For most people these days, the word “hacking” conjures images of nefarious intruders attempting to gain illegal access to financial institutions, corporations, and private citizens’ computers for theft and profit. Exploitation of unsecured computer systems, cloud services, and networks make headlines daily, with large breaches of private consumer information becoming a regular event. Various studies predict the impact of global cybercrime, with one estimate from Cybersecurity Ventures predicting damages to exceed $6 trillion dollars by 2021. The impact of this is felt all over the world, with organizations rallying to protect their data, and spending over $80 billion in 2016 on cyber security.

 

There does remain some differentiation in the hacking world between “good” and “evil” and a variety of moral postures in between. Each of these terms being subjective and dependent on the point of view of the person using them, of course. There are the “good guys” – white hat hackers, and the “bad guys” – black hat hackers, and gray hats in-between. Terms and labels attributed to the traditional indicators of good and bad in Western movies and cowboys.

 

Tracing its Origins

 

Hacking in its infancy wasn’t about exploitation or theft. It also didn’t have anything to do with computers, necessarily. It was a term used to describe a method of solving a problem or fixing something using unorthodox or unusual methods. MacGyver, from the 1985 television show of the same name, was a hacker. He used whatever he had available to him at the moment, and his Swiss Army knife, to “hack” his way out of a jam.

The modern sense of the word hack has its origins dating back to the M.I.T. Tech Model Railroad Club minutes in 1955.

 

              “Mr. Eccles requests that anyone working or hacking on the electrical system turn off the power to avoid fuse blowing.”

 

There are some positive uses of the word in modern society, the website Lifehacker as one example, showing people how to solve everyday problems in unconventional, totally legal ways.

 

Captain Crunch

 

Early hacking took shape with tech-savvy individuals like John Draper, aka Captain Crunch, attempting to learn more about programmable systems, specifically phone networks. Coined “phreaking” at the time, these guys would hack the public switched phone system, often just for fun, or to learn as much as they could about them, and even for free phone calls. John Draper’s infamous nickname Captain Crunch was derived from the fact that a toy whistle found in Cap’n Crunch cereal, emitted a 2600 Hz tone that was used by phone carriers to cause a telephone switch to end a call, which left an open carrier line. This line could then be used to make free phone calls.

 

There were many such exploits on older telephone systems. In the mid-80’s I used to carry a safety pin with me at all times. Why? To make free phone calls. I didn’t understand the mechanism of how this worked at the time, but I knew that if I connected the pin end to the center hole of a pay-phone mouthpiece, and touched the other end to any exposed metal surface on the phone, often the handset cradle, you would hear a crackle or clicking noise, followed by a dial tone, and you would then be able to dial any number on the phone, without putting any money in it.

 

Later I would learn that this was due to the fact that older phone systems used ground-start signaling which required the phone line to be grounded to receive dial tone. Normally this grounding was accomplished with a coin inserted into the phone, which controlled a switch that would ground the line, but my method using a safety pin did the same thing.

 

I’m assuming of course, that the statute of limitations has run out on these types of phone hacks…

 

Hacking Motivation

 

Phone phreakers like Captain Crunch and even his friend Steve Wozniak (yes, the Woz) later on would develop these techniques further to hack the phone system and more often than not, for relatively harmless purposes. Draper cites a number of pranks they pulled through their phone hacking that included:

 

  • Calling the Pope to confess over the phone
  • Obtaining the CIA crisis hotline to the White House to let them know they were out of toilet paper
  • Punking Richard Nixon after learning his code name was “Olympus” when someone wanted to speak with him on the phone

 

Draper would eventually get caught and serve jail time for his phone escapades, but what he had done wasn’t done for profit or malicious reasons. He did it to learn how phone systems worked. Nothing more.

 

Kevin Mitnick, arguably the world’s most infamous hacker speaks in his books and his talks about the same thing. His adventures in hacking computer systems were done mostly “because he could” not because he thought there would be any big payoff from doing so. He found it a challenge and wanted to see how far he could get into some of these early networks and systems.

 

Hacking for the IT Professional

 

For the modern IT professional, hacking continues to hold a few different meanings. The first is the thing you must protect your network and your information from – malicious hacking. The next might be your approach to solving problems in non-traditional ways – hacking together a fix or solution to an IT problems. The next might be exposing yourself to the methods and techniques used by the black hat community in order to better understand and protect yourself from them – arguably the white hat hacking.

 

IT staff, especially those with responsibility for security can and should learn, practice, and develop some hacking skills to understand where their main vulnerabilities lie. How do we do this without getting arrested?

 

Over the next several posts, I'm going to discuss different options that you have, as the everyday IT pro, to learn and develop some practical, real-world hacking skills, safely and legally.

 

That said, I will offer a disclaimer here and in subsequent posts: Please check your local, state, county, provincial, and/or federal regulations regarding any of the methods, techniques, or equipment outlined in these articles before attempting to use any of them. And always use your own private, isolated test/lab environment.

 

Remember how much trouble Matthew Broderick got himself into in WarGames? And all he wanted to do was play some chess.