Hacker Perspective: 0rbytal
Hackers drive the progress of human civilization. If you look back throughout history at every catalyst in human evolution, you will see that each one stemmed from a hacker: someone or some group who examined the current conditions or situation and let their curiosity guide them to discovering a more efficient solution. Had they kept their discovery to themselves, the isolated benefit might have eventually led to a branching of the human species... but they shared their discovery, thereby benefiting all of humanity instead of just themselves. I have not (yet) provided humans any profoundly beneficial optimization, but I always share my knowledge and experiences with all who are willing to listen.
I was a late bloomer to hacking. Coming from a family heritage of military service, and growing up watching Top Gun, I was planning to become a fighter pilot. That plan changed when I found out I'm red/green color-deficient. This disappointing news encouraged me to pursue another interest: computers. Although I had become intrigued with computers before high school, it wasn't until I approached this fork in the road that the hacker mentality took over for me. Fortunately, taking the road less traveled has led to a more fulfilling life (thus far).
My first experience with a computer was my friend's Apple Macintosh II in 1989. When he got America On Line (AOL), I was introduced to the Internet... I was captivated. Whenever we weren't playing outside, I wanted to explore this magical machine that could connect me to people around the world. I remember wanting to spend as much time as possible playing games on my dad's PC that ran Windows 3.1, exploring the OS, and AOL.
The most significant year that set me on the course to hackerdom was 1995. It was the year Microsoft released Windows 95, the year that dreadfully entertaining Hackers film came out, and the year I found a copy of a book called Masters of Deception in the high school library. When Windows 95 came out, I spent most of my free time exploring the "Easter eggs," the registry, and trying out all the "progs" in the AOL chat rooms. The advent of MP3s shifted my music addiction from physical CDs to a massive digital library. The discoveries of advances in computing through the years only fueled my curiosity...
How does the computer copy the music from my CD into a file I can share with others? How do people create these programs on AOL that allow users to circumvent their terms of service, enabling Instant Message (IM) and mail-bombs, and chat room scrolling? Why do things on the Macintosh look different than on the Windows PC? Are there other kinds of computers that look different from both of them?
Despite the technical absurdities and sensationalized criminal behavior in Hackers, the film was influential for me in several ways. During the opening scene when Dade is flying over New York and the grid of city blocks is made to look like a circuit board, the music playing is Halcyon (+ On + On) by Orbital. This track initiated my love for electronic music (and inspired my handle). I ignored the ridiculous screen effects shown on their monitors and focused instead on the possibilities the film presented. It highlighted the tremendous power hackers have in this increasingly interconnected world. That is what captured my interest and has driven my ambitions ever since.
My first hacking experience was on the TI-83 graphing calculator. A few of my friends shared some games on it, the most popular of which was the game Drug War. One day, instead of playing the game, I decided to look at how it was written. Scrolling through the code, I found the prices of the drugs and formulas used to calculate the profit. I discovered that I could control my payouts by manipulating these numbers! Sure, this was a juvenile exploitation, but it planted the seed of the hacking perspective that has blossomed into the life I enjoy living today.
While in high school, I explained to my father the direction my newfound obsession had taken. He informed me, "The Army has jobs for people to hack government systems so they can improve their defenses." Since military service was 'in my blood,' and I could get a college degree at the U.S. Army's expense (avoiding the crippling debt of student loans), I decided to pursue one of these enchanting government hacking jobs.
In college, I spent a lot of time trying out live Linux distros like KNOPPIX, dyne:bolic, and PHLAK (the Professional Hacker's Linux Assault Kit), when I should have spent more time understanding Object-Oriented Programming (OOP). It took a few tries, but I eventually passed all of my courses required to graduate with my bachelor's degree in computer science. But I distinctly remember one day in my freshman year when I was looking up "how to be a hacker" and I found the most profound, simple, and accurate answer to my inquiry: read and practice. Knowledgeable hackers read; proficient hackers practiced - a lot.
So I went to one of the computer labs on campus and printed out reams of Requests for Comments (RFCs) detailing the technical specifications of protocols. I went to the library and checked out every hacking, programming, and computer-related book on the shelves. The information I absorbed from those pages I have retained better, and found more useful, than 98 percent of everything else I learned in college. And the frequent exploration of the different Linux distros paid off when I needed to recover data and passwords from locked Windows machines.
It was around this time I discovered 2600 Magazine. The first issue of 2600 I encountered was the Fall 2000 issue depicting the person handcuffed, holding a cell phone behind his back. This discovery was equivalent to my introduction to the Internet ten years earlier. There are people out there just like me! I thought. I have read every issue since (even ordered a stack of back issues off of eBay), and I am now a subscriber and contributor to the hacking community.
This was also about the time I attended my first hacker conference: Interz0ne in Atlanta, Georgia. I only attended one day, but it was life-changing. Instead of reading about other curious explorers in 2600, I was, meeting them. Well, sort of... I'm sure my fellow introverts understand my liberal use of the word "meet." But it was awesome to be in the company of other computer enthusiasts and Internet junkies that (like me) just wanted to learn and play with every device and machine they encountered.
For ten years following graduation, I hardly used my computer science degree in my Army job. The greatest benefit I obtained from a degree in computer science was patience. Because I understood everything that was going on in the machine and on the network, I had the patience to wait for the processing queue to clear and become responsive once again - as opposed to the commonly observed reaction of hitting every key on the keyboard and frantically clicking the mouse. This patience allowed me to think critically, and it often produced ideas for solutions and improvements.
Although the Army didn't capitalize on the four years of academia they paid for, I continued to use what I learned in college whenever and however I could. I kept reading 2600, I attended SkyDogCon and GrrCon, and I formed an unhealthy addiction to Reddit that has kept me informed of the continuing advances in technology and tactics. After a decade focused on leadership, the Army sent me to get a master's degree in cyber operations. This time I approached my studies with a completely different attitude than in my undergraduate program... probably because I was finally getting to pursue my passion.
I was getting paid to learn cryptography, digital forensics, reverse-engineering of software, computer network exploitation and defense, system hardening, and security analysis. I was able to do my thesis research on hijacking UAVs. My graduate program was a dream come true and, while getting paid to pursue my passion, I graduated with just under a 4.0 GPA. The main difference between this academic adventure and my undergraduate program is that the Army planned to take advantage of this degree. I have now returned to the city that spawned my love for hacking - to do the job I set out to obtain when my dad first told me about it. The other great benefit of my graduate program is that it prepared me for several certification exams. I was able to pass the Certified Ethical Hacker (CEH) and Certified Information Systems Security Professional (CISSP) certification exams without attending any preparatory course or "boot camp."
I haven't shared my story to recruit anyone for the Army. It has worked out for me - but sacrificing your rights for revocable privileges (which is inherent in military service) is unpalatable for many people. I've learned to deal with it. There are myriad paths one could follow to achieve, or even exceed, the same accomplishments as I have - only without signing any legally binding contracts of service. But narrating my journey here may illuminate some aspiring hackers of one route to "serve their country," obtain diplomas and certifications without spending money on them, or get paid to hack with reasonable job security.
I like to hack. I've set up my own isolated test-network at home (ESSID: "Hacker Playground") with old Windows machines I bought from locals on Craigslist for $20 a system. This network is where I hone my reconnaissance, exploitation, and defense skills, and I've intentionally "protected" it with WEP to allow anyone in the area to hack into it and play around, too. The determined explorers will find a way in and won't quit until they've popped every box on my network.
While writing this article, I was installing Kali Linux onto a USB thumb drive and mistakenly attempted to install GRUB to my laptop's Master Boot Record (MBR). When it failed, I discovered that my MBR was corrupted and I've spent the last week repairing it. I mention this anecdote to illustrate another character trait found in most hackers: perseverance when facing a "road block" on the path to one's goals. Most people would cave in early and just ask/hire one of us to fix it for them. But this article wasn't finished, and I never ask anyone to do something I'm not willing to do myself.
In addition to hacking, I also like to write. So, whenever I come up with a cool idea for a hacking project, I write about it so that when I get enough free time, I can bring the concepts to fruition. Thanks to 2600, I have a platform to share my ideas with like-minded explorers that might manifest my ideas before me - or they may become inspired to make something better. I know it will be creative hackers who develop the "next big thing" that fundamentally changes our way of life.
The latest technological advance that I find most fascinating - and which truly captures the promise of positively changing our world - is the block-chain invented by the creator(s) of Bitcoin. A cryptographer named Satoshi Nakamoto developed a peer-to-peer, consensus-based asset ledger that functions as:
- A digital equivalent of inflation-proof cash.
- A network that allows every person with Internet access to transfer money without going through any financial institution.
- A permanent record of transactions that can function as proof of ownership.
The real treasure of this design is that the hacker(s) released it to humanity as Free Open-Source Software (FOSS) simply explained in a nine-page white paper. This hacker (or group of hackers?) has created a solution that puts the power of money back into the hands of everyone, freeing it from being monopolized and manipulated by central banks and their puppet governments. The ingenuity of Satoshi provided every person in the world the ability to create her own crypto-currency. It rendered money-transferring institutions like Western Union obsolete. It will soon make many professions irrelevant (e.g., accountants, bankers, lawyers, and judges dealing with property disputes).
This is the power of one. Whether it is one hacker, or one group of hackers: one can change the course of humanity. History is replete with examples of hackers that bring about a positive change that benefits everyone. The hacker's curiosity compels him to explore another use, a more efficient method, a clever way, or a novel approach to accomplishing the same, or a different, task. And when that hacker goes on to share his discovery/invention/results, his creation spreads like wildfire across all human consciousness, changing the lives of everyone and inspiring new hackers to do more, take it one step further, and make it even better.
On the other hand is what many can accomplish when working together voluntarily. Just look at the Linux community and the Tor network. The most current example of this aspect of human progress that I see as the next "game changer" is mesh networks. Once we have enough people supporting mesh networks to reach "critical mass," ISPs will become irrelevant and Internet access will truly become a supportable human right.
The developments like crypto-currencies and mesh networks put the power back in the hands of the people (where it belongs), enable more humans access to more information, and provide more resources and a broader platform to facilitate further innovation - creating a positive feedback loop. We live in the Information Age... help humanity get to the next era of human progress by assisting or supporting the developments like these.
Whether you're a veteran or nascent hacker, or just a curious reader, I hope you take away at least three nuggets of advice:
- Read: Watching a video is a shallow, expedient method to rapidly accomplish a trivial task that isn't really worth any deep understanding. Reading the thoughts of those who came before you will inspire you to do better, and it will lead you to genuine understanding.
- Practice: As with everything in life, if you want to be better at something, do it more often! But remember: Practice makes permanent. So ensure you are practicing correctly because habits begin as cobwebs and end up as chains.
- Be Skeptical: Doubt leads to research, and research is the only path to true knowledge. Your curiosity may lead you to validate another's claim, or it may lead to a radical, positive change in the course of human progress. Either way, you will be better off, and so will everybody else. Stay curious - and Hack All the Things!
0rbytal continues to lead Soldiers in the U.S. Army's Cyber Mission Force (CMF), write about his experiences, and give back to the hacking community however he can. Since writing this article, he's developed an addiction for industry certifications (e.g., GPEN, GICSP, GPYC), somehow publish more articles, and may have tricked local security conferences into allowing him to present the content. Feel free to reach out to him on Twitter @0rbytal [starts with a zero].