December 2017

S M T W T F S
     12
34 5 6789
1011 12 13141516
1718 19 20212223
2425 2627282930
31      

Page Summary

Style Credit

Expand Cut Tags

No cut tags

December 22nd, 2005

jarandhel: (Default)
Thursday, December 22nd, 2005 08:11 pm
You never really realize how much you've changed till you reach a point in your life when things have come full circle again and you confront the beginning of your path from a new and more informed perspective.

I'm not sure exactly when I got the idea I wanted to be a hacker, or where I got the idea from. I know it was at some point early on in highschool. Maybe it was simply that so many people seemed to assume I already was one that it just looked like something I would fit into. All I remember for sure is that, at some point, I started actually looking into it seriously. I wanted to learn how to be a hacker.

I know, fairly early on, I came across the Kevin Mitnick story. I remember ordering from my public library system the books Takedown by Tsutomu Shimomura, and The Fugitive Game by Jonathan Littman, though honestly at this point I can't recall which one I enjoyed more. While reading one or the other of those books, I know I started keeping a notebook; the first notebook I'd ever kept on a non-academic subject, I believe. I may have even gotten the idea from something mentioned in one of the books about Mitnick, though at this point my memory is not clear enough to be sure of that. I kept in that notebook a great deal of information. Unix commands that were mentioned, even though I'd never even seen a unix system. Default passwords. Usernames. Important websites that had been mentioned. I remember I found quite a lot that interested me at the time that I felt was worthy of writing down for future reference. In retrospect, I'm not sure I'd feel the same way. I kind of wish that I could go back over that notebook and review what, exactly, was there. I got rid of it years ago, though, when I thought I had grown out of my desire to be a hacker like Kevin.

I do know that my interest (and my notes) grew from there, though. I watched the movie Hackers and taught myself the good info it contained (such as the names of some of the rainbow books) as well as the bullshit. I watched War Games in much the same way. I started to search online for more information. I found some very nice sites, real repositories of info, even if most of it was just in text files. I kept every one of the addresses for those sites written down in my notebook, rather than bookmarked, along with a small description of what was on the site. In many cases, I came to memorize the urls for the best sites. And my notebook was growing. Entire pages were devoted to common passwords, common usernames, default login/password combinations on various systems... even systems I had never heard of outside obscure references in one book on a famous hacker or another. Most people would probably never have bothered writing them down, after all these were well-known security vulnerabilities, obviously places would have fixed them by now. But I caught on fairly early to one simple fact: the weakest point of security on any system is the human one, and default login/password combos are defaults because they're simple and easy to remember. That's always going to make them attractive from a human perspective. And, in fact, eventually that paid off for me. On a popular free email provider, I decided to try a bit of brute-force hacking with just the default login/password combos from various systems. I got into two separate accounts. Three, actually, since one of them was forwarding mail to a third account on another free email provider with the same username and password combo. I never did anything with this information other than look at some of the mail that had already been opened (I was being very cautious so as not to even mark an email read that had not been and thus leave evidence that I had been there), though I did make the mistake of sharing it with someone else who went on to delete everything in the accounts. Needless to say, the passwords for those accounts were rapidly changed and I no longer have access to them.

At another point I also have trouble pinpointing, I gave up on hacking. I believe I was still in highschool, or recently graduated. But it really just lost its appeal for me. Breaking into systems started seeming less and less like a worthy goal. Cracking software, even, seemed petty when confronted by the growing Open-Source movement that were rapidly working to duplicate functions of high-priced software for free on many environments. Why download a warez version of Photoshop 5 and have no reliable way to update it in the future when you can download programs like the GIMP for free, even on Windows platforms?

And slowly, over the years, I've stopped even thinking of people like Kevin as hackers. More and more, they've become crackers in my mind. So they can break into people's accounts... there are automated programs that can do as much using dictionary attacks. I've started looking at a different group as the real hackers. Programmers, going back to the original sense of the word. Modders. Virtual Adepts. All the people that really work to understand a system and make it better, not just to find the cracks in it and exploit them for their own gain. The people that create things, more than they work at taking things that others have created.

I'm not saying there's no room for a gray area. Increasingly, there is. Wardriving is one gray-hat thing I'm very much in favor of... the mapping of free/unsecured wireless access points. More and more, wireless bandwidth is becoming a precious resource and it can be invaluable to know where you can get that resource for free rather than having to pay ridiculous sums for a few hours access that costs the distribution point nothing. I recently made use of such an open network to contact a friend and get directions to a party I was attending in October that I was late for. And I regularly make use of such a network to get internet connectivity for my laptop during my (ironically) Computer Networking and Security class. (No, the open network isn't from my school.) But I don't abuse that access by hogging bandwidth or doing illegal things on their network.

Which kind of brings me to how things have come full circle for me. It's about ten years since I first decided I wanted to be a hacker, and learned the story of Kevin Mitnick. I've come a long way since then. I've used Unix (through OS X) and recently tried out some forms of Linux, I've learned some programming, I'm taking classes in computer networking and security, I've reached the point where I can comfortably build my own computer, and in general I understand a lot more about computer security and related concepts than I did then. Today I watched the movie Operation Takedown. It's (somewhat loosely) based off of the story of Kevin Mitnick as portrayed in the similarly-titled book by Shimomura, one of the men who caught him. And it struck me, rather powerfully, how much my perception has changed. I no longer idolize Kevin as I once did. I can respect his skills, particularly with regard to social engineering, but ultimately of the two figures I find I can identify far more at this point in my life with that of Shimomura. And of the two, Tsutomo Shimomura is the one that I would now consider to be a hacker in the true sense of the word.

I want to be a hacker again....