Hackers have a bad reputation, but not all are malicious. You might know of ethical hackers who hack only to report vulnerabilities to the creators. But they aren’t the only ones you want on your side. Have you ever experienced the frustration of forgetting a password? With the multitude of accounts most of us manage today, it’s no wonder that mixing up passwords or losing track can happen easily. I certainly have forgotten many. What if you lost an account that has significant cash value? Recently, we saw hackers recover a lost password worth over $3 million, money thought was lost forever.
Lost password? Lost assets?
Humans are terrible at creating and remembering passwords. Hackers know all too well how our psychology works, and they can crack or social engineer their way to a password if it was not already available in one of the massive breaches. Even if they were to force their way into it and try many combinations until they find a match, they have methods to reduce the combinations.
Also interesting: Password Managers – What Are They and How to Use Them?
Back in 2013, an owner of a Bitcoin wallet who was all too aware of hacking risks used a password generator to create his password and encrypt the file. That file got corrupted soon after, and the owner watched powerlessly as the wallet increased in value from a couple of thousand dollars to over $3 million over a decade. This is not an isolated case; between forgotten accounts and accounts where the owner passed away without telling the password to someone, we can imagine how much is sitting there in lost accounts.
Retrieval by (ethical) hacking
Joe Grand, former Disney Channel host and notorious hacker, accepted the job. But brute-forcing this password would prove impossible due to the sheer number of possibilities the 20-character password the program could generate. So, like when hacking a human-made password, the solution was in the password creator and not the password itself. A password generator is just a computer program, and no program can truly be random. A good random number generator is actually difficult to design and engineer from a software development point of view. Every algorithm is deterministic, and what we perceive as random at the other end is based on some input.
Before you go: How to Enhance the Security of Your IT Systems
While changelogs from the specific password generator showed this was later changed, the solution was clear. The original owner said the password was created circa 2013, and that can be the input. The password eventually came out by creating script-generating passwords over time for a sped-up simulation of the time range. This story certainly informs us to keep our passwords safe, which is easier today with technologies such as two-factor authentication, password managers, and passwordless authentication. But it also gives hope that if we lose one, we can rely on hackers to recover lost a password.
YouTube: I hacked time to recover $3 million from a Bitcoin software wallet
By clicking play, you agree to YouTube's Terms of Service and Privacy Policy. Data may be shared with YouTube/Google.
Photo credit: The feature image is symbolic and has been done by Christopher Isak with Midjourney for TechAcute.
Source: Kim Zetter (Wired)
