Learning Computer Security through the Confessions of a Hacker
I am not a hacker in the legal sense. Hackers are people who break into other people’s personal data and use it for their gain. It is true that I hacked into company networks, but I never used the information to gain anything. Still, I spent five long years in federal prison.
My hacking career began with ‘phone phreaking’ as a pastime to keep myself entertained. Soon I graduated into hacking itself. The challenge was exciting and the success exhilarating.
Moreover, hacking was not illegal in those early days. Many pioneers in the software industry were doing this as a hobby. Anyway, I never intended to use the data for amassing money or for any other wrongful purpose. I continued to pursue my hobby even after the first anti-hacking laws were passed.
As I acquired more and more experience and knowledge on the subject, I became a pro. It was like an addiction – knowing fully well that it is illegal, but still enjoying it and refusing to let it go.
Hacking was always considered devious, but it never crossed my mind that I will end up in jail one day for this. Nobody ever bothered to tell me that what I am doing is not right. Like today, morality regarding computer use was not given due importance. With computer becoming common and popular, this is taught to children at school now. Today, the stringent laws also help to deter people from straying into this felonious world unknowingly.
Individuals are not the only culprits in this. Many times, it is the slackness of the companies that lead to hackers breaking into their data. Companies are bound by law to perform security audits and do necessary corrections to make their system foolproof. Definitely, all companies are doing the security auditing. However, very few are taking them seriously and taking action to set right the problems discovered. In my new role as a security consultant, I have seen this happen so many times.
After serving time, when I was released, the government approached me to testify before Congress that the security of government computer system is not infallible and is very much penetrable. After the initial restrictions of the release were over, I started my second life as a computer consultant. Assessment of security, evaluation of products and training of personnel are my areas of expertise.
As a hacker, I was doing something illegal, but exciting. Now, I am doing the same thing, but with the backing of authority. When companies engage me to do security evaluation for them, I am asked to hack into their site to check its vulnerability. From my viewpoint, I am still a hacker. However, in this role, I am helping companies instead of harming them. It is a winning proposition for both the concerned parties.
Recently, my web site was hacked, but the perpetrators left empty-handed, as the site did not have any valuable information. Still it was embarrassing for me to have my site hacked. However, the blame for the security breach should go to the company hosting my site and not me or my site. As a security consultant and former hacker, I lost my face over this issue.
Hacking is one of the rare professions were the same work can be seen in either way – as a villain or a hero. Choose the legal one, which allows you to hack with authority.