2

Possible Duplicate:
How can you become a competent web application security expert without breaking the law?

I was reading this article earlier U.S. government hankers for hackers , and wondered how does one train now a days? In the article there is a quote:

"They need people with the hacker skill set, hacker mind-set. It's not like you go to a hacker university and get blessed with a badge that says you're a hacker. It's a self-appointed label -- you think like one or you don't," Moss told Reuters.

The question is, how does one gain the skill set necessary to become a hacker with so many people being busted everyday for smaller things. A person could have the best intentions, and end up in jail. As a site for security professionals, how would you hone your skills from the attackers point of view?

Community
  • 1
FossilizedCarlos
  • 175
  • 7

4 Answers4

4

Once upon a time, some people tried to encourage discrimination between the terms "hacker" and "cracker". There is nothing inherently illegal about "hacking"; if you've ever pulled a toaster apart to see how it worked you've hacked. (Fully legally, so long as it was your toaster).

Likewise, the hacker mindset does not depend upon criminality. It is an openness to new ideas, a willingness to take things apart and to dare to put new things together.

As it turned out, people with this sort of intellectual flexibility were drawn to, and good at, breaking systems, which is why people say "hackers" today to cover that sort of thing. (And why the effort to separate that activity to the term "crackers" failed).

@Robert David Graham and @wax eagle make excellent points. Playing around with things is how you become a hacker, and if you want to play around with security, you can do it with your own systems or with permission and stay legal.

With apologies to @Mike Samuel, there are many classes that teach hacking skills, but there are no classes to teach someone to be a hacker. A true hacker is usually impatient with being taught; it is their willingness to teach themselves that makes them what they are.

(With that said, for the purposes of becoming a talent the gov't would be happy to hire, classes will do you just fine).

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
3

The government is looking for hackers, not trained monkeys.

The way to learn hacking is to learn how things work. Once you know how something works, you know how to break into it.

For example, the most common hacking skill is SQL injection. To know how to inject SQL, you need to know first how SQL works.

Get a Linux distro, like Ubuntu Linux. Get LAMP (Linux-Apache-MySQL-PHP). Setup a website frontend for the database. Now inject SQL into it.

If you can't do that, you can't be a "hacker".

Robert David Graham
  • 3,883
  • 1
  • 15
  • 14
1

It's not illegal to break into your own computers. Try setting up a small closed off network at home and break into it. This way you can develop scenarios and test yourself both on setting up proper security measures and developing ways to get around those measures.

The same is true if you want to play with viruses or other malicious code, basically set up a sand box system or network and play with your creations there. Makes sure that you don't connect infected machines to the internet etc.

wax eagle
  • 111
  • 4
0

Study it in university. A lot of universities have undergraduate classes and graduate research areas in computer security that often include classes on pen-testing and secure software design.

Berkeley, CMU and Princeton come to mind but there are many others.

Mike Samuel
  • 3,873
  • 17
  • 25