For me it has always been funny to watch people’s reactions when I tell them that I am a hacker. Most people think of all the bad things that come from hacking, thanks to media hype and hysteria. I have always been interested in finding how things work, and for me networking and information security have been the exact same.
When my Dad set up our first local area network, it was fun to see how data went across the cables in a meaningful way. I got introduced to the internet (in the form of Internet Explorer) and was astonished at the wealth of knowledge that was available to me. Granted, back in the early days, there wasn’t much out on the internet, but whatever there was out there, was NEW. I read about things called viruses and was fascinated that they would let you control another computer, without being in front of the keyboard or having physical access to the machine at all.
My interest in hacking started as I learned programming. The more I learned about programming, the more I could do with a computer. My parents gave me a TI-86 calculator for school, and it excited me because it had its own form of Basic built in. I was able to write programs for automating my math homework. Back then my math teacher encouraged me to do homework this way, because writing the code was the same as showing my work, and it also made it possible to not have to do the 100 problems all drawn out the hard way.
The first time I would ever “hack” was in high school. I was doing a book report about “Masters of Deception: The Gang That Ruled Cyberspace” and asked my teacher if I could get extra credit for hacking the schools computer system. His answer is proof that times were MUCH different back then, he said “Well, this is an English class, so if you wrote about how you did it, I don’t see a problem”. I was so excited, because I just got permission to be a spy, it felt like I was a secret agent sneaking around school to find the most vulnerable computer and attack it!
Hacking has always felt like that to me, its about finding holes in security, and since most of the world operates in a state of “security by obscurity” (if the masses don’t know about the problem, it doesn’t exist), but I found out, like many other hackers trying to be the good guy doing “bad” things can backfire. By me putting in writing HOW I was able to compromise the security of a computer at school, when someone else used my method it was ME who got dragged into the office with the principal, my English teacher, and the computer administrator asking me why I uninstalled their security system on a computer in the Art-Lab. I was lucky to have proof it wasn’t me, and said I had no idea who did it, but helped them fix the computer.
In my case, I never published my report on how to hack the schools computers, but I did have my best friend help me with my rough draft revision. I chose my friend because he didn’t know a lot about computers. I knew he had used what he had read in my paper, because it was on HIS computer. The point is that just because hackers find the holes, they cannot be held responsible for other peoples actions.
Hacking isn’t good or bad, it’s a quest for knowledge. A thirst only satisfied by proving you are skilled enough to accomplish a task. Hackers provide a necessary service to the network community, whether we play by the rules and stay out of trouble by asking permission, or risk prison time by thinking the rules don’t apply; The security holes we find come to light so they can be fixed. If there had never been someone trying to learn how to break into your house, you never would know you need a lock on your door.
It can be hard for some to accept, but meaningful advancements in security come from those of us willing to walk the line between good and bad. My idea for this came from thinking that many of our current security measures are now breaking, and the need is coming again for hackers to help educate everyone we know the best ways to keep their data safe.
My challenge to all hackers is to remember that we have a duty, to stay strong and not be seduced by the desire for a quick buck. When you find something you think should be protected, instead of simply exploiting it, try to help fix it. It is through our testing and sneaking that the replacement to technologies like SSL, and Certificate Authorities, etc. will be created.