What does it take to become a hacker?

[coolred]

No I'm not talking about writing viruses and other nefarious activities. I am thinking more along the line of a white hat hacker. Is this something that can be easily picked up with practice? What exactly does it involve? I know you can use a lot of already made programs to help dig into a system, but what else do you need, maybe a networking background, good OS knowledge, what about programming? Also is someone trying to learn this at 22 at a big disadvantage to the kids that have been doing it since they were 12? Or with the right knowledge can someone be just as good if not better?


On another note is anbody here involved in anything like computer forensics or something similar?

 

[jinduy]

a hatchet

 

[Rufio]

a white hat too.

 

[Pokey007]

Originally posted by: Rufio
a white hat too.

Agreed

 

[Rufio]

oh yeah
and a computer.

 

[Nocturnal]

You need to first, watch the movie hackers. Then start using a Macintosh.

Do you honestly think you're gonna get a serious answer here? Why would you want to become a "white hat" hacker? If you're interested in computer security, go take a course on it at your local community college or at your uni if they offer it.

Also there are tons of books at Borders on comuter security, hacking etc. Go buy a book and read up on it.

 

[CyberCowboy]

Originally posted by: Rufio
oh yeah
and a computer.

don't forget the keyboard and monitor.

how about social engineering and dumpster diving?

 

[coolred]

I do plan to take security related classes.

ANd yes I did for a brief second I did think i would get at least a couple people to give me a serious answer. I now know that that was just too much to ask out of the rest of the people here.

 

[Rufio]

Originally posted by: CyberCowboy

Originally posted by: Rufio
oh yeah
and a computer.

don't forget the keyboard and monitor.

how about social engineering and dumpster diving?

go download the ANARCHIST's COOK BOOK!!

Or JolLy ROger!!!

 

[Tab]

Ethics and programming, networking skills.

 

[coolred]

Oh and the reason I want to be a white hat hacker is just because I think that would be an interesting job. I have no need to write virus' and mess with everyones computers. I would liek to help prevent this.

Hence the reason ia lso asked about computer forensics. That too also sounds interesting to me.

 

[Descartes]

I perform vulnerability analysis as a consultant for companies, and I wrote my own software that coordinates a multitude of scanners and aggregates their results. I'd say you need a background in absolutely everything, especially programming, but there are many who operate without such knowledge (albeit in a neutered way, imo). I don't think any university/votech course would be of any value; however, there are courses from FoundStone, SANS, etc. that would be worthy.

It's a huge subject, so you can't exactly describe what's required in a single post. If you have any specific questions for me feel free to PM.

 

[Nocturnal]

Like I said, go to school, get proficient in networking and programming. That's a start.

 

[Descartes]

Originally posted by: coolred
Oh and the reason I want to be a white hat hacker is just because I think that would be an interesting job. I have no need to write virus' and mess with everyones computers. I would liek to help prevent this.

Hence the reason ia lso asked about computer forensics. That too also sounds interesting to me.

Personally, I distance myself from the label "white hat" or "hackers", because its meaning is so esoteric to the industry that it elicits nothing but fear and confusion from everyone else. I prefer something simple, like Security Analyst.

Yes, forensics is a bit part of it as well. Depending what capacity you actually get to operate you could be doing everything from physical security to forensics.

 

[Descartes]

Originally posted by: Nocturnal
Like I said, go to school, get proficient in networking and programming. That's a start.

That would take a LOOOOOONG time if his goals were to simply work in security. Something more focused would be of better value unless he considered programming to be of vital importance to his goals. Like I said, a lot of analysts simply coordinate the use of tools readily available and analyze their output. There's nothing wrong with that, and it takes little skill beyond simple scripts.

 

[tomwolfman]

it takes a strong sense of antiestablishmentarianism and a desire to piss people off

 

[Rainsford]

I know I'm out of line in this thread providing a REAL answer, but I guess I'll have to live with that

Right now I'm involved in a government program with my university to work on computer security for the government. I am learning quite a bit in this program, but to be honest, so far I've learned far more from two main sources. The first is real job experience. There is a lot you can't teach and wouldn't even think to try and learn if you hadn't experienced it first hand. I've done several IT internships and during that time, although it wasn't my primary job, I picked up a lot of knowledge of what security problems exist, and over time, how to fix them.

Secondly, I know quite a bit from experimenting on my own and just trying to learn all I can because, and this is the truth, this is a field where if you aren't interested, you aren't going to be very good at it. Actually that's true of most things, but with computer security you are trying to counter the "hackers" who have a very big interest in this topic, so you better care just as much about this stuff as they do.

Which brings me to another point. Networking knowledge is good, and it's absolutely necessary to know the OS you are trying to secure inside and out, but unless you want to develope your own security tools, programming is not really necessary. Computer security is more IT than engineering (movies to the contrary). I'm studying computer engineering as part of this security program, but it's not really necessary to be good at the security end of things. This whole Hollywood idea of some dude typing madly at a keyboard to break encryption on the defense network is not exactly the real life picture of security people. Security is about good planning, well thought out policies, and effective implementation. That stuff is more important than the low level technical knowledge.

Edit: After reading other posts, I feel I should put a qualifier on here that I am interested in more of the higher level planning and implementation than specific issues in security (ie, designing good TCP packet filtering software). I don't mean to say that programming isn't necessary, more like it isn't really necessary for what I want to do. But it will be nice to have if I ever do end up needing it I guess

 

[silverpig]

According to 60 minutes you just gotta download kazaa.

 

[Ameesh]

Originally posted by: Descartes
I perform vulnerability analysis as a consultant for companies, and I wrote my own software that coordinates a multitude of scanners and aggregates their results. I'd say you need a background in absolutely everything, especially programming, but there are many who operate without such knowledge (albeit in a neutered way, imo). I don't think any university/votech course would be of any value; however, there are courses from FoundStone, SANS, etc. that would be worthy.

It's a huge subject, so you can't exactly describe what's required in a single post. If you have any specific questions for me feel free to PM.

Like Descartes, i also have done quite a bit of work in the arena of systems penetration and vulnerablity analysis. You defintely need to be a good programmer and you need to have knowledge of how Operating Systems work and how network protocols work at a minimum.

we need more detailed questions to get better responses.

 

[merlocka]

D0N'T U N33D 2 T4LK L1K3 TH15 2 B3 4 H4X0R5?

 

[alkemyst]

I love these 'How do I become a hacker' people lately.

I was a so-called hacker during the 80's-90's....before the internet was the internet yet it was still navigatable and interesting...

I found Apple ]['s in a lab one day....then my dad got me a //e...then I programmed color programs, sounds, etc....found out about modems....then gfiles (I think)....that lead me to tymnet then Lutzifer, QSD, tchh, Altgiers...phone bridges....boxing....

A hacker is sort of a mindset of playing with the hardware or software.

Some hackers just do security stuff, some do hardware tricks, some can't even use PC's that well.....

Basically whatever you want to hack you just sit down with it and play for hours and hours, night after night....and then you discover exploits, workarounds, etc....it gets addicting esp when you figure out something new.

Many hackers whether 12, 22, 40 just started with no knowledge and a book or text file/web page and kept going.

Å

 

[loup garou]

Slutty clothes, condoms, a pimp named Eduardo...oh wait....

 

[Descartes]

Originally posted by: alkemyst
I love these 'How do I become a hacker' people lately.

I was a so-called hacker during the 80's-90's....before the internet was the internet yet it was still navigatable and interesting...

I found Apple ]['s in a lab one day....then my dad got me a //e...then I programmed color programs, sounds, etc....found out about modems....then gfiles (I think)....that lead me to tymnet then Lutzifer, QSD, tchh, Altgiers...phone bridges....boxing....

A hacker is sort of a mindset of playing with the hardware or software.

Some hackers just do security stuff, some do hardware tricks, some can't even use PC's that well.....

Basically whatever you want to hack you just sit down with it and play for hours and hours, night after night....and then you discover exploits, workarounds, etc....it gets addicting esp when you figure out something new.

Many hackers whether 12, 22, 40 just started with no knowledge and a book or text file/web page and kept going.

Å

Perhaps, but this isn't a question of what philisophically constitutes a hacker; rather, the idea of a white hat has a specific vocational connotation in the security industry today.

 

[alkemyst]

Originally posted by: Descartes

Perhaps, but this isn't a question of what philisophically constitutes a hacker; rather, the idea of a white hat has a specific vocational connotation in the security industry today.

The question was "What does it take to become a hacker?" not Security Consultant.

There are a ton of Security Consultants that do a great job, but not the same as one that is a hacker and just plays with the crap day in and day out.

I didn't see anything asking connotation or whatever.

You want to be a security expert or any expert get alot of books and read, find mentors, read anything you can find on it....play with the stuff over and over again until your eyes ache, sleep and start again....trust me if you are of intelligent mind you will be an expert and by the method to get there a hacker...but you cannot stop at that, you have to keep going as things ESPECIALLY in security are changing everyday.

There is a big difference in what someone says a hacker is and what a hacker says one is, the same thing of how they got there.

Å

 

[coolred]

Yes I know I probablly shouldn't use the term hacker, but I wanted to make sure everyone knew what i was talking about. I am planning to get a degree in networking. I do plan to lean towards security types of classes though. Even if this isn't needed for what I am considering, its just something extra I would like to have.

This whole Hollywood idea of some dude typing madly at a keyboard to break encryption on the defense network is not exactly the real life picture of security people.

I must admit I didn't really think this was what hackers did, but it did get me wondering what exactly they do do, and if it involved a lot of programming or whatever. I am not adverse to learning programming for when i amy need it, but I definately do not want to get too deep in that area. I do think I would be interested doing this type of work, so hopefully I would be good at it. I just wanted to know where to start, and thank you to everyone who helped me with this.