Do you want to learn how to hack, but you don’t even know how to code? This post is for you. I developed these slides for a talk I am giving tomorrow to aspiring college students at College Track SF. If you have any feedback or questions, please email me at firstname.lastname@example.org. This talk is also available in PowerPoint and PDF format.
Beyond the ethical and moral reasons, there are very practical reasons why you should follow ethics:
- It’s very easy to be caught. Even the most sophisticated hackers get caught. See for example Kevin Mitnick, Jeanson James Ancheta, and Albert Gonzalez.
- The penalties for unethical hacking are steep. The above listed hackers all spent at least 5 years in prison (Albert Gonzalez is currently serving 20). Also, once you are convicted of a computer crime, it is very difficult to get a job having anything to do with computers. Employers will be scared of you. Furthermore many ethical-hacking jobs (mostly in the government) will require that you take a lie detector test, and they will ask if you have committed computer crimes.
- There are great rewards for being ethical. For example, if you figure out how to hack Google (using ethical techniques) you can tell Google how you did it and they will give you a reward as much as $20,000. There are also lots of high-paying jobs for ethical hackers.
Here are some guidelines on how to be ethical:
- Never hack someone’s system without their permission
- If you identify a way to hack someone’s system you should tell them so they can fix it. Once they fix it, you can publicize your hack and earn respect from other hackers (and employers).
Hacking is fun. That’s probably the number one reason ethical hackers hack. But it can also be very lucrative, as I mentioned in this last slide. This slide tells you how can you make money as an ethical hacker.
Hopefully, you’re dying to know “How do I hack!?” It’s like hot wiring a car. To hot wire a car, you simply cut into the right part of the car, find the right pair of wires, and connect them together. It’s actually very simple once you know how a car works. I would wager that every good auto mechanic knows how to hot wire a car. Once you know how a car works, hacking the car is pretty obvious.
Hacking computers is similar. Once you know how a computer works, hacking is often pretty simple. Hacking only seems mysterious to people who don’t know how computers work. One of my favorite all time quotes is:
Though, I would actually say “Any technology you don’t understand is indistinguishable from magic.” Once computers are no longer magic, you realize they are simply machines that can be manipulated just like any other machine you understand.
Computers talk to each other kind of like the way people talk to each other. For example, I could ask you “What’s 2+2?” (the request), you could calculate that and give me the answer (the response).
Going farther with this analogy, let’s imagine there is a group of people gathered in a room. Every person in the room represents a computer. One person represents a “server,” which is simply a person (or computer) that receives requests, calculates results, and sends them back as responses. All the other people are “clients,” which are simply people (or computers) that give requests to servers.
The one person designated as the server will do math problems for you if you request it. The server can only work on one math problem at a time. The clients take turns asking the server to do math problems.
Let’s think about hacking the server. Is there a way you could crash the server? Could you send a math problem to the server, that clogs it?
If you ask the server “What’s 3278398457234 divided by 93672511″ I bet it would take a very long time for the person to calculate the result. And since the server can only work on one problem at a time, all the other client’s would be ignored while the server is working on that one really hard problem.
You can crash computers like this!
This type of attack is called a “denial of service” (DoS) because it denies other clients access to the service. It won’t always work because a good program will realize it is being overloaded and quit before it gets clogged. But sometimes it works.
Ok, you now know a technique for crashing computers. Be ethical! Don’t go around the web trying to overload other people’s computers. If you want to experiment crashing computers, try crashing your own computer. For example, is there a way you could overload your own web browser? Or could you overload other applications on your own computer?
If you do stumble upon a way to overload someone’s website, send the owner an email so that they can fix it. Once they fix it, you can tell the whole world about your discovery and earn the respect of the world.
I’ve set up a puzzle for you. Can you figure out how to crash my server? Try it out at http://hackerpuzzle.herokuapp.com. If you figure it out, send me an email at email@example.com and I’ll post your name on the puzzle’s Hall of Fame.
Hopefully you’re really excited to start hacking now. Stay out of trouble, and be ethical.
Here are extra tips to go along with this slide:
- Notice: I never said you have to be a genius. There is a myth that hackers are all geniuses. In actuality, great hackers became great through years of practice and study.
- To be a good hacker, you must know how to code. There are several great websites that you can use to teach yourself how to code:
- Knowing math makes you a better hacker. Computer science is mostly based on math, and lots of computer-security techniques are based on math. As proof of the importance of math in hacking, the United States hacking agency (the NSA) employs more mathematicians in the United States than any other company or agency.
- There are lots of hacking challenges on the Web. Just search for them. I should warn you that my hacking puzzle is probably the easiest hacking challenge on the Web, so don’t be discouraged if it takes you a while to start solving other challenges. Just keep learning everything you can about computers and coding, and you’ll get there.