Hacking started as a prank but has developed over the decades. What started as curiosity in IT systems became the medium of choice for criminals and spies. Hacking is essentially the action of breaking into an IT system. There are many techniques and procedures that hackers use to carry out their objectives.
No not at all! There are several classes of hackers. They include (in simple terms), the good, bad, and the curious. In addition, there are even more classes of hackers which we go over. Many hackers that started out being curious, started to participate in questionable activities that eventually got them in trouble on federal levels.
There are many things to understand before taking part in hacking as there are legal and illegal ways to do it. You definitely don’t want to end up paying hefty fines or serving jail time for just being curious and not taking the time to do it the right way!
Hacking is very very fun. With some self-learning you can learn some offensive (my personal favorite) and defensive skills to name a few. There are purposes for these as well; both in the private and government sectors. Of course you would need to understand all of the basic concepts of computing first so you could fully comprehend what you are doing.
What types of hackers are there?
There are several types of hackers; we will cover the three most common in this article. The main differences between the three are their motivations for using technology in this controversial way. A lot of people think that hackers are evil but that’s not the case.
To be honest, I don’t even like the term hacker; it’s slang and it brings with it a stereotype of a hooded criminal penetrating the defenses of innocents and governments. There are however different types of hackers, and their differences lie in their motivations for doing what they do.
Here are three categories of hackers…
- Black hat hacker
These are the baddies; they are cyber criminals who hack governments, civilians, power grid, and anything else that they want. Some of the main motivations for black hats are monetary, political or social (hacktivist), attacking, blackmail, extortion, insider trading, company downfall, theft of intellectual property, theft of credentials or other sensitive data.
The attacks, methods, and tools they use are many. These guys love to hack and they have a deep understanding of systems. Nation state threat actors, advanced persistent threat (APT) groups, and other hacking groups with different goals are categorized as black hats.
These black hats write malware, deploy it, and offer a tech support package for ransomware (RaaS) or ransomware-as-a-service. There are many illegal activities that black hats are involved in even working as a hacker for hire! You can find hackers for hire on dark web forums and chat rooms.
- White hat hacker
These hackers are also known as ethical hackers. They are the ‘good guys’ and the thing that separates them from the black hats are their ethics and legal scope of practice. Companies, government organizations, and other agencies hire ethical hackers or “penetration testers” to come into their organization and perform risk assessments, offensive testing to breach systems, find vulnerabilities, and recommend fixes to those security holes.
There is a huge market for ethical hackers and the pay generally is very good. Ethical hackers are very skilled at offensive hacking techniques and defensive as well. In order to perform the worst case scenario against that company’s systems, the white hat will have to perform the most common and complicated attacks. This will ensure a successful and thorough penetration test.
- Gray hat hacker
These hackers are somewhere in the middle of white hats and black hats. They are very curious and have mixed morals. They might break into a company without permission but they won’t do anything with sensitive data they come across. They are usually just really curious and want to see what they can do and how far they can get.
This, of course, is illegal because they don’t have the website/IP address owner’s permission to do so. Gray hat hackers can sometimes transform into black or white hats. This is not the recommended hacker to be, rather one should self-educate in a safe virtualized environment.
Can I easily learn hacker techniques to secure my systems?
Yes you can! A lot of students, professionals, and researchers learn this kind of stuff on their own. You don’t have to pay for a college degree to learn hacker techniques. There are several free resources that I love and there are some that are cheap but offer great features! Here’s a breakdown of some great resources available!
- Watch videos
- Visit the security tool vendors websites
- Read technical manuals for tools
When you are ready to go hands-on (my favorite part!), you can deploy your tools on your personal machine or through a virtual machine. Now, depending on what you are trying to do, a virtual machine may be a better idea than your physical computer.
If you are going to be using a large number of hacker tools you will probably want to use a penetration testing operating system like Parrot OS, Kali Linux, or Backtrack. It is very important to note that with these OS’s good Linux skills are required, otherwise you will most likely get stumped.
You use these OS’s through virtual machines or physically on a computer; here are the ways you can access a VM.
- Download OS virtual image from developers website
Once you do this, you should download the matching virtual machine interface for virtualization/cloud computing. You can choose Oracle Virtual Box, VMWare, or Hyper-V. I would recommend watching some videos and reading up on how to use virtualization software. It can get confusing and frustrating if you don’t know what you’re doing.
The advantage to doing it all yourself from scratch is that you can learn along the way. I will say that it can get painful if you keep running into issues so keep this in mind; have extra time to troubleshoot.
From here you can make yourself a virtual lab with multiple VM’s; one attacker and multiple victim systems where you can perform security related tasks. Using the proper tools, one can actually see the effects the security tools are having against the victim machines.
- Pay a membership to access the VM’s/labs through a web browser
Another popular option is to pay a membership fee which is usually cheap, to an organization to host the VM’s through their hardware. I pay about $20 for mine every month but I have access to all sorts of labs and instructions.
You access these VM’s through your web interface; they usually have a decent speed and the footwork has been done for you already. These are much easier to start because you have almost no setup steps to accomplish.
If you are in a hurry to start learning and don’t care about learning about virtualization then this is the choice for you. Some popular learning websites are Testout.com, TryHackMe.com, HackTheBox.com, Offensive Securitie’s PWK (penetration testing with Kali Linux), and VulnHub to name a few.
Learning this subject matter is fun however, there are certain things you must be very careful of. Anyone can learn in a safe environment without fear of legal action; you just have to seek these learning avenues out. Some things to keep in mind before practicing any of the tools and techniques are:
Always ensure you have the owner of that IP address, network device, or domain give you specific permission if you want to perform any security related function on those mediums. If the answer is no then you need to avoid touching that stuff at all costs.
Someone who is doing hands-on for learning shouldn’t do it out in the wild, rather they should do it in an environment that was designed for learners.
Ask yourself what the goal of what you are trying to do. If it is to test credential security then absolutely don’t test it on a website that’s not your own. Understanding what your goals are will help you determine what your needs are as a learner.
Once you have determined that, then you can decide if what you are wanting to execute will require a VM, permission from a site owner, or your own network device. A clear cut goal will help you in multiple ways in the long run!
This is the most important one. As you are picking things to learn and practice hands-on, ask yourself, “what effect will this have on the system I am doing this on.” Will the system break, become so misconfigured that they fail to work, damage any attached storage devices, bring down servers, delete accounts, are just some of the questions you need to ask yourself.
Learning security is very fun. Just remember to follow these guidelines and be safe!