March 4, 2012 By Dan Lohrmann
As discussed in several previous blogs, the term “hacker” can mean many different things to different people. For a large section of the 15-25 year-olds entering the programming world, hacking is a state of mind. To be a hacker is to apply an aggressive approach to attempting new things or to explore the unknown (or untested) with technology in the 21st century. Of course, you can be a “white hat” or “black hat” hacker (good guy or bad guy).
But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people don’t know exist. The hacker hangouts discussed in this blog are not unethical or illegal, but in some cases, it’s difficult to see how some of the materials could be used for good.
But regardless of my perspective, this information is everywhere. We do have freedom of speech in most of the western world and cyber crime toolkits have been for sale for a long time. Our freedoms extend to hacker websites that openly teach readers how to perform acts that the majority in society may frown upon. Still, there are numerous beneficial reasons to hack - especially to test security controls. Under the label of “for educational purposes only,” it is fairly easy for young people to get started as a hacker – with popular sites like Wikihow.com even joining in the fray.
So I thought I’d dedicate a blog to share some information that hackers already know – but the rest of the government technology community may want to think about. This piece is only intended to be a primer for those in the community who have spent little time or effort pondering such things. No doubt, some people learn the skills of the cyber trade at other sites, but hopefully, this is a thought-provoking start.
First stop is at a blog called Hacker The dude which also lists the top ten hacker websites from several years ago. This website also provides detailed hacker information on topics such as the Xbox Live being hacked. Spending some research time at this site is worth the effort with plenty of interesting topics and hacking history.
Second stop is at Hacker Dojo. This is a description from their website:
“For over 2 years Hacker Dojo has been a strong community and a great place to throw hackathons, conferences, classes, movie nights, and job fairs. These events (legally termed our "permission to assemble") are essential to the spirit of the Dojo.
In the past, the City of Mountain View had been more permissive of occupancy limits in buildings; however, due to fire code and Mountain View zoning regulations, our ability to hold large events is hampered and is currently capped at 49 attendees.
Now Hacker Dojo is launching a massive fundraising effort so that we can renovate our building and invite everybody back to assemble again!
We're expecting renovations to cost well over $250,000, and we're very grateful for the community's support.”
SIDE NOTE: After originally posting this piece, I received an update email from David Weekly at Hacker Dojo. He pointed out several things to me, and I revised my words on Hacker Dojo's role and organizational purposes. David wanted me to mention that: "Most people there are learning how to program to create websites, or create companies or contribute to open source projects...."
This does sound like a very noble endeavor to train people and grow relevant job skills, and he even offered me a tour and more to learn more about them. I appreciate the quick follow-up from David. This is certainly a group that fits into the "white hat" side of the world with good intentions.
Still, the name chosen by this group shows the wide variation in the use of the word "hacker" on the Internet. David even highlighted the website hackerspaces.org, which lists many similar professional situations all over the country. Looking back, I may have slightly misrepresented this organization initially based upon their web presence and what I read about them online.
Third stop, a website called Daily Hacking Tips with an article about FUD Crypter. This website is on the list to provide a “darker side” example. (I find it interesting that hacker toolkits and all kinds of software are also available simply by googling words like “hacker toolkits.”) Here’s an excerpt from the Daily Hacking Tips website:
"What Is FUD Crypter?
FUD is acronym for fully undetectable. It is a software that can be used to encrypt your exe files.
What is the use of FUD Crypter?
FUD crypters can be used to encrypt viruses, RAT, keyloggers, spywares etc to make them undetectable from antiviruses.
How Does FUD Crypter Work?
The Basic Working Of FUD Crypter is explained below
The Crypter takes the original binary file of you exe and applies many encryption on it and stores on the end of file(EOF).So a new crypted executable file is created….”
Stop number 4 is Hack This Site.org which boasts over 5000 unique visitors per day and promotes: “A free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.”
My final stop in this blog is over at the US Cyber Challenge with Netwars – the ultimate online game. If you want to try out your hacking skills in a safe, legal way, visit this website and try your hand. This is from the website:
“Netwars is the ultimate online game: an adventure across the Internet. You can play as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other players' scores and your own points scored, live, or on an overall scoreboard."
In conclusion, there are plenty of resources and tools that are available online for free to help learn more about hacking and hackers. It’s worth visiting a few of these sites to test your cyber knowledge and/or begin your hacker “state of mind” journey.
Any other hacker websites to recommend?
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.