Chapter Text
Intercepting or listening to mobile phone calls: You can use an IMSI catcher, which you can either buy for like a million USD, or make for like 1500 USD (about 1000 pounds, including the price of the laptop). The idea is that mobile phones automatically connect to the mobile tower with the strongest signal, and that tower tells the phone whether to use encryption. So you just have to make sure that tower is yours.
There is a very detailed set of instructions on making one available here. But the best part is that if you do it right, it's totally legal. The DEFCON presentation starting here goes into how to make it and all the the legal issues so you can make sure what you are doing is actually legal.
Be warned, though: selling IMSI Catchers without a license can be very illegal, which may account for the gap between 1,000,000 dollars and 1,500 dollars.
Also, a lot of people have done this, so if your set-up isn't working, it should be pretty easy to find help online.
Getting on secured networks with AirCrack: You may be able to write your own scripts to do this, but why do that when you can borrow someone else's code? There are free, open-source scripts for cracking both WPA and WEP encryptions to get onto secured wifi over here. The program is called AirCrack. These take several hours, even for WEP, but they are very easy to use--you just start the script before going to bed and have all the passwords by morning.
This may be worth trying, even if you don't write 00Q; it could save your arse at some point when you're travelling and confused and just need that damn internet connection. It takes some work to set up, but it's free, and think about how much more internet you'd have--and how much more fanfiction you could read/post (^_^).
If you are writing 00Q, though, then it's almost certainly worth it, because the "work" I mentioned might give you an understanding of parts of your computer you don't normally think about.
Bypassing wifi paywalls by DNS tunnelling: If you are somewhere where the network is unsecured, but has a paywall (these are often found in airports and cafes), you could try DNS tunnelling, as in this tutorial, or this one. This converts converts IP traffic (your web browsing) into DNS requests (the protocol servers use to look up websites and match them to IP addresses), which your computer is allowed on these networks. If before you leave, you set up your home server correctly, you can SSH into it from anywhere using DNS, and then browse the internet like you're right at home.
Like the above, this may be worth trying, even if you don't write 00Q.
Hacking modern cars The best source I could find on this is this article. There are two academic papers that go into the details. The other articles I found on the topic were just going "Woe unto us! Cars can be hacked!?!" without actually saying how, which is the opposite of helpful.
Biometric security: Not much to say here; if you want to sound cool, just look these up on a case-by-case basis. Take any scanner X and search google for "defeat X". This gives you hacks like gummi bears for fingerprint scanners, fake irises for iris scanners, etc.
If you want a master hack of everything that costs 10 pounds, however, try watching this lecture on youtube. Here's the crux for those who don't want to watch a 50 minute lecture (the guy has a nice accent, but is a bit dry): Because they want to be backwards compatible, essentially all biometric readers use the Weigand interface, which is a electrical protocol to connect the reader to the security panel. The information, including the output of biometric readers, is sent in plain text and easily intercepted and replayed. So you just cut the wire, insert a PIC in between and reconnect. Now the lock is yours.
By the way, if you don't have PIC microcontrollers lying around, you probably should. They're cheap and unless you're writing wildly AU, Q would likely have some on hand at all times. PICs are cool.
Hacking the electric grid: Smart grids mean that you can now turn off power locally to someone's house. There's a good discussion of various attacks and defences in this lecture. The specific attack Q is most likely to use for a quick hit is found at 32:20, though there are some other hacks he might try if he had time to set up. The lecture goes into a lot of detail about how smart grids work and what the points of attack are.
I read a lot of articles trying to learn more, but most of them just went "Alas! The power grid can be hacked! But what if terrorists!?!", which was annoying. The lecture was the only place I found that actually went into any sort of detail on what to do.
Smart phones: The way to hack smart phones, from what I can tell, is the same as hacking computers. You know, you can phish, or send them a trojan attached to a file (there are programs online that help you with this; they are often one step ahead of anti-viruses, but see warning below), you can literally steal their phone (physical access = game over, unsurprisingly, since you need to be able to get on your device, even if you forget your access code).
Malware: This ties into the previous point, but just on the topic of malware, I would like to point out that PostScript (a predecessor to PDF) is a Turing-complete language, meaning that anything that can be done in any programming language can be done with PostScript. This makes it a common choice for trojans. PDF, by the way, is not Turing complete, but PDF malware is still a huge thing. PDF malware tends to exploit the scripting (programming) abilities of Adobe extensions, and bugs in Acrobat.
Warning: There are programs online to help you add malware to files, but you should be careful about these because some of them may give you malware, too. Think about how much you really trust a company that survives on making malware.
Code injections: I'm not going to point to sources to learn this, because they're all over the internet. This is a very classic way to hack. The idea in layman's terms is the following: Suppose that someone who doesn't speak English is practising a dialogue with me, where they say "Hello, what is your name?", I say "My name is bipartite-pairings.", and they say "Hi bipartite-pairings!"
But what if they said "Hello, what is your name?", and I said "My name is as a kite."? Then they would say "Hi as a kite!".
It's a very childish prank, but a code injection is when you do it to a server; you know how they're going to use the information you give them, so you give them the information to make them do what you want. So if a website asks you for a name, but instead of giving them your name, you "inject" a piece of code in, you can make them spit sensitive information out.
There's a nice xkcd webcomic about it here.
There are progressively more interesting exercises for trying this out yourself at hackthissite.org.
Side-channels: Side-channel hacking was at some point the go-to way to hack RSA (especially timing attacks). The idea behind this is to deduce information you shouldn't have by making observations about the physical implementation of a program. For example, if I know a computer is going to decrypt a message I sent it using a private key, then I can send it lots of messages and time how long it takes to decrypt each of these messages, and using this, deduce properties of the private key. This example would be called a "timing attack". You could also make observations about how much power is consumed, the radiation coming out, etc.
This twelve minute youtube video gives a nice demonstration of the concept.
You can read an overview on the wikipedia page for side channel attacks.
Weapons design: This didn't come up in my fic, because Q was not a weapons designer in my AU, but I did do a lot of research on weapons design for my past science boyfriends fics. It's mostly case-by-case, but one piece of advice is that Google Scholar is your friend (a great way to find articles that don't just go "OMG Weapons!" the way many results would on the main Google search engine). Another helpful thing was following Wired as a news source to learn about what people are working on. Also, just taking an introductory electrical engineering course will make a lot of the language more clear when you read articles later.
General Hacking: As mentioned above, a great place to start learning about general hacking is hackthissite.org. It's a collection of hacking exercises, which is wonderful, because everything sounds great in theory, but this site lets you try things out. If you need hints for any of the exercises, they have forums that can help.
If you are in America over the summer, another great place to go is DEFCON. It is a conference for hackers (and also feds and security people). I have never been, but have heard tales from people who had great times there. You could meet a lot of people who can tell you interesting stories once you convince them that you are not a fed or a journalist.
There are lots of videos of DEFCON lectures online (I have referred to several in this essay already). They're very entertaining, and tend to be about 40 minutes, so if the week's Doctor Who episode isn't grabbing your interest, you know...
Finally, a good source may be MIT's Computer and Network Security class. The lecture notes are available on the course website. Two students taking this class a few years ago hacked the Boston metro's smart-card system as a final project.
If you're looking for help on how to do a specific hack, a general rule of thumb is to go to youtube and Google scholar. Initially when I was looking things up, I just went to Google, and I would keep ending up with articles going "Egad! Hackers!" instead of telling you anything useful. Youtube is better for step-by-step tutorials and examples (especially the longer videos), and Google Scholar is better for learning about advanced, bleeding-edge hacks, where the goal is not to do it so much as learn how to sound like you know what you're talking about.
Legal Issues Surrounding Hacking: Do not hack any system that you do not own, not even for practice, unless the owner has clearly given you permission to (for example, hackthissite gives you permission to). You could get into a lot of legal trouble. For some information on the sort of trouble you can get into, see this Agent Steal article. It's about everything from getting caught, to getting tried, to going to prison. Agent Steal is a former hacker who is also a former fed, so he's seen both sides of the story.
N.B.: Agent Steal is from the United States, so this article is about how the US justice system deals with hackers. The UK may be very different, though I suspect one central point is probably universal: nobody sympathises with hackers--not the police, not the justice, not the jury, not the fellow inmates, not even the fellow hackers.
Hackers don't have to love maths: It is my head-canon in every AU that Q is a mathematical genius, but this is largely because he is a weapons designer in canon. Hacking in itself does not require this--I've spoken to several hackers who aren't that into maths. Not that much hard mathematics or even computer science actually goes into hacking. It's mostly just thinking on your feet and learning the protocols and how to exploit weaknesses. I'm told the hardest maths that's used is introductory abstract algebra. So if you are writing an AU where Q is a hacker, but not a weapons designer, then he doesn't have to be a mathematical god.
Side note, just to be irreverent: The Skyfall hacking scene is not a good place to start. I was watching this at my university, and people kept snickering whenever Q said anything in that scene and whenever the camera showed the screen. I'm pretty sure most of it wasn't intended to be funny. I'm surprised by how much research this fandom does, given how little research The Powers That Be did.