Feb 7th, 2008
Why I miss hacking
I have a problem with my two-year old: he keeps getting out of his bedroom. This morning it was 4am and he was climbing over me and my wife, patting us on our heads.
It’s not like we haven’t tried containing him. It started when he wouldn’t go down for naps. As a quick fix I just hooked a bungee cord from his door to the closet door in the hall, which really didn’t work and was probably kind of dangerous.
Next, we bought one of those child-proof doorknob covers. He was quite mad when we first put it on. But after about twenty minutes of silence he came walking out of his room—extremely proud of himself, I might add.
So I pulled out the doorknob and reversed it so the lock was on the outside. After a few days of him crying himself to sleep next to his door, we were sure we had him beat. We thought we were so clever.
Until one day his crying suddenly stopped and we heard the unmistakable creak of his door opening. This two-year old figured out that if he rattled the doorknob enough that the lock would eventually edge its way into the open position. Now he can do it in less than a minute.
People wonder why I have so much security on my home computers. That’s why. I have bred a small group of hackers here.
Some say hacking is something you learn. I say you are born with it. For as long as I can remember I have always tried to hack something in one form or another. I’m not talking about hacking in the sense of theft or greed; I am talking about the thrill of the challenge. It’s no different from the thrill I felt when I first solved a Rubick’s Cube when I was eleven. It’s no different than when I went W at the barrow in Zork I.
Hacking just came naturally to me. Yeah I was a hacker and I was good at it. Not because I wanted to hurt anyone, I just loved the adventure. It made me good at what I do now, at least at first.
It has been years since I hacked anything, at least without getting paid to do it. Now I spend all my time securing things. While many of my friends are still hacking legally now as pen-testers, I have always argued that pen-testing is pointless because no matter how people get in, the method of securing your systems will always be the same. Why not just save the money and skip right ahead to the lockdown?
While this has saved my clients plenty of money over the years, I wonder if I myself am beginning to suffer from skipping the pen-test stage. When you secure things you look at thousands entry points and you narrow them down to just a few. It’s easy to feel secure once you have done that. But when you are a hacker you start with nothing and discover those few remaining entry points. That difference in perspective is so significant that you can never truly know how to secure something until you have gone through the process of breaking it.
More and more I find myself making compromises that I never would have done when I started. I find myself minimizing the impact of minor flaws in a system. I no longer get angry when I see people make dumb mistakes on their servers because I know what I would have exploited that as a hacker. I think I am forgetting all that now.
About a week ago my oldest son told me I should start being a hacker again. I suspect he said that because he wanted to brag about it to his friends. I laughed it off but I have to admit it was a lot like offering a drink to an alcoholic who thought he was recovered.
All these years of not hacking has definitely warped my perspective. I need to dig out all my old scripts and try them out on a real network. I need to see what I can pull off with just a few scraps of information on the target dug up from Google. I need to see how far I can really go on a fully patched server. I need to experience once again what it takes to evade detection.
Ok, most of all, I just miss hacking.
