|ticom||03:17 pm - So You Want to Be a Hacker?|
This article originally appeared in Issue #26 of the IIRG E-Zine, Phantasy.
Since first publishing my own 'zine seventeen years ago, I get asked the question “How do I become a hacker?” no less than five times a week. Sometimes the question is from an individual who has seen one of the popular movies (Hackers, Wargames, Sneakers, et. al.) and thinks he's going to be the next “z3R0 c00l”. Other times it's from an individual who is seriously and genuinely interested in the science and art of hacking. Many things have changed in the hacking scene in the past twenty years, but there are a few common basics that remain timeless.
Although the “hobby” has become mainstream to some extent, the term “hacker” is still considered a pejorative as it is confused with “cracking”. Students simply accused of “hacking” have been suspended and expelled from school. Many of you are saddled with parental figures who think that being the manager of a Wal-Mart is a better profession than that of an engineer, and are offered a total lack of support in the pursuit of a technological education. Finally there is the legal aspect of things. Back in the “old days”, cracking a system was considered a tolerable act as long as no damage or other malicious activity was done. Even after the term “computer trespass” became part of the legal lexicon, many people in the industry looked the other way when they “caught” someone non-maliciously cracking their system. These days those who are caught cracking a system are often left with a criminal record that virtually eliminates their chances of getting a good tech job.
The reality of the matter is that no matter how honorable your hacking pursuits are, eventually you're going to be tempted by the dark side and try a little system cracking. You're going to rationalize that you know, or think you know, the risks and are willing to roll the dice. A lot of “famous” hackers who work in the INFOSEC industry started this way, and you want to be just like them. Maybe you'll get away with it, eventually get the whole cracking thing out of your system, and go on to bigger and better things. I hope so. Over the past twenty years I've observed that some of you do and some of you don't. Those of you that do manage to outgrow that particular phase go off to college or trade school, find something you like that pays decently, and have a happy ending. The rest of you become career gas station attendants.
On that note, I have found that many who wound up with the “gas station attendant” side of the coin shared a common factor, that being you had family problems. I'm not a psychologist or other mental health professional, but my observation has been that this happens because they've substituted their hobby to make up for what's missing in their life. The hobby then becomes an addiction. The problem I see with this, is when the person crosses over to the “dark side” of hacking, doesn't stop, and starts acting stupid. They usually wind up getting caught and down the road to perdition. My advice is simple. If this is you, find something legal to get addicted to while you seek professional help. It's a sorry state of affairs that you have problems like that, but there are people who can help you out.
The responsible adult and parent in me says I should tell you not to do anything illegal. Consider that the usual “educational purposes only” disclaimer. The pragmatic, slightly-anarchistic, former-hacker in me has a slightly different attitude. I personally don't see any harm in non-destructive system cracking. If I don't want you in a system I'm responsible for, I'll take the necessary INFOSEC measures to lock the box down, and keep it current. If you manage to get in, I'll take it as an educational experience, patch things up, and not get pissed off unless you acted like a cock-walloping asshole and damaged the box. I feel a greater crime is destroying the life of some harmless non-destructive kid who was doing the same thing we did twenty years ago. When you catch a toddler sticking their hand in the easily-reached cookie jar you don't cut their hand off. Unfortunately my attitude is of the minority in the corporate world. So here is my advice: Don't do anything stupid. This includes, but is not limited to, destructive acts on a computer system not belonging to you and acting with a general lack of common sense. In a perfect world, your hacking exploits would get you a high-paying job with cool benefits doing what you love to do. This is not a perfect world.
Now over the decades I have seen many of you come and go. Most of you played around in the fringe for a little bit, had a good time, and then went on to “get a life” as those on the other side of the looking glass like to say. Others allowed the power to destroy them and are in jail or slinging burgers. The rest, maybe one percent, remain. This observation over the years leads me to believe that true hackers are born and not made. It takes not only a combination of curiosity, bloody mindedness, and technical ability, but also the ability to resist systematic and unrelenting indoctrination aimed against your hobby by the establishment. You pretty much either have it or you don't. Of all the hackers I've met, the few that were really good and stayed with it all shared a certain “bent”. The rest might have had exceptional technical skill, which can be learned, but weren't bent enough to become a hacker. One such individual was “GDP” who displayed great programming skill, went to college, and became an engineer. He didn't have that hacker bent however, and eventually wound up a lawyer. A real hacker wouldn't change careers like that. Interestingly enough, most engineers I have met were not hackers, even some good ones. They were too brainwashed by the establishment to be one. The ones that were hackers were exceptional engineers, and often shunned by their more mundane “colleagues” for their often unconventional mannerisms.
The original “Hackers Ten Commandments” goes back to the old MIT TMRC scene, and mostly has to do with free access to information, creating acts of beauty on computers, and other such concepts. While the “machines of loving grace” concept is nice to talk about, a set of commandments more suited for the “dark side” is from the 1980s and was published as “The Phone Phreak's Ten Commandments” in TAP Magazine issue #86. They go as follows:
I. Box thou not over thine home telephone wires, for those who doest must surely bring the full wrath of the Chief Special Agent down upon thy heads.
II. Speakest thou not of important matters over thine home telephone wires, for to do so is to risk thine right of freedom.
III. Use not thine own name when speaking to other Phreaks, for that every third Phreak is an FBI agent is well known.
IV. Let not overly man people know that thy be a Phreak, as to do so is to use thine own self as a sacrificial lamb.
V. If thous be in school, strive to get thine self good grades, for the authorities well know that scholars never break the law.
VI. If thou workest, try to be a goodly employee, and impressest thing boss with thine enthusiasm, for important employees are often saved by their own bosses.
VII. Storest thou not thine stolen goods in thine home, for those who do are surely non-believers in the Bell System Security forces, and are not long for this world.
VIII. Attractest thou not the attention of authorities, as the less noticeable thou art, the better.
IX. Makest sure thine friends are instant amnesiacs and will not remember that thou have called illegally, for their cooperation with the authorities will surely lessen thine time for freedom on this Earth.
X. Supportest thou TAP, as it is thine newsletter, and without it,thy works will be far more limited.
The first two commandments deal with not doing things over your home phone, or any phone line traceable to you for that matter. In the past twenty years the vast majority of busted hackers I've seen did not follow the first commandment of phreaking. Back in the day they used payphones and phone cans to achieve a level of security when hacking. With the ready availability of WiFi today there is no reason to do anything over a phone or network connection that is traceable to you. While the technique of “wardriving” has been discussed ad nauseum these days, nary a word is said about old school techniques. For this I will refer you to the excellent article “Hacking on the Highway” by Johsua Tower and The Men From Mongo which appears in Cybertek Electric Issue #3.
The next set of commandments deal with personal security. Not only did I attend the original meetings in New York City, I am one of the half-dozen or so “plank owners” of that meeting. Back then we all knew each other, and one fellow hacker estimated there were only a couple thousand hackers in the country. We all pretty much knew each other, directly or indirectly. Now the “scene” has expanded by several orders of magnitude and the old-school community is gone. Unless you're dealing with your best friend that you've known since elementary school you really can't trust anyone these days, and your best bet is to keep your own council. That “cool dude” you met last month at the local meeting might get busted for doing something stupid and decide to take you down with him. If I received a nickel for every time I heard that someone's “good hacking buddy” was busted and rolled over on their “friend” to save their own hide, I'd own DEC by now. Along with keeping one's own council is keeping a low profile. Your hacking endeavors should be like a secret identity. While there are rare exceptions, being known as a “hacker” at work or school is pretty much a guarantee that you'll get blamed when something goes wrong.
Keeping in line with the mobile hacking philosophy, your computer of choice should be a laptop set up for dual-boot with Linux/BSD and Windows. While Linux and BSD are the operating systems of choice for the serious hacker, most of the real-world runs on Windows and there are too many useful software tools that run under it to discount it. Hardware technology is constantly advancing, so I'm not going to go too much into specifications since they will be obsolete in six months. WiFi and Bluetooth capability are a must, as are USB and RS-232 serial ports. RS-232 is getting a hard to find on current laptops, but there are still a lot of embedded devices and other interesting hardware that use it. It should be noted that these devices don't necessarily work with USB/RS-232 converters. I also like to have a bi-directional parallel printer port on a machine as it makes a handy interface to many hardware projects. The various live Linux distros such as Knoppix are very handy from a personal security standpoint. They are especially useful on “shared” computers. Data and files of a sensitive nature can be encrypted and stored on a removable USB thumb drive that is easily cached or otherwise hidden.
To be a good hacker, you need to have knowledge not only with software, but hardware as well. While the software side of things is fairly well-represented, information about basic electronics knowledge is lacking in the hardware community. One of the best reads for learning about basic electronics is the US Navy's NEETS (Navy Electricity and Electronics Training Series). It was developed for use by personnel in many electrical- and electronic-related Navy ratings and provides beginners with fundamental electrical and electronic concepts through self-study. NEETS consists of 24 modules, each covering a specific subject:
Module 1, Introduction to Matter, Energy, and Direct Current
Module 2, Introduction to Alternating Current and Transformers
Module 3, Introduction to Circuit Protection, Control, and Measurement
Module 4, Introduction to Electrical Conductors, Wiring Techniques, and Schematic Reading
Module 5, Introduction to Generators and Motors
Module 6, Introduction to Electronic Emission, Tubes, and Power Supplies
Module 7, Introduction to Solid-State Devices and Power Supplies
Module 8, Introduction to Amplifiers
Module 9, Introduction to Wave-Generation and Wave-Shaping Circuits
Module 10, Introduction to Wave Propagation, Transmission Lines, and Antennas
Module 11, Microwave Principles
Module 12, Modulation Principles
Module 13, Introduction to Number Systems and Logic Circuits
Module 14, Introduction to Microelectronics, covers microelectronics technology and miniature and microminiature circuit repair.
Module 15, Principles of Synchros, Servos, and Gyros
Module 16, Introduction to Test Equipment
Module 17, Radio-Frequency Communications Principles
Module 18, Radar Principles
Module 19, The Technician's Handbook
Module 20, Master Glossary
Module 21, Test Methods and Practices
Module 22, Introduction to Digital Computers
Module 23, Magnetic Recording
Module 24, Introduction to Fiber Optics
The NEETS series is available in PDF format and can be downloaded off various sites on the Internet. Specific site locations change over time, but a Google search of “NEETS PDF” or something similar will produce the desired results. These are large files and your best bet is to be on a good broadband connection when downloading them.
The next excellent source of electronics learning material comes from the national amateur radio organization, the American Radio Relay League (ARRL). Their ARRL Handbook for Radio Communications is the standard bench-top reference for many technicians and engineers, especially old-school ones who have been doing RF since Christ was a carpenter. I own a few copies ranging in vintage from the 1940s to 2007, and always keep my eyes open for intact but used-looking ones at bargain prices that the collectors ignore. The current year's edition runs about $45 and includes a CD version. You can find a recent (within 5 years) copy used for even less which is all you need. Every tech bench that I have ever frequented has had a well-thumbed copy of the Handbook within reach. Another good reference from the same organization is the ARRL Antenna Book. If you play with RF you will eventually be building, tweaking, modifying, and otherwise tinkering with antennas. With the formulas and designs found in this book, you can build your own custom antennas on the cheap with parts you find at electronic parts shops and hardware stores. For working with higher frequencies, their VHF/UHF Antenna Classics book is also a useful item to have. The ARRL has quite the collection of useful library material and their prices are entirely reasonable for what you get.
While it is a source of controversy among many in the community, I have found that an amateur radio or “ham” license has made an excellent “cover” for one's hacking activity. Despite the social ineptness of many in that scene, “ham radio operator” generally has better connotations than “computer hacker” and “It's for my ham radio setup” has proven to be a perfect parental explanation for exotic and weird electronics in one's possession. Perhaps the most telling argument for this cover story goes back to the days of TAP magazine and the truly successful real old-school hackers and phreaks of the 1970s and early 1980s. They all had their ham ticket. Finally with the ham population declining, there is an abundance of underutilized spectrum available for those into the hardware/RF aspects of hacking to “legally” play with.
Another “must have” is a complete back issue collection of TAP magazine. TAP was the original H/P newsletter from the 1970s and early 1980s. It died just as I was starting the hobby, and acquiring back issues was something along the lines of a holy grail for many hackers. There was the new hacker newsletter called “2600”, but they weren't as hardcore as TAP was. (However in accordance with the 10th commandment I did support them and had my first article published in 1987). I eventually did come across a complete back issue collection in the late 1980s. These days the complete collection is available for free download from GBPPR. You need not only to download them, but print them out, bind them in one convenient volume, and read them. Not only is this good history, but a lot of the information remains relevant and usable. There are also other good online hacker magazines that seek to maintain the tradition and standard set by TAP. You are obviously familiar with Phantasy. There are also GBPPR 'Zine, Eithertech Digest, Cybertech, and Technical Intelligence Communications 'Zine. You should download all of these, print them out, read them, and add them to your reference library.
As you go about your hacking endeavors, you will find that you spend as much time IRL with your hacking as you do online. The fact is that hacking is as much a “real world” activity as it is an online activity. One of the first things you should acquire is a mail drop, either a post office box or preferably a commercial mail-box that accepts delivery from commercial carriers like UPS and FedEx. You should also look into finding and setting up a “Shadow Gallery”. This is much like the “hacker spaces” you've probably read about. The only difference is that you will be using this place by yourself for storage and working on projects that are best done away from home.
One “real world” activity that a hacker will find very useful is the study of tradecraft. Due to the necessarily covert nature of hacking, there is quite a bit of crossover in tradecraft technique and most of the “successful” hackers I've known employed tradecraft to some extent. A full-scale discussion of tradecraft technique is beyond the scope of this article, but is being considered for a future issue of Phantasy. I will however, share a story from the old days of hacking in the 1980s Apple ][ scene. Not only do the basic techniques still work, but it gives an insight as to how things were managed even with primitive hardware.
The nice thing about the Apple ][ computer was that it was open source way before the term was coined. When you purchased an Apple ][ it came with complete system documentation that included source code (6502) to the OS. You could also program the Apple in 6502 assembly code by simply typing “CALL -151” and hacking away. The other nice aspect was in data storage. Even though the amount of data storage on an Apple floppy disk was around 100K or so, that still represented an amazing amount of text (around 100 pages or so) you could store on it. You could also protect that information by encrypting it and using software/copy protection schemes that you discovered while cracking commercial software. This was flat out incredible for the 1980s.
With the data storage and encryption techniques taken care of, the next step was to secure the actual floppy. The floppy disks at the time were about 5 inches square and about as thick as a few pieces of paper stacked together. It did not take much imagination to find various places to hide them. One favorite place was behind the back panel of a wall locker. We'd take our always carried Swiss Army Knives and simply unscrew the panel, duct tape the floppy holder to the wall side of the back panel, and close it up. Swiss Army Knives are now mostly supplanted by multi-tools such as the Leatherman, but this technique can still be used to cache small items such as the USB sticks that have replaced floppy disks.
A multi-tool such as a Leatherman, SOG, or Gerber is one of those must-haves for the hacker's arsenal. I have been told that some schools have banned them because they have a knife blade, but they do disappear nicely in a pocket or in a backpack among other things. There are also smaller versions such as the SwissTech tool that contain no cutting implements and fit discreetly on a key ring. This can be carried without attention or notice as long as one has not been already flagged as a “troublemaker”. When I was in high school, as a matter of course I kept in my backpack my Icom IC-02AT ham HT, lineman's butt-set, can wrench, a pair of needle-nose Vise-Grips, diagonal cutters, a 6" adjustable wrench, and an allen wrench set. That was in addition to the Buck knife and Swiss-Army knife I carried on my person. I think a student who carried that amount of hardware into school today would be considered some sort of terrorist, and that shows how sad things are these days.
So there you are wondering where to go and what to do. That's up to you. The world (both virtual and real) is your playground, and you can go as far as you dare. Start by visiting your local dollar store. Pick up a cheap notebook and writing implements. I prefer pencils as they are better for drawing schematics and quick diagrams of things. “The Shape” as Gibson called it will reach out and grab you anywhere and at any time. You have to be ready for it. Like all the other elite hackers out there, you'll develop your own shorthand to write down what you find, and what you might be able to do with it. Later on the distilled essence of those notes finds its way into an encrypted textfile on a USB stick. You observe more, play with more things, and learn more. Hacking skills develop into an esoteric and eclectic Shen Ku form. Maybe you'll eventually cross back through the looking glass to re-join the mundanes permanently. Most of you do. The remaining few stay in Atlantis, Galt's Gulch, Oberon's Rest, the Shadow Realms, the Isle of the Dance, or one of the many other places here. Our home has many rooms. Then one day, sitting in a Chinese Restaurant, gazing out the window at the mundanes while eating food so spicy that normal humans are disabled at fifteen feet from the vapors, The Shape will reach out for you and you'll realize that you've become the latest part of a legend that goes back millennia. You've become a technomancer, a modern day wizard colloquially known as a hacker.
Current Location: Shadow Gallery