The two paths we could take as hackers

The mere mention of hacking/hacker in everday conversation surfaces stories of the Target breach and the Sony leaks, despite the word having a long history of being used correctly and in the right context. These days it is more apt to prefix other words to hack so we have context ? Foodhack, Bushack, Keyboardhack, and the ever popular Lifehack are far more suitable.

It is all about context, and most people’s culturally sanctioned dictionary definition of the word hack is that of Stan in Swordfish breaking into DoD mainframes using a bespoke worm program that he coded in his spare time. We all have that perfect Kinkade chocolate box vision of a hacker in their nerd cave crafting worm code that can take down governments, banks, and the economy in one fell swoop. Sadly these Kinkade scenes look all too actual in malware hotspots like The Ukraine/Russia where people are given inordinate amounts of free time to master the stack and possibly, given the right circumstances, create distinguished, clever malware that, could put an entire team of people in a 9 to 5 job position coding the same malware to shame. I am not specifically saying Russian hackers are capable of this: it happens anywhere an individual has chosen the life (an esoteric phrase you see in places like HackBB which refers to copious amounts of time programming and learning systems).

There are two possible outcomes from the life. I chose Option One below, because option two is frankly too terrifying to even ponder, or consider. (More on option two later).

Option one: Get rich slowly and legitimately

There is no point in wasting time on Reddit looking at GIFs all day if you are not doing anything productive with that. There is only so much lulz to be had online, and despite the limitless amount of distractions available; I can assure you these distractions get tiring very quickly. The next logical step is to leverage how much content you consume for the purposes of financial gain. If you really enjoy GIFs, the natural opportunistic urge to create your own GIFs will follow. Before you know it, you are selling the GIFs in GIF marketplaces, or printing the GIFs out frame by frame on (hopefully) cheap paper, then selling the GIF frames as art to people with more disposable income than you. You might not be Rich Uncle Pennybags, but you are getting rich slowly and hopefully squireling your Internet dollars away in a savings account for a rainy day. A playful hacker spirit combined with some business acumen is a wonderful thing! Note: If GIFs are not your thing, there are boundless opportunities for creative types in places like Dribbble and Github where you can flex your hacking muscles and get rich slowly. You might not be earning Mr. Monopoly style income like those at Snapchat and Facebook, but you are earning some money in a tried and tested way that has worked for millennia. And yes, you can import your natural hacking inclinations into the creative arts. All the best hackers I know are artists pushing the envelope of their creative abilities and thinking of novel ways to use things beyond their intended function.

Option two: Get rich very fast (and possibly go to jail)

The Internet is awash in vulnerable software and services, sitting there exposed like a sitting duck ready to be owned. The terrifying fact of the matter is that script kiddies will happily throw commands at these services and send carefuly-crafted packets to them without a care in the world. Usually a script kiddie will get spooked by a news story of a bust, or learn a bit of sense. But that Machiavellian spirit sometimes remains, and script kiddies can and do grow up. The natural progression of being a script kiddie is pulling off every blackhat hacker’s fantasy: Owning a bank, or uncovering a database of sensitive information. Doing so does not discount the fact that it is hard and requires mastery; but doing so is illegal and frankly terrifying to even ponder getting caught.

If you have natural hacker inclinations like myself, the thought of getting rich very quickly will cross your mind at some point. We are all born with the ability to hack and I don’t ascribe an elite mentality to hackers. Hacking can be seen as an approach to systems, and not a mindset. When it comes to breaking and entering; this comes with the territory of systems design; the more you know how systems work, the more you have an obligation not to sabotage your own moral compass with thoughts of untold treasure troves of sensitive information and e-money. I get sweaty holding a €50.00 note in my hand. The thoughts of untold millions in my (unlawful) possession through means of a bank hack is scarier than the act of hacking a bank. Money is nice and affords freedom, but it is not the ultimate yardstick of having made it in life. Even still, there is the prospect of jail and living in fear for your entire life because that money is not yours.

Tip: Option one is preferable here. Earn your money legitimately and slowly please.

Tip: Make sure to watch The Grugq’s talk above if you want to challenge your assumptions about opsec.

Disclaimer: This article is for educational purposes only and is a guide only. If you are into infosec, you should get into consulting for large companies doing pentesting and earn money that way. I chose not to get into pentesting because other avenues opened up for me in terms of freelance web design and the creative arts. It is the best decision I ever made.

Also Noteworthy:

Blocking Zuckerberg With uBlock

One of the neat features of the popular AD-Blocking tool uBlock Origin, is the ability to remove annoying ADs at the HTML level. So for example, any arbitrary HTML element can be nuked with a simple point and click mechanism. This is great for stealth ADs that somehow manage to appear on a page despite every effort by uBlock to remove ADs. Some ADs are very crafty and circumvent uBlock. Take for example this image of a smiling Mark Zuckerberg which greets me every time I log into Facebook:

With a simple screen grab tool called Licecap, I managed to capture how I abolished Zuck from my Facebook once and for all using uBlock:

Nuking Zuck

I have nothing against Zuck, I just think better mechanisms should be in place to show me ADs that are actually relevant to my interests. I’m not a ‘hoodied hacker’ looking to make it big in Silicon Valley. I also don’t own a car, AND I have zero need for restaurant booking apps:

Annoying ADs

Occupation & Vocation

Vocation = Doing what you love, and doing it often.

Occupation = Doing what you hate, and doing it sparingly.

Recreation = Doing what excites you, and doing it in moderation.

A New Angle

This is my new blogging setup. This could be a lot better and it probably should have used SSL/TLS/HTTPS from the outset, but the older one (blog.higg.im) would have been too hard to switch over.

Aside from issues with migrating the old blog to HTTPS, the older blog was getting way too hard to operate on a VPS because of flooding attacks, and other internet noise hitting the APEX / raw IP used to serve the site. It could take some battering as it was on high availability NGINX, but it could easily be booted offline (I ran stress tests to prove this).

It is 2016 and still whole IP ranges are being DDOSd to death for no apparent reason. I don’t think I was targeted directly, but instead whole clusters of machines were being targeted and I just happened to be caught up in it. Luckily this domain (higg.so) is on Cloudflare so I hope to take out entire classes of attacks this time and be more resilient.

The old blog was proxied through MaxCDN as another measure to make the site antifragile. Most people were hitting MaxCDN edges when they arrived at my site, so generally the DDOS’n was not my main concern.

I moved away from Ghost and onto Github ‘Jekyll’ Pages which is a nice rudimentary way of setting up a statically hosted blog. I took the advice from various folks on Twitter and needed to get away from my VPS solution. I think VPSes have their place, but it’s like bringing a gun to a knife-fight these days. If I was a team I would most certainly be suggesting a VPS, but for a one man show like myself doing freelancing, the last thing I want is to be stepping into a Bash shell and debugging NGINX config files when I have deadlines to meet, and shit to sell.

I’ll be keeping this blog online for as long as is humanly possible, and trying to keep the posts a bit simpler and more appealing to a wider audience. I treat everything I do as an experiment, and if it works well, I grow it and expand on it. The old blog was brilliant while it lasted and some posts were very popular, but if anything it was a way to practice what it felt like to really blog like a pro and I also learned a tonne from doing so.

I’ve scaled down operations on my main gig (Enginn Solutions) and have branched into other areas. I’m going to try and import the knowledge of my main gig into smaller projects and hopefully try to keep complexity at bay too. The Internet is moving faster than I can keep up with these days and I need to try and assimilate what’s happening. Perhaps The Net is in control now and dictates where things are going, but I still feel like I have something new to say and I still think the enterprise of the web is far from complete. Infact it has only started to really take off in recent years and it can only get better.