When you hear the word “hacker,” what do you think about it? A person typing fast meaningless keys into his laptop/computer.
The first time “hack” was used in relation to technology in 1961 at MIT, where hacking meant working on a tech problem in a more creative way. It’s the year MIT acquired the first PDP-1. The culture then flowered at the universities connected to the net after ARPANET was developed by the Defense Department (1969). But also in that year with ARPANET a hacker invented UNIX. Then another one later in 90' invented Linux and afterward, the open software culture appeared. Linux is so used today because a hacker built it for hackers. Those early years can be examined in Steven Levy’s book Hackers.
What is a Hacker?
Hackers fix problems and build things, they believe in freedom. You don’t have to be a nerd to be a hacker. This is a misconception propagated by the newspapers and glorified by Hollywood movies to sell more. Probably you need to be a “geek”. Today, being a geek or a nerd no longer implies that you’ll get thrown in a locker room. Nowadays geek is a new brand of “cool guy”. The distinction is that geeks are fans of their subjects. There are other people who loudly call themselves hackers but they aren’t. They are mainly adolescent males who love to break into computers and phone systems. Being able to break security doesn’t make you a hacker… you are just a lazy “cracker”. The difference is that hackers build things, crackers break them. To be a hacker, you do not try: you just simply are. The essence of hacking is looking for and gaining knowledge, not breaking into systems or releasing malicious worms/viruses. A mechanic who takes an engine apart and fixes it is a hacker as a doctor who opens you up to help your heart keep beating. There are still a lot of people that failed to understand the distinction, so the two terms — hack and crack — are often used interchangeably. A hacker may gain access to your credit card information, but never use it for ill. He might send a private note using code to disclose the flaws in your company's security but never to use that information to bad intent.
How to become one?
First of all learning every day. Thomas Huxley said, “Try to learn something about everything and everything about something.” Apparently to become one you need to be particularly curious, especially about how things work. Some special ability to focus. When you look at a line of code, you need to see not just that line but the whole program around it. Start reading the whole code and try reviewing bugs. Learn to contribute, and work your way in. There are no magic shortcuts. Exercise your intelligence to be a modern-day version of the rebel or outlaw stereotypes. That’s why certain people find it appealing. But before embarking on this journey read first the hacker manifesto. Some people think that they can become a hacker using some free hacking tools available on the web. No!! Doing it does not really make you a hacker. A true one can find a vulnerability and develop a tool to exploit it and demonstrate how he does it. You need to learn to distrust attitude and respect competence. Much more importantly: you need to be able to think logically and follow chains of exact reasoning like in math research. Discipline is a must if not grow it. Ok! Can I find someone to teach me hacking?! Probably not. Getting this skill is hard so you basically have to teach yourself.
A hack that works today, likely won’t work tomorrow.
First, you have to respond to this puzzle: 24 red socks and 24 blue socks are lying in a drawer in a dark room. What is the minimum number of socks I must take out of the drawer which will guarantee that I have at least 2 socks of the same color? (respond in comments) Second, you need certain basic skills like a toolkit. This toolkit changes over time as technology creates new skills and makes the old ones disappear.
- Learn to code. Throughout history, youths have been apprenticed to masters in order to learn. The best kind of learning is by doing it. Learn at least a half dozen programming languages. Start with Python then go emphasizes class abstractions (like Java or C++), emphasizes functional abstraction (Lisp or ML or Haskell), declarative specifications (Prolog or C++ templates), emphasizes parallelism (Go), practical reasons (Perl). You need to learn the mechanics of using tools like editors, interpreters, and compilers. It will also help to know about markup languages like XML, HTML, and data formats such as JSON. Make, test, debug, and document any change in the learning process. It may take years but nothing good can be obtained easily.
- Learn Unix. Why Unix? Because is the operating system of the Internet. The hacker culture today is pretty strongly Unix-centered. (the old guys are not so happy but this is a real deal) Read.Learn.Think.Modify code with it. And play keeping it simple. Unix in a Nutshell by Arnold Robbins is a good way to start.
- Learn how to master the web. Learn how to write HTML and build a homepage. By doing it you’ll be able to understand a lot of net principles.
- Learn networking concepts. Understand what is a subnet, LAN, WAN, and VPN. Use ToR. Also, you need to know the differences between different types of networks and the TCP/IP protocols. (ex: Gain access to a remote server using port-binding or connect-back shellcode, and alter a server’s logging behavior to hide your presence.)
- Learn cryptography. Cryptography and encryption are very important for the internet and networking. You should be able to understand how SSL works and how secure is. Participate in challenges for decrypting powerful encryption and learn various techniques used for password cracking.
- Learn about OWASP. Know how to find vulnerabilities and exploit those vulnerabilities.
- Learn about DBMS like MySQL,MSSQL etc. Master SQL Injection or some tools like SQLmap.
- Learn about Intrusion Prevention System, Honey Pots, BruteForce attacks, DDoS, Reverse Engineering, Buffer Overflow, How to sniff using Wireshark, Ettercap. Phishing Attacks, Social Engineering. How to use Metasploit, Nmap, Zenmap, Burpsuite, Zed, Nessus, OpenVAS etc.
- Learn about post-exploitation techniques and virtualization. Once you control a system, what do you do with it? Learn to stay hidden. You need a safe environment to practice your hacks before you take them out.
- Learn to script. Without this skill, you’ll be relegated to using other hackers’ tools.
Hacking is not shown in movies. You’ll see there the cheesy game graphics, skulls, and expository messages on screen. This is not the real deal. Hacking it’s a never-ending learning curve. There is no user manual. Nobody is going to teach you how to do it. No courses for it, except presumably inside the secret agencies, and also some tips at security conferences that are usually very expensive. You will need to invest a lot of time trying, testing, and exercising. If you don’t like the long learning process, this field is probably not for you. But if you are in the game don’t limit yourself!! Think like an attacker staying within ethical and legal limits. If you become good you’ll be in a position that can grant you real power. Use it responsibly. Remember, do not think you are special or look down on others just because you learned some tricks. Also if you are a programmer doesn’t mean you are a hacker. Stretch and exercise your analytical abilities. Is the only way you’ll get recognition in the field. Everything you work on or try to explore must have 5W’s and 1 H's concept in mind. What I am doing? Why I am doing? For Whom I am doing? Where it will take me? When I will reach my destination and How I will expand further?
So what motivates hackers? More of them are doing it to be challenged, while others do it to learn and contribute to their own growth. A few are doing it for the money or just to have fun. Their reasons may vary, but the results are impressing the growing ranks of organizations that accept hackers through crowdsourced security — leaving us a lot safer than before. (In 2019 we had 7 worldwide hackers reach to $1 mil. from bounties.) It’s not surprising to discover that majority of hackers found bugs and chose not to report them to the organizations. When asked why 21% said the companies didn’t have an obvious channel through which to report findings and 15% said the company was unresponsive to previous bug reports. So to attract them companies should create a Vulnerability Disclosure Policy (VDP) to ensure that reporting of potential vulnerabilities will protect those who take the time to do so.
Embracing hacking as a way of life is to reject so-called “proper” concepts of work, choosing instead to fight for equality and common knowledge.