder out of the action. And besides 90% of the population would barely understand the technical terminology anyway. I suppose I could make a brief "I'm tricking it into thinking it's a police inquiry" explanation and that would work too. Lets say he's 25. I don't really see how it matters though? Technically it's neither because this guy is like a freelance private eye. But if the theory is that he's tricking FBI database into taking his entry, I'm sure he could do it as criminal, whichever is faster. By the way, thanks everyone for the input this is really helping.
Edit: Just did a little googling and found out that while the FBI has the Integrated-AFIS that takes all of the fingerprints together, many states have there own AFIS databases. Presumably only holding people that have had there fingerprints scanned in the state.
You more or less never see "realistic" hacking in fictional settings (movies, books etc) for two main reasons: 1) The people writing it don't know how it's done 2) The actual way it's done it not that dramatic 99.99999% of the time If you're interested in reading how a fairly well known and modern hack was done you can read the following without too much technical knowledge: http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/1
