(Becoming a hacker)
One of the more usual questions I get asked on a daily basis is ‘How do I become a hacker’.
Now, I know what you’re thinking. You’re thinking ‘what’s so unusual about that’. Okay, let me break it down for you. Whilst on the surface it seems like a fairly obvious first question for a budding hacker, it doesn’t really make much sense. Honestly, it doesn’t.
What if I were to ask ‘How do I become an inventor’ … or … ‘How do I invent something’. Can you imagine how you would respond to such a question ? Well… I suppose you could answer ‘Easy, Think of something useful that nobody else has made yet and create it!’ And, yes, that seems to answer the question. But in fact, all you’ve really said is ‘Invent something’… Of course, this doesn’t tell the inquirer what he needs to know which is, how does one go about the process of creativity or unique thought.
So, lets first examine what a hacker is…
Quite simply, a hacker is someone who needs to understand all aspects of a subject first hand. That is, they do not accept what others tell them, only what they can see touch and smell for themselves. This gives them a unique understanding of their subject that others (those that learn purely from books or from lecturers) will never attain. A real hacker can tell you that something which the entire world just takes as obvious is, in fact, wrong. Indeed, when pushed, they can usually demonstrate the fact.
This doesn’t always mean they are necessarily ‘cleverer’ than anyone else… they just have their ‘own’ truth and thus a rather unique perspective of how things do work – as opposed to how they are expected to work.
So, let me throw out a weird statement. You will never ‘become’ a hacker. You either ARE (and don’t realise it yet) or you are NOT (and almost certainly never will be). Let me back that up with over 30 years of observation…
Most of the real hackers I’ve known over the course of my life pretty much were hacking before they even touched their first computer. We’re talking about people who took apart telephones and calculators just to see ‘how they worked’. Even their most favourite and newest toys would quickly be in pieces in order to understand ‘how’ it works… and, sadly, the young hacker may not have the tactile skills to put it all back together again.
As a child I was rushed into hospital by my rather over-protective parents because they’d found me in a pool of cut-open dry-cell batteries crying because of an alkaline-burned tongue. They didn’t understand that it is perfectly NORMAL for a child to want to know what goes on inside a battery… that magical process that makes toys light up or tingles your tongue. The fact that most other 5 year olds don’t seek out sharp objects to break them open with is really not my problem.
I don’t need counselling … the others need encouraging.
Anywhere, where am I going with all this… Oh, yeah…
I don’t want you to ask how to ‘become’ a hacker. Instead, I want you to decide whether you already ARE a hacker. I want you to ask yourself honestly :
- Have I always had a compulsive NEED to know how a thing works –or- am I quite happy to live with an abstraction (ie. Just accept that it does indeed work, and simply have fun using it as intended)
- Is it more fun to play with the toy for 6 months and simply enjoy watching its battery-powered mysteries… or see the inner magic laid bare in 6 minutes as a series of cogs, motors and LEDs – breaking it irrecoverably in the process.
This is an important question. If you’re quite happy with an abstract view of the world… quite happy that pressing record on your VCR causes it to record WITHOUT obsessing about how, why and what is going on inside the case… then, great news… you’re NOT a hacker! So, feel free to stop reading this and go watch some TV or download some porn.
For the rest of us… the unfortunate ones… Those who are hackers and simply cannot help themselves. Please take the time to read the following survival guide.
Hackers Survival Guide
(The missing manual)
For the rest of us, I have compiled a little survival guide. The hackers missing manual if you like…
1. Do not accept other peoples truths
Now, the problem with growing up is that you are put under a lot of pressure to conform. Because of this, and because our school systems find it easier to fill you full of dull lifeless facts rather than take the time to cultivate your inherent curiosity… you’ve probably got used to reading books and repeating other peoples facts in order to pass exams.
That stops here!
If you want to rediscover your inner hacker the first thing you need to do is STOP asking questions… or, more precisely, stop accepting the answers.
Yes, in order to get anywhere in life you have to play the game and recite what others want you to remember. But that doesn’t stop you setting out to prove or disprove any point before accepting it as fact. Nothing is a fact until you have personally discovered and proven it for yourself.
So, did the battle of hastings take place in 1066 ? Well, the answer is ‘Most historians believe so’ … not ‘yes’. It is not an indisputable fact because you were not there. This may seem a little anal, but you MUST not assume ANYTHING… later, when your hacking is put to the test – it is precisely the difference between your first hand knowledge and other peoples blind assumptions which will allow you to perform your magic and prove an entire industry hopelessly wrong.
2. Never rely on assumptions
So, you have discovered for yourself that pressing the record button on the VCR records your favourite TV show. Nothing new there… but if you stop here then you are making the choice to live with an abstraction. You are choosing to accept that everything in life follows simple rules…
ACCEPT NO ABSTRACTIONS
You probably want to be a computer hacker and have maybe even started learning Java, C/C++, Perl, PHP, SQL… Well PAUSE !
Nothing you can learn is worth anything to the hacker until they understand all of the layers of interaction that exist right down to the CPU… perhaps even the internals of the CPU and the simple gate structures it relies upon. Until you can do this then ANY program you create has a fatal flaw… it depends upon an abstract understanding of the universe as a ‘very simple place’… like a VCR, it ‘just works’ ™
Accepting this pretty abstraction as fact means that anyone who understands the machine at a more fundamental level than you do can rip the ground right out from underneath you and let all your carefully constructed code and assumptions come tumbling down like a set of toy building blocks. So, make a choice…
Either accept that the computer is just like your VCR, and write code that just assumes it will always behave predictably (a programmer)… or, realise that the only way you can KNOW what code can or cannot do is by understanding the entire multi-layered machine from the ground upwards (a hacker).
Until you can do that there are NO true facts in your learning… only assumptions.
The same goes for networking. You may understand how to ping, nmap and traceroute… but until you understand the packets, the checksums, the handshakes and the protocols… well, you’re taking one hell of a lot for granted - and everything you believe to be true is in fact very deeply flawed.
You may be considered by some to be ‘pretty hot at networking’ - but you will probably never understand how to walk through a firewall like it wasn’t there… map the machines behind a NAT device… or remotely cause the EIGRP process in a cisco router to crash out and kill the syslog.
You will never perform that special ‘magic’ that makes a veteran IT guy with a lifetime of enterprise security knowledge scratch his heavily bearded chin in disbelief.
3. If it isn’t fun then it’s bad for you
Okay, now this is where you get to complain that it all sounds way too damned difficult. And, yes, it IS difficult at times, but if it wasn’t we hackers wouldn’t enjoy it half so much.
If you don’t enjoy learning things that most people don’t even want to know… if you don’t feel the NEED to understand things down to the tiniest little detail … then you’re really not a hacker at heart and should have been more honest with yourself and stopped reading at the end of the first section. The one entitled ‘START HERE’ … If you had you’d have saved yourself some time.
The real hackers are those who WANT to know… The ones that NEED to know… the ones who don’t like going to bed on an unresolved problem and are uncomfortable with those simple abstract views of the world which others find so easy to accept at face value.
That’s not to say that hackers always enjoy what they’re doing… sometimes it can be very frustrating when you’re trying to resolve something that just keeps hiding from you. But, if your very first thought when approaching a new subject such as… lets see… TCP/IP… is to decide it is all to complicated and looks like too much hard work to bother with then, lets face it, you can’t really say that you have much motivation for challenges.
Which brings me to my last point in the survival guide. Don’t whine on about something being too difficult… If you want to complain then complain about the things that were too easy and didn’t stimulate or challenge you enough.
So, I guess the final lesson is… If learning the underlying nuts and bolts of technology turns you off then take my advice - cut your losses, forget about hacking, and go do something you actually enjoy and/or are good at.
Life is too short for things you don’t enjoy.
(So how DO I become a hacker ?)
Question everything. Believe nothing till you’ve experienced it first hand and proven or disproven it for yourself.
Ask Why? Ask How? And keep asking and asking until you get to the very bottom and there’s nothing left to learn… Then start again somewhere else.
Whether that be understanding transistorised logic that all things rely upon… or the physics principles that electronics itself relies upon… or, coming to an appreciation of the way specific patterns of electrons are ultimately sent hurtling over miles of carefully balanced cabling whenever you hit submit in a web form.
Ask people questions, listen to their answers… and then set out to prove it for yourself. Read books, take everything you can from them and then examine each ‘truth’ offered for validity. Experiment each fact until it BECOMES true.
NEVER accept abstractions. You have no right to simply accept the act of logging on via a telnet connection to your cheap shell account in Mumbai. Not until you know the telnet protocol, the TCP 3-way handshake, the packet headers, the DNS role, the ARPing, the routing, the switching…. Until you can visualise, in your head or draw out on paper - the packets, the segments, the frames, the bits… the wrapping, the unwrapping… the NAT translation… the windowing and the fragmentation and reassembly.
And remember this above all else :
Knowledge is NOT power – no matter whatever many wannabe hackers might proclaim. The ***only*** true power is in the ability to think for ones self.
So, instead, make your OWN way. Find your OWN truths. And by doing so you will discover that the even most knowledgeable among us are taking an awful lot of things for granted. There exists a huge gulf between what a hacker knows to be true… and what the industry accepts to be true… and it is in this discrepancy between personal truth and conventional knowledge that the hacker finds his true power.
http://www.criticalsecurity.net/index.p ... 0&p=183203