How to Become a Hacker in 24 Hours
by XCM
I must have been 17 years old. In the space of a few weeks, I had developed a morbid obsession with cryptography.
I had spent some time devouring a couple of books I had found on the topic; which was quite an esoteric one at the time in my town.
At the first opportunity, I would stop by the local bookshop to avidly rummage on the shelves in the meager IT section. Having been in the exact same shop just a few days earlier was not a reason to deter me from trying my luck.
As I grabbed a copy of a book that caught my attention, the very same book I had quickly scanned earlier that week, I heard a voice behind me.
"I want a book that teaches how to become a hacker."
I don't know how resolute that statement was. However, fast-forward twenty-something years, I still remember that moment as if it was yesterday.
It is not uncommon nowadays to sense a similar level of excitement in those who decide they want to become hackers.
Perhaps more precisely, today many enthusiasts are still fascinated by their very personal ideas of what a hacker is. An idea that has maybe shifted considerably over the last half century.
The challenge, in my opinion, is that at times it is easy to assume there is a clear, proctored path to follow to become a hacker.
Like reading a book.
I personally believe that, depending on each individual interpretation of what makes someone a hacker, the answer on how to become one might or might not be found in a book.
In 2020, literature on the subject is surely much vaster and at least in part of great quality, compared to the days of my misadventures in the local bookstore.
Cybersecurity is now at the forefront of prime time news and it is ubiquitous. Apparently the world will soon implode as all the professionals working in cyber will ultimately retire and nobody else seems to be bothered with embarking in this obscure profession.
For the reasons above, a great deal of attention has been directed at training the new generation of hackers and cyber pros.
This is great news. However, as I sensed in that bookstore 20 years earlier, I have mainly observed the usual recurring approach: focus on tools and techniques and forget about understanding the technologies or human weaknesses that the tools are meant to exploit.
Memorize the OWASP list of vulnerabilities and know which scripts to use to exploit them. Don't worry about understanding HTTP, PHP, SQL, or Linux.
More broadly, just focus on attacking computer networks with such tools rather than, say, opening up the old robot vacuum cleaner and re-purposing the multiple motors found inside.
To put it bluntly, the format and approach of most books on security only add fuel to the fallacy of the fast lane to becoming a hacker.
Whereas I agree that learning to use scripts and other software to poke at a host can surely be a captivating starting point, it is a methodology which will sooner or later disappoint in its shallowness.
Moreover, if not assisted by the necessary background research, intuition, and creativity, this can generate a false and dangerous sense of proficiency.
Would you get operated on by a surgeon who knows the tools but does not have much understanding of human anatomy and medicine?
We must convince the new generation of security pros and hackers to focus on building, over time, the necessary understanding of technology and human psychology. Also, more emphasis should be placed on developing critical thinking, problem solving, and people skills.
If my child ever shows interest in what I do for a living, I will try and point out that if they work towards developing the right talent and understanding, they might eventually achieve what it takes to be a successful hacker, chef, doctor, or whoever they will want to be.
In the meantime, I would tell them to just keep questioning and tinkering. Be aware that your choices along the way might make this a very long journey.
Nevertheless, it can be amazing, exhilarating, and extremely rewarding.