“Playfully doing something difficult, whether useful or not, that is hacking.”
~ Richard Stallman
There is a very distorted image regarding hackers and hacking among the general (i.e. non-programmer) public. Mostly, it has been influenced by Hollywood, news media and pop-culture. People normally associate it with some sort of black magic using computers, that enables one to get facebook login details and steal credit cards in a snap.
Some popular movies that have spread this misinformation include Wargames (1983), Swordfish (2001), and the Angelina Jolie starring Hackers (1995). Even journalists use the term ‘hack’ to exclusively refer to cybercrime. As a result, the mere mention of the word raises eyebrows and suspicion.
The real definition is far wider than this narrow sub-domain of electronic crime. Read on to understand the real meaning and a brief anthropological overview of hacking.
Definition
There is nothing immoral or unethical about hacking. Hacking has a purely orthogonal relationship with morality. Just because you can use a knife to kill someone doesn’t make it a crime to use it in the kitchen. Nuclear scientists are not criminals just because nuclear bombs can potentially annihilate humanity. It is necessary to separate the moral aspects before attempting to understand the true definition.
What exactly is meant by hacking is a topic that is open for endless debate. Different domains have varying definitions. There is no official organisation standardising hacking. Hence, I will refer to a few particular definitions that capture the essence of hacking in a wider context, taken from the jargon file:
- A person who enjoys exploring computer systems and pushing their capabilities.
- An enthusiastic or obsessive programmer.
- An expert or enthusiast of any kind. Digital marketers often use the ter growth hacking, for example.
- One who enjoys the intellectual challenge of circumventing limitations.
Origin and the early years
There is no single point in history that can be called the beginning of modern hacking. I personally think Leonardo DaVinci and Nikola Tesla were hackers too in their own right.
But the main development that spurred the growth of this culture lies in the introduction of electrical computers. Hackers found the ultimate toy to tinker with that gave them infinite possibilities.
Some of the early programmers realised that their expertise in computer software has grown to become a passion. The hackers were distinct from programmers coming from an engineering or physics background, in the sense that, for hackers, programming was not merely a profession.
Hackers made many important contributions to the development of software and networking technology. Their experimentation with computer and software led to the acceleration of the growth of computing.
The hacker mindset
An interesting thing to note is that the different domains of hacking, be it programming, AI or security, all share a common mindset.
- Creating software and sharing it with each other.
- Placing a high value on freedom of inquiry.
- Hostility to secrecy.
- Information-sharing as both an ideal and a practical strategy.
- Upholding the right to fork.
- Emphasis on rationality.
- Distaste for authority.
- Playful cleverness.
Hacker ethos
There are certain unwritten principles that Steven Levy has attempted to codify in his seminal book, Hackers: Heroes of the computer revolution:
- Access to computers and anything that might teach you something about the way the world works should be unlimited and total.
- All information should be free.
- Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, position or gender.
- You can create art and beauty on a computer.
- Computers can change your life for the better.
Inside the world of hackers, the only thing that earns respect is skills, knowledge and creating hack value. Hack value refers to things that are interesting and worth doing as well as intellectually challenging.
Security hacking
With regards to the domain of computer security, hackers are often classified into white hats, black hats and grey hats.
White hats are those who mainly participate in constructive activities, like building security testing tools. White hats normally don’t break security without prior permission. They follow a strict code of conduct and remain within the legal boundaries. It’s a common ethic among white hats to not make any of their exploits public until the the company has successfully patched the vulnerability.
Criminal hackers or cyber-terrorists are often called black hats. They have no regard for law enforcement. Nowadays, there are organised cybercrime groups that build botnets and malware. They are often in the news for stealing credit card information and breaking into private data.
Grey hats are a controversial bunch. It’s hard to classify them as being ethically right or wrong. They may participate in corporate espionage if they get paid for it, but they may also disclose vulnerabilities in a responsible manner. But even if their intentions aren’t bad, breaking into a corporate network without permission is still considered illegal. Thus the ambiguous nature of their activity.
Famous grey hat groups include Anonymous and LulzSec. Many of their exploits, while technically illegal, seem to have good intentions. The problem is there is a lot of grey area with regards to what is right and what is wrong. If Anonymous hacks a corporation to expose a fraud, it’s technically illegal, but even the corporation itself has broken the law in this case.
It’s a constant cat and mouse game between black hats and white hats, with the grey hats quietly sitting on the fence, ready to plunge on either side. The most interesting thing is that they all often use the same tools. Kali Linux, for example, is used for both cyber attacks as well as penetration testing.
Hacker communities
Hackers are often found in closely knit communities. Since the overall number of hackers in the general population are few and far in between, they tend to congregate in organised groups. There are many well known hacker communities and places where they meet, commonly known as hackerspaces.
Some examples of hacker groups include the Chaos Computer Club (CCC) of Germany. It’s the largest association of hackers across Europe. They came to the limelight when their members successfully cracked the finger-print lock of Apple’s iPhone.
Homebrew Computer Club was another well-known hackerspace situated in Menlo Park, California. It played an influential role in the microcomputer revolution and the rise of Silicon Valley. Apple also owes its humble beginnings to this place.
What it takes to become a hacker
One of the best guides on learning a hacker in the truest sense of the word is found at How To Become A Hacker written by Eric Raymond. I will recommend reading the entire document, but for now, I will summarize the main points under basic hacking skills:
- Learn how to program: Raymond recommends learning languages of different programming paradigms, namely Python, C/C++, Java, Perl and LISP, in that order. He recommends learning like an apprentic, rather than just books and courses. Read good code, write good code. Read some more, write some more.
- Use an open-source UNIX like Ubuntu: It’s the universal tool for hacking and the operating system on which the Internet was built.
- Learn world wide web and HTML: So you are able to publish your findings on the web.
- Learn functional English: Since it is the common language of hacking across cultures.
Hacking in any domain requires a lot of perseverance and patience. It’s not like the movies where you can crack passwords just by typing a single command into an animated screen.
If you want to follow the footsteps of hackers, you need to understand that it’s an infinite path. Be ready to dedicate a majority of your life learning about the ins and outs of computer and inter-networking technology.
Notable hackers
The wizards
These are people who have made a ground-breaking contribution to the field of computing. They are often ranked in the highest category of hackers by the open-source community. Most of them are creators of a programming language, operating system or have made significant open-source contributions.
This list, according to my personal (and thus subjective) opinion, includes:
Richard M Stallman Founder of GNU and Free Software Movement.
Linus Torvalds Original developer of the Linux kernel and git version control system.
Ken Thompson Designed and implemented the original UNIX operating system.
Dennis Ritchie Co-creator of the C programming language and UNIX.
Eric S Raymond Contributed to the Emacs editor, free software advocate and author.
Steve Wozniak Co-founder and the engineering brain behind Apple Computers, and one of the notable electrical engineers among hackers.
Larry Wall Creator of the Perl programming language.
Guido van Rossum Creator of the Python programming language.
Bill Joy Co-founder of Sun Microsystems.
Gaming and computer graphics
John Carmack Founder of id Software and creator of Doom and Wolfenstein 3D series of games. He is widely known for his innovations in 3D graphics. Currently, he works with Occulus VR.
Security and Cryptography
John Draper One of the legendary early hackers, he discovered that a toy whistle packaged in boxes of Cap’n Crunch cereal emitted a tone at exactly 2600 hertz — the frequency that AT&T phone lines used to indicate that a trunk line was available for routing a new call. He used this exploit to make free calls from public telephones.
Jon Lech Johansen Norwegian programmer involved in decrypting the DVD content scrambling system, enabling Linux users to play protected DVDs.
Adrian Lamo had been widely covered in the media for breaking into Yahoo!, The New York Times and Microsoft, leading to an arrest in 2003.
Lamo also reported U.S. soldier Chelsea Manning for leaking sensitive documents to WikiLeaks.
He is known to have provided vulnerability assessment for several large organisations for which he refused any payments.
Kevin Paulsen Former black hat hacker turned journalist. He once hijacked all of the telephone lines for Los Angeles radio station to guarantee that he would be the 102nd caller and win the prize of a Porsche.
George Hotz Known for developing a jailbreak tool for iOS. He also reverse-engineered the PlayStation 3 and subsequently got sued by Sony.
Hacktivists
Julian Assange Former grey hat hacker and founder of WikiLeaks.
Edward Snowden Hacktivist and whistle-blower who leaked classified information. His disclosure revealed that telecommunication companies were cooperating with the NSA in their global surveillance programs.
Social Engineering
Kevin Mitnick Leading expert on hacking human psychology, which he believes to be the weakest link in any secure system. Below, he demonstrates a social engineering hack, live at the DEFCON hacker conference.
Aaron Swartz: American programmer, hacktivist and entrepreneur. He is best known for being the co-developer of RSS and Markdown, and co-founder of Reddit and Creative Commons. He started the non-profit Demand Progress to protest against Stop Online Piracy Act.
Aaron hanged himself before he was about to be imprisoned on grounds of grossly exaggerated charges of cyber-crime. He was posthumously inducted into the Internet Hall of Fame.
Joanna Rutkowska A polish security researcher, known for discovering an attack against the Vista kernel, Blue Pill rootkit and evil maid attack.
She specialises in low-level security, operating systems, virtualisation and stealth malware.
She is also the co-creator of a security focussed OS called Qubes OS and founder of The Invisible Things Lab.
Parisa Tabriz Popularly known as the security princess of Google. She is a director of engineering as well as the head of browser security for Google Chrome.
Forbes magazine had named her in the list of 30 under 30 in the technology industry in 2012.
Aseem Jakhar One of the foremost Indian hackers. He presented a Linux thread injection toolkit called ‘jugaad’ at DEFCON 19.
He is also known for founding null, an open community for security hackers which has chapters across India.
Jakhar has also started an IoT hacking conference called hardwear.io
Rahul Sasi Perhaps the most well-known hacker from India due to his continued presence at the biggest security conferences. He broke into the scene when he discovered a vulnerability in phone banking IVR. Currently he is the co-founder and CTO of CloudSek, a risk management platform-as-a-service.
Jamie Zawinski is an American computer programmer who has contributed to Mozilla and XEmacs, besides the early versions of the Netscape Navigator web browser. Even without a college degree, he has worked as a researcher at Carnegie Mellon University and UC Berkeley.
The list is endless and by no means comprehensive. I have only included names whose track record had impressed me and who have made a mark in widely different areas of hacking.
Summing up
If you have read this far, I think you should be able to understand a bit about the subculture of hacking and the common thread that bind all hackers. We need to understand that even many of the black hats didn’t break into systems to steal data or make money off it. Hackers are attracted to what is forbidden or whatever seems impossible or difficult. It’s more about the sheer intellectual challenge rather than material gains.
Further reading
Hackers: Heroes of the computer revolution by Steven Levy
Hackers and Painters by Paul Graham
Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier by Assange and Dreyfus
The Art of Deception by Kevin D Mitnick
Masters of Doom by David Kushner
How To Become A Hacker by Eric S Raymond
