Enter Our World
There is a lot of mystery and mystique surrounding the origin of hackers both in history and their modern development. How do hackers get started? What kind of person does it take to become one? Where do they go to learn? Why do they do it?
This easily and frequently asked question is a difficult one to answer. The kind of person that becomes enthralled with the idea of bending the power of the computational engine to their whim is easy to find, but rarely do you encounter one with the right mindset who is determined enough to pursue the skills necessary to do it. Unlike the movies make it seem, hacking is not easy, it is not theatrical or dramatic, and it certainly isn't done by Hugh Jackman with a few bottles of wine and 8 randomly arranged computer monitors.
Hacking
--the combined understanding of computer science, networking and hardware for the purpose of testing, subverting and bypassing electronic security--
Hacking
--the combined understanding of computer science, networking and hardware for the purpose of testing, subverting and bypassing electronic security--
is an art-form that takes years of dedicated study and the patience of a saint.
Those looking to become masters of the trade of computer intrusion are in for a very long, frustrating journey, but a rewarding one, if dedicated to seeing it to the end.
So, this begs the question ...
"Where do I go to learn hacking?"
This all-too-common question is asked on an almost daily basis in the IT field. Often, this question is asked by enthusiastic teenagers, fresh from seeing their first hacking film, who have become fascinated and obsessed with the idea of being able to manipulate computer systems to do everything from changing their grades at school to straight-up bank theft.
-- Consider this: If it was easy, everyone would do it.
Honestly, hacking is no more exciting to most people than spending hours (if not days) in front of a computer typing up what most would feel like is a book report in a foreign language. Most beginners who dive into hacking for the first time get lost in all the jargon, and quickly become overwhelmed by the difficulty of the concept of hacking. Those with some understanding of computers but lack the patience to stick to it find themselves growing bored or frustrated with the slow, daunting learning process. Much to our amusement, the experts in this field watch kids by the dozens register at Hacking and Security BBS forums asking for someone to teach them, and then promptly quit a week later because it wasn't as easy as they expected it to be.
Here's the hard truth. Hacking is an incredibly difficult skill to even start, let-alone master. It takes years of dedicated study and practice. You have to essentially dedicate your life and future career to learning how computers work. All those mystical looking ones and zeros you see fluttering across the movie-screen during Hackers (1995), believe it or not, actually meant something, even if the actors and director themselves had absolutely no clue what that was. For 99% of the world, they can't bother to give it more than 10 seconds of their attention before their minds short-circuit and they tune out the rest. They leave it up to screenplay writers to make it look cool in theaters. If they actually made a movie about what hacking really looks like, the audience would 'boo' it right off the reel because all they would see is a bunch of guys sitting at their computers for hours at a time between coffee and potty-breaks.
For those of us who have made it our life's work to understand how computers function, hacking is an exciting and rewarding field to get into, and most of us are all-too-happy to teach. The problem is that the majority of "students" want hacking to be easy when it just simply isn't. They don't want to learn, they want to click a button and watch the computer do something cool.
If you took 100 kids who want to become hackers, and put them in a room ...
I would give them a button that says "Hack" on it that does the work for them...
99 of them would press it, stare at it in awe, call themselves a hacker, and press it again.
But then there would be 1 that asks, "I wonder how it works?"That, is the student I want to teach.
He is the only one that asked the right question.
The Road Paved in Silicon
For starters, hacking was never a criminal past-time by any means, so let's just get that straight. The term "Hacker" was born in the basement of the Massachusetts Institute of Technology (MIT) back in the 1950s, and it was used between fellow computer programmers who were experimenting with code. The term "hacking" actually meant someone who hacked up or modified program code to make it do something unusual or something it wasn't originally intended to do.
Hacking was a positive term, back then.
Now, Hacking is synonymous with "criminal" and "cyber-terrorist." It's more depressing than the end of Old Yeller. What went wrong? Why is it that hackers went from computer masters to computer criminals?
In a word: Media. The public news media (incorrectly) used the word "hacker" to describe anyone who ever committed a computer crime. The FBI and other law enforcement only exacerbated the misconception, until it became endemic in modern society to add "criminal" to the dictionary definition of a hacker.
Events such as Operation: Sundevil, and the first colloquial "hacker war" between rival groups Legion of Doom and Masters of Destruction brought a lot of attention to the hacker subculture. Immediately people began to put labels on the whole idea of computer hacking. Because so much of it surrounded crime, people naturally zeroed in on that activity and called it criminal, glossing over the contributions of notable hackers such as Steve Jobs, the founder of Apple, Ian Murdock, the founder of Debian Linux, and the members of the L0pht group who convinced the US Senate to put more stringent security requirements on software developed by corporations like Microsoft; at the time, software companies were experiencing serious blow-back from poorly tested software resulting in serious security flaws, but there were never consequences for those flaws until the L0pht brought attention to them.
It is because of the L0pht that a Denial of Service attack best known as "The Ping of Death" can no longer cripple the Internet indefinitely.
Hackers have a long history of creating lasting, positive changes in the field of technology, even the criminals. The unrighteous stigma created by modern society that Hacker is equal to Criminal is slander at best.
The Evolution of Computer Security
The dramatic surge of computer security breaches that occurred during the 90's prompted the United States government to step in and enforce some serious dramatic changes. While the societal stigma against hackers grew increasingly more prejudiced, they were still responsible for some very pivotal adjustments in the way we think of computer security. Besides groups like The L0pht, there were individuals like Kevin Mitnick who brought to light the serious lack of awareness of the average office user against the simplest and often most successful type of hack, Social Engineering, which targets the gullibility and courtesy of the average person, leveraging them to divulge private information. If you never heard about Kevin Mitnick, perhaps you saw all the "Free Kevin" bumper stickers that were being passed around in early 2000 in outrage of his imprisonment. He is best known for being the subject of the longest manhunt for any hacker, two and a half years on the run.
Mitnick became the subject of much controversy after being caught and charged for breaking into the Pacific Bell, prompting the issuance of his warrant and his life as a fugitive. He was eventually caught and charged with numerous counts of wire fraud, unauthorized access, interception of wire communications, and unauthorized access and causing damage to a federal computer. After taking a plea bargain, Kevin was sentenced to 46 months in prison. Unfortunately for Kevin, this is not what he got. Kevin Mitnick, altogether, spent five years in prison and eight months in solitary confinement. If you didn't believe me about the 'social stigma' I've been talking about, you will now. Kevin's unjust imprisonment was delivered at the hands of a judge who court-ordered his confinement on the suspicion that "He could start a nuclear war by whistling into a pay-phone."
Although obviously impossible, this is the kind of opinion and outrageous imagination that the non-technical person can have about hacking and security in general. It has since been argued that Kevin's imprisonment was entirely unjustified, and it has been argued that many of his charges were fraudulent, as he never intercepted communications. Instead, he convinced office workers to divulge private information over the phone. He also never actually caused any physical damage to any of the computers. He used this information to get free cellular service.
Where is this leading? Times change...
Today, Kevin Mitnick is a successful businessman. He owns and operates his own security consultancy in Los Angeles, his hometown, and has written numerous books, articles, and made public speeches on his criminal past. He has offered a great deal of knowledge in the field of InfoSec, and is well-respected in the community. Kevin's story is a classic one of bad-guy turned good-guy, and all of his adventures started with trying to get free bus-rides.
The Modern Hacker
The IT Security field has exploded since 2010, and the rapidly growing need for security experts leaves all manner of organizations desperately short of them. The skill-set required to be a security expert is not a mere jack-of-all trades, but a master of all of them. Programming, network traffic analysis, software debugging, reverse engineering, cryptography, and many more skills to follow are those that make up a tried and true hacker. If nothing else, we appreciate the irony. No matter how badly the media and law-enforcement agencies would like to mark us as delinquents and cyber-gangsters, it is painfully obvious to the corporate and technological world that they need us. Hackers bring new ideas to the realm of computer science, and are constantly challenging the old concepts that limit growth and create irresponsible weaknesses in our personal security and growing need for privacy in our lives.
The world needs hackers
The corporatocracy of the United States and most of the developed world's economies revolve around the growing and turbulent trends of technology, and hackers seem to be the only ones who can truly understand it. Let's not forget, hackers aren't just the geeks in sunglasses and hoodies locked away in their basement, crouched beneath the warm, green glow of a shell terminal. Hackers are the code-monkeys, network ninjas, masters of malware, and sultans of the operating system. They are experts in any and all aspects of computer science. We know our world better than anyone else because we created it.
Thankfully, because of the great work of men like Ian Murdock, Steve Jobs, Linus Torvalds, Steve Wozniak, hackers are slowly becoming more embraced rather than ostracized by the world. Even though Hollywood makes us look like goofy magicians when you put a cheap laptop in our hands, while we might begrudge the inaccuracies, we find it flattering that we are so lauded by those who know very little about our skills. Maybe, in a way, that does make us magicians.
Back to our first question...
Are you interested in becoming a hacker? Join the club...
No, really, join it! The hacker subculture isn't as exclusive as people might think it is. We aren't as dark and mysterious as the world perceives, and we certainly don't destroy people's lives for fun--most of us, anyway.
That doesn't mean hacking is any easier, or that it will be a faster process for you just because you know where to go to ask questions and who to learn from. It also doesn't make it any less dangerous. The hacker underground is filled with scammers, script-kiddies, pranksters, and just straight-up jerks, but that shouldn't reflect the majority of us. True hackers are all too happy to share their knowledge, I find. I thought I was a rare kind of hacker when I started teaching others how to do what I do, but as it turns out, I'm just one of many who enjoy sharing their knowledge and experiences with a younger generation of computer geeks.
If you want to be a hacker, you need to be prepared:
- It is not easy
- It will take time (a LOT of time)
- You need to be prepared to read a metric ton of books.
- You need to be prepared to dig through Gigabytes worth of online reading material
- You need thick skin. Seriously, some people are jerks, and it's best to just let it go.)
- Do NOT trust anybody lightly.
- Anti-virus software | MUST HAVE!!!
- A humble, learner's mindset.
- A lot of free time
- (Optional) Coffee and Energy Drinks
There are tons of tutorials to find there, and hours of content to dig through for your viewing and learning pleasure.
Besides that, you can feel free to browse through any of my other content here on the DepthSec Archive or check out my book, The Hacker Ethos in print on Amazon or the e-book on Lulu.com. I crammed it full of beginner-level information on hacking, as well as provide the basic tools, configurations, and additional learning material from books, e-books, tutorials, and white-papers to get you started.
Conclusion
Computer science, Information Technology, and Information Security are constantly changing worlds that I and other hackers like myself dearly love being a part of. We are all too happy to share it with anyone who wants to come and join the club. Like I said, we're not exclusive, and our dress-code is pretty lax. But we are not the evil sub-humans that the media made us out to be way-back-when. We are glad to see the world is changing its opinions of us, but it is slow progress, and not everyone has heard that hackers are the good guys now.
If it's all the same to the world, we'd like to clear our name with this one little message.
Hackers built the Internet. It is our home. We mastered the network. It is our vehicle. We pioneered and perfected the technology which pervades and dominates our very lives. Everything which we build, we share it with the world. We are tenacious geeks, with a passion for creativity,
We are not criminals. We are creators.
No comments:
Post a Comment