8

I am interested in information security, and I want to be a "hacker." I want to write hacking tools, make viruses, and other stuff...

For me, programming botnets are a lot of fun, but how can legally I earn a living through the creation of nefarious applications?

Mark Buffalo
  • 22,498
  • 8
  • 74
  • 91
iUuax
  • 101
  • 6
  • 25
    Maybe you could apply for a job at the NSA? – martinstoeckli Nov 13 '15 at 20:26
  • 2
    ... or other nation-state information agencies (f.ex. if you don't live in the US getting a job at NSA won't be quite easy). – SEJPM Nov 13 '15 at 20:27
  • 8
    [*Hacker* is not considered a criminal word for many programmers](http://www.techrepublic.com/blog/it-security/hacker-vs-cracker/). Instead, it is considered someone who like to play and poke around systems and tools to understand them better. Within the lingo it would be *cracker*, someone who breaks into computer with nefarious intentions. White hat hacker and black hat hacker also come to mind reading the question, so maybe you'd like to search them up – Francisco Presencia Nov 14 '15 at 00:59
  • 17
    @martinstoeckli - no, OP would still be a criminal then, just an *unpunished* one. – Tom Zych Nov 14 '15 at 01:44
  • 5
    Have the semantics among outsiders drifted so much that people don't realize that "hacking" has *nothing* to do with security cracks? It looks like the OP really wanted to ask "Can I make a legal living as an author of malware?" The answer is "yes -- that's what a certain type of security research is focused on". But its not the most fun work in security research, once you learn your way around. – zxq9 Nov 14 '15 at 03:16
  • Of course you can! Just follow a few guidelines and a SWAT team will not plant their boot on your neck at 3AM: [**Certified Ethical Hacker**](http://www.eccouncil.org/Certification/certified-ethical-hacker) [**White Hat Hacker**](https://en.wikipedia.org/wiki/White_hat_(computer_security)) – MonkeyZeus Nov 14 '15 at 02:49

4 Answers4

16

There are many ways you can be an "ethical hacker." Here are a few that come to mind:

  1. You can write malware that helps catch the bad guys. Who the "bad guys" are may depend on who you're working for, and what your beliefs are. This may be a gray/black area to some.
  2. You can write malware so you can understand how it works, and then defend against it. The best anti-virus authors are those who understand how to actually create malware.
  3. You can get paid to find bugs in programs developed by large corporations, but this isn't generally "creating" malware; it's just finding security holes, of which people could use to inject malware.

Just because someone creates malware doesn't mean they're going to use it against others. For some, just understanding how it works is enough. Not everyone involved in information security is out to hurt someone.

Mark Buffalo
  • 22,498
  • 8
  • 74
  • 91
  • 4
    "The best anti-virus authors are those who understand how to actually create malware" -- although note that while the best arson investigators of course are those who know how to set fires, the opportunities to actually do so are limited to test environments ;-) – Steve Jessop Nov 13 '15 at 23:57
  • 2
    @SteveJessop For some people. :p – Mark Buffalo Nov 14 '15 at 01:56
  • 1
    Number 1 is basically criminals deluding themselves that they are some warriors of justice. Really, these people are more annoying than regular blackhats. And what they are doing (usually directly harming innocent people) is usually worse than blackhats trying to hack a bank. – Davor Nov 14 '15 at 12:23
  • @Davor: true, but even outside the realm of hacking you can say that about certain police departments. So it's not uncommon for people to have difficulty finding and agreeing the right lines to respect. – Steve Jessop Nov 14 '15 at 13:16
  • @Davor If they're hacking people for fun, true. Sure, I'll agree with that. But if they're really, truly going after the bad guys, then I honestly support them. – Mark Buffalo Nov 14 '15 at 16:15
  • @SteveJessop - the problem I have with this is that no. 1 sounds like one of those "to catch a predator" types, not LEA in the fist place. – Davor Nov 14 '15 at 17:11
  • @MarkHulkalo - the problem here is that "bad guys" is completely subjective. Even Hitler thought himself the good guy. – Davor Nov 14 '15 at 17:13
  • @Davor Hence why I wrote, "This may be a gray/black area to some." – Mark Buffalo Nov 14 '15 at 17:18
  • Penetration testing is another one. The people who contribute to projects like Metasploit are typically regarded as "good guys". – DoubleD Jul 24 '19 at 19:33
2

You can get paid for finding vulnerabilities in software and web sites, that hackers could potentially exploit. For example, see here and here.

mti2935
  • 19,868
  • 2
  • 45
  • 64
1

One becomes something by doing that particular kind of thing. In other words, one becomes a hacker, not by reading and talking about hacking, but by actual hacking. Likewise, one becomes a criminal by committing crimes.

Therefore, it is clear that one might hack without committing crimes. So yes, one can be a hacker without being a criminal.

GGMG-he-him
  • 1,045
  • 8
  • 12
Francis from ResponseBase
  • 160
  • 3
0

The Italian company Hacking Team has job openings for hackers, see here:

Hacker / Developer

Developers design new features, develop them and polish our software to perfection. Hackers find out how to overcome the original design of objects, hack into them and uncover all their secrets. You have to be both, and the more you know, the better. We need a person with a strong technical background, able to deeply understand how devices and software work and to hack them. At the same time, you should be confident with lean programming and know how to structure code to fit into an enterprise scale software.

We only accept candidates with an unstoppable will to learn!

Depending on the area of development preferred knowledge is: C++, Objective-C, some x86 or ARM Assembly, Ruby or Python, ActionScript or reversing skills. Design Patterns and Agile Programming are a must. Work location is Milan, Italy, and on site presence is a plus.

Count Iblis
  • 228
  • 1
  • 5
  • 4
    Ethically speaking, working for them is arguably even worse than working for the NSA or GCHQ, as they [sell](https://en.wikipedia.org/wiki/Hacking_Team#Human_rights_implications) exploits to some of the worst regimes in the world. – A.P. Nov 14 '15 at 15:28
  • 4
    -1 That's really bad advice. You seem to ignore that the Hacking Team has a terrible reputation. Not only they have been labeled as an enemy of the Internet by Reporters Without Borders for the reasons @A.P. wrote, but also they let themselves be victim of a massive data breach due to their ridiculous security practices: http://attivissimo.blogspot.ch/2015/07/lo-spione-spiato-hacking-team-si-fa.html (in Italian, you can automatically Google Translate it in English). – dr_ Nov 14 '15 at 17:08
  • 1
    @dr01 the question is about working in this field within the law. Hacking Team is subject to Italian law. Whether or not one should have ethical objections is another question. Note that ethical objections can lead someone to do something that is illegal, take e.g. the actions taken by Edward Snowden. So, if one for argument's sake accepts his arguments, then you would say that what he did was ethically justified while not doing what he did would be unethical, but he still broke the law. So the ethical perspective and the legal perspective are not always compatible with each other. – Count Iblis Nov 14 '15 at 20:43