Congratulations, you’ve just entered an elite league in the world of information technology. The Hacker Class. This power can be used for both good and evil, and you should be aware of the consequences before you proceed any further.
In this article, we will explore the some history and the basics of hacking and discuss the different types of hacking, the skills and knowledge required, and the ethical and legal considerations that young hackers should be aware of, as well as some productive and lucrative ways to use this talent.
What is hacking?
The term “hacking” is usually associated with malicious intent and criminal activity, but it’s much deeper than that. And significantly more complex. Throughout human history, right and wrong were straightforward concepts reinforced from the authority of religion or the state. Hacking in itself is a grey area, a nonbinary in a world of ones and zeros, rights and wrongs, black and white.
Arguably, hacking predates modern computing as a hack can be the use of a technology, tool, or concept for a purpose that it was not intended. The roots of hacking goes back to the innate human need for exploration, our inherent innovation and our desire to colour outside the lines. In the 70s and early 80’s, telephone hackers employed a technique called phreaking to exploit how the phone system worked to get free calls, in an era where that was quite expensive and this cost telecoms companies millions of dollars in lost revenue. Not all examples are bad, however. Throughout history, chefs and amateurs alike have employed culinary hacking techniques to transform traditional dishes into modern inventions, or to create new ways of improving traditional cooking. Pranksters have exploited building hacking, or the use of unauthorized utility tunnels or channels to execute some of the most infamous pranks in history, like placing a police car on top of a MIT University building.
It’s both a talent and a mindset, and a power that can be used for good or evil.
A computer hacker is someone who knows about computers and the underlying technologies, and can colour outside the lines to accomplish things that others simply can’t. For young hackers, the world of technology and computer systems is full of exciting and challenging opportunities to explore, learn, and create. Whether you’re interested in finding new ways to use technology to improve people’s lives, or you’re simply curious about how things work, hacking can be a rewarding and fulfilling hobby or career.
Types of Hackers?
Black hat hackers are cyber criminals who intentionally breach systems without authorization. Black hat hacking is defined as trying to obtain unauthorized access to computer systems. Once a black hat hacker discovers a security flaw, they attempt to exploit it, frequently by inserting malware such as a trojan or a virus.
White hat hackers are ethical cybersecurity hackers who identify and patch vulnerabilities. White hat hackers strive to find system flaws so they may be fixed and ultimately strengthen a system’s overall security. They hack into systems with the consent of the businesses they hack into, and are paid for this service.
While grey hat hackers might not have the same illegal or malevolent intent as black hat hackers, they typically lack the authorization or permission of the organizations whose systems they are hacking into. However, grey hat hackers don’t completely exploit weaknesses they find, such as zero-day vulnerabilities; instead, they report them. Grey hat hackers, however, may request compensation in exchange for full disclosure of what they discovered.
Black and Grey Hat hacking are certainly not free of consequences and two resources that any talented individual needs to be aware of in Trinidad and Tobago is the Computer Misuse Act of 2000, and more importantly the proposed Cyber Crime Bill of 2017.
Under this proposed bill, there are some severe penalties and fines, and a little mischief can result in a lot of trouble.
Hacking and the law?
Illegally accessing a computer system can cost you three hundred thousand dollars and three years’ imprisonment. That’s just for unauthorized access to a computing device. If you remain connected to that system and peruse data you’re looking at another one hundred thousand dollars and another year imprisonment added. Going a step further and editing or deleting data would add yet another one hundred thousand dollars and another two years imprisonment.
Illegally acquiring data, or sharing data/receiving data with knowledge that it was illegally acquired can cost you one hundred thousand dollars and two years’ imprisonment. Note here that this penalty also applies to sharing that data, being the sender or recipient.
If you illegally interfere with a computer system that can cost you one hundred thousand dollars and two years’ imprisonment. This penalty also applies if you are with someone at the time they are performing this crime.
Attacking critical infrastructure – which is very broadly defined, carries a penalty of two million dollars and fifteen years imprisonment.
These are just some examples extracted from the proposed bill, but several other cases are documented, such as forgery, fraud, identity theft, writing software or code to break any of the mentioned laws, sharing personal media without consent, email attacks, cyberbullying, extortion and more. The proposed bill also covers seizure of all equipment as well retrieving records from Internet Service Providers.
Interestingly, the proposed bill also empowers the Police to remotely run forensic tools on suspected persons once a Magistrate approves. With advanced forensic software in the market today, this means that the state can potentially collect vast amounts of data from suspected cybercriminals without any trace of this activity.
In addition to the penalties and imprisonment, there are clauses to empower the court to compensate the victims of cybercrime, and to execute forfeiture orders on property belonging to convicted criminals to facilitate this compensation.
These are just local penalties. A cybercrime committed against international persons, companies, or infrastructure carries the risk of being arrested by Interpol and potentially being extradited, tried and imprisoned internationally. With the global costs of cybercrime at over $8B US Dollars in 2022 and projected costs of over $23B by 2027, it is clear why the pursuit and prosecution of cybercriminals is a top priority for governments globally. It’s also why the field of cybersecurity is growing with more opportunities for talented professionals who choose the right side of the law.
With all the fines, jail time, victim compensation, loss of reputation, reduced employability, potential travel bans and blacklists, it seems pretty risky to choose the dark side.
On the other side of that coin, the path to white hat hacking and cybersecurity is much more forgiving and significantly more lucrative, and there is a world of sandboxes, hackathons, and communities for hands-on immersive experiences into hacking. Some of the more popular resources are:
Hack This Site (also known as HTS) was founded back in 2003 and is considered one of the original players in the hacktivist sphere started by a group of curious individuals. See https://www.hackthissite.org/
CTF365 is a hands-on training ground for security professionals, and it’s a great place to go for pen-testing challenges. See https://ctf365.com/
Hack The Box is a massive online community that offers a subscription based hacking playground, and infosec community of over 1.7m platform members who learn, hack, play, exchange ideas and methodologies. It’s an online cybersecurity training platform that allows individuals, businesses, universities, and all kinds of organizations all around the world to level up their offensive and defensive security skills through a fully gamified and engaging learning environment.
There is a limited feature free tier available. See https://www.hackthebox.com/
Careers in hacking or becoming a Cybersecurity Professional?
For those seeking to pursue a career in the cybersecurity arena, an interesting statistic from the US Bureau of Labour shows that CyberSec professionals have median salaries that are 12-15% higher than other related information technology fields and with the right certifications, skills and experience it is possible for this to be significantly boosted.
Some relevant industry certifications that are widely accepted include:
CompTIA Security+ : This is an entry level certification that establishes core knowledge and concepts for most cybersecurity jobs.
GIAC Security Essential Certification (GSEC): This entry-level credential is a great cybersecurity certification for beginners. The designation moves practitioners beyond basic knowledge, equipping them with the tactical skills to occupy IT systems roles that navigate active defence, cryptography, defensible network architecture, security policy and web security.
Certified Ethical Hacker (CEH): This certification provides cutting-edge training on the most current trends in hacking for security professionals and covers everything from the basics of ethical hacking to solving real-world hacking challenges across platforms, systems and networks.
Certified Information Systems Security Professional (CISSP): This is a more intermediate or advanced certification aimed at security professionals who have significant experience in designing, implementing, and managing security programs, and it can help individuals advance their careers and increase their earning potential.
One thing to be cautious about, though is the sharp increase of non-recognized or non-accredited bodies offering fake industry certifications that are completely worthless and are just an elaborate scam. You should carefully research your options and seek advice from trusted persons in the industry.
Some career paths for young hackers include:
- Penetration tester or ethical hacker, where they test the security of networks and systems for companies and organizations.
- Security analyst, where they monitor and analyse security threats and vulnerabilities.
- Cybersecurity consultant, where they advise companies and organizations on how to improve their cybersecurity defences.
- Incident responder, where they investigate and respond to security breaches and incidents.
- Forensics investigator, where they use digital forensics techniques to investigate cybercrime and gather evidence.
- Cybersecurity researcher, where they conduct research on new security threats, vulnerabilities, and technologies.
Hacking is a complex and multifaceted field that can be used for both positive and negative purposes. If you are a young hacker, it’s important to understand the consequences of your actions and to develop your skills and ethical foundation for good rather than evil. With the right education, skills and experience, you can become a valuable contributor to the field of cybersecurity and make a positive impact on the world, while earning a highly competitive salary. Seems like a no brainer to me.