As discussed in several previous blogs, the term “hacker” can mean many different things to different people. For a large section of the 15-25 year-olds entering the programming world, hacking is a state of mind. To be a hacker is to apply an aggressive approach to attempting new things or to explore the unknown (or untested) with technology in the 21st century. Of course, you can be a “white hat” or “black hat” hacker (good guy or bad guy).
But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people don’t know exist. The hacker hangouts discussed in this blog are not unethical or illegal, but in some cases, it’s difficult to see how some of the materials could be used for good.
But regardless of my perspective, this information is everywhere. We do have freedom of speech in most of the western world and cyber crime toolkits have been for sale for a long time. Our freedoms extend to hacker websites that openly teach readers how to perform acts that the majority in society may frown upon. Still, there are numerous beneficial reasons to hack - especially to test security controls. Under the label of “for educational purposes only,” it is fairly easy for young people to get started as a hacker – with popular sites like Wikihow.com even joining in the fray.
So I thought I’d dedicate a blog to share some information that hackers already know – but the rest of the government technology community may want to think about. This piece is only intended to be a primer for those in the community who have spent little time or effort pondering such things. No doubt, some people learn the skills of the cyber trade at other sites, but hopefully, this is a thought-provoking start.
First stop is at a blog called Hacker The dude which also lists the top ten hacker websites from several years ago. This website also provides detailed hacker information on topics such as the Xbox Live being hacked. Spending some research time at this site is worth the effort with plenty of interesting topics and hacking history.
Second stop is at Hacker Dojo. This is a description from their website:
“For over 2 years Hacker Dojo has been a strong community and a great place to throw hackathons, conferences, classes, movie nights, and job fairs. These events (legally termed our "permission to assemble") are essential to the spirit of the Dojo.
In the past, the City of Mountain View had been more permissive of occupancy limits in buildings; however, due to fire code and Mountain View zoning regulations, our ability to hold large events is hampered and is currently capped at 49 attendees.
Now Hacker Dojo is launching a massive fundraising effort so that we can renovate our building and invite everybody back to assemble again!
We're expecting renovations to cost well over $250,000, and we're very grateful for the community's support.”
SIDE NOTE: After originally posting this piece, I received an update email from David Weekly at Hacker Dojo. He pointed out several things to me, and I revised my words on Hacker Dojo's role and organizational purposes. David wanted me to mention that: "Most people there are learning how to program to create websites, or create companies or contribute to open source projects...."
This does sound like a very noble endeavor to train people and grow relevant job skills, and he even offered me a tour and more to learn more about them. I appreciate the quick follow-up from David. This is certainly a group that fits into the "white hat" side of the world with good intentions.
Still, the name chosen by this group shows the wide variation in the use of the word "hacker" on the Internet. David even highlighted the website hackerspaces.org, which lists many similar professional situations all over the country. Looking back, I may have slightly misrepresented this organization initially based upon their web presence and what I read about them online.
Third stop, a website called Daily Hacking Tips with an article about FUD Crypter. This website is on the list to provide a “darker side” example. (I find it interesting that hacker toolkits and all kinds of software are also available simply by googling words like “hacker toolkits.”) Here’s an excerpt from the Daily Hacking Tips website:
"What Is FUD Crypter?
FUD is acronym for fully undetectable. It is a software that can be used to encrypt your exe files.
What is the use of FUD Crypter?
FUD crypters can be used to encrypt viruses, RAT, keyloggers, spywares etc to make them undetectable from antiviruses.
How Does FUD Crypter Work?
The Basic Working Of FUD Crypter is explained below
The Crypter takes the original binary file of you exe and applies many encryption on it and stores on the end of file(EOF).So a new crypted executable file is created….”
Stop number 4 is Hack This Site.org which boasts over 5000 unique visitors per day and promotes: “A free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.”
My final stop in this blog is over at the US Cyber Challenge with Netwars – the ultimate online game. If you want to try out your hacking skills in a safe, legal way, visit this website and try your hand. This is from the website:
“Netwars is the ultimate online game: an adventure across the Internet. You can play as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other players' scores and your own points scored, live, or on an overall scoreboard."
In conclusion, there are plenty of resources and tools that are available online for free to help learn more about hacking and hackers. It’s worth visiting a few of these sites to test your cyber knowledge and/or begin your hacker “state of mind” journey.
Any other hacker websites to recommend?
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.