"Learn How to Learn" - And: I Hacked My First Computer!

This is mainly a story about my personal experience. However, it also fills a space that is under-served: much information is available for hacking guides, but not much for total newbies.

First an update on the basics of hacking and my newbie experience.

Not knowing exactly what I am getting into on my learning curve to hacking I am starting out by applying some First Principles of learning.

First Principles with examples

• First First Principle: the proper attitude. In a nutshell, I would describe this as an attitude opposite to everything you learned in compulsory education. Or even more concisely: follow your heart. Elaboration deserves a separate, dedicated post.
• "Learn How to Learn": When I heard this phrase for the first time it changed my life. Up until that point learning to me meant memorizing a bunch of boring facts and making it a goal to do the minimum amount of work necessary. Afterwards, I gradually learned to dig into things that interested me until before long, it became a self-perpetuating process. So what exactly does it mean to learn how to learn? This must be answered individually, but start with the First Principles.
• Spell Out Your Goal - This is crucial. You can not hit your target - no matter how great your aim - if you are not clear what your target is. There is a ton of material out there that you can pull up with a Google search. In fact, there is more material out there than you can get through in a lifetime. Worse, there is a lot of wheat mixed in with a lot of chaff. How are you supposed to know the difference? Start by identifying exactly what it is that you are after. My goals follow.
  1. Brush up on my programming chops. My background in programming is truly that of a hacker (see definitions below). I had no interest in software in school. However, once I entered the workforce as an engineer I was thrown into the sea and had to sink or swim. Without going into great detail here, I will just mention the work I did in a crystal assembly factory back in the 1990s. I took on a position in "automation" back in the days when you could not just go buy a robot, but everything was pieced together from scratch. There were times when production was down (yikes) and I had to get machines running by hook or by crook. Well, there were a few times when I gained access to machine code - literally ones and zeroes - and started twiddling bits to decipher that say, one bit turned pneumatics on/off, and one byte commanded speed, another acceleration and so on. That's hacking. But I was never properly trained on software principles. Learning techniques and commands is "brushing my chops." (My goals here are for security hacking specifically, as opposed to my past hacking in general.)
  2. Learn about networking. I am a newbie at networking and communications. And I want to round out my skill set. Clearly, networking will continue to play an important role in my professional and personal life. When I choose a goal, I like to pick ones that I consider "can't go wrong." Networking techniques help me future-proof my skill set.
  3. Harden my security. Security threats abound. In fact, the more I learn, they more I understand that each of us is at risk. For example, WiFi connections are just begging to be snooped on. Specific targets are:
     • Cryptography. This is a basic requirement for privacy and cryptocurrencies.
     • Understand different levels of security, and place my resources at there proper levels. This will be fun because to understand the ecosystem, even ethical hackers must be able to snoop around communications out in the wild to understand what we are up against.
     • Social hacking. One of the first lessons of hacking is that the human interface is by far the weakest link. For a good example, check out this "Real Future" clip, which includes a "crying baby" audio tool - LOL.
• Define Terms. Understand what your words mean. Even better, take ownership of what you want your words to mean.
  1. Hacker - The layman gathers much from movies, where hackers are usually shady and unethical. The hacker community - specifically, white hat hackers - takes umbrage at this. See for example, the Hacker Manifesto. Properly defined, "hacking" is jumping into (breaking into) existing systems and using them in ways not originally intended - or reverse engineering systems by applying raw talent to them. Nefarious "black hat" hackers are known as "crackers."
  2. Networking or Communications - To us at home, networking is the means by which computers all over the world talk to each other. This is fascinating to me. It is also revolutionary - or "was" revolutionary, having taken hold back in the 1970s. The world-shaking part about it was - unlike engineering since from times beginning in the Enlightenment - controls and information no longer followed a single, pre-determined path. The ethernet broke information down into packets, and "sprayed" them out over paths of lesser and lesser resistance, then the receiving machine reassembled them in the correct order. Back to us end users, on a practical level networking amounts to information sent and received by say, a local laptop, its RF transceiver card and routers, modems, and hardware lines such as telephone twisted pair (old school) and fiberoptics. We exercise this now cheap and ubiquitous equipment to view cats (and porno) on the other side of the world. The new, overhyped yet relentless technology is the so-called "Internet of Things." Proponents envision your clotheswasher talking to your refrigerator, which then commands your router to send packets out to a self-driving car to deliver your groceries to your door.
  3. Security - This is protection against unwanted meddling with your data. I do not think one should get paranoid about potential exploitation of your data. This, because most of us are such small potatoes that serious hackers don't really care to mess with us. However, to get an idea of the ecosystem, check out this live map of just the crude, brute-force DDoS attacks out there - merely the 0.1% of them - haha. Real world effects on us little guys include simple "vandalism" type of attacks and password stealing code. I do have friends though that have experienced more concerted attacks with more devastating consequences. Remember, social attacks are the weakest link. Consider how much Google and Facebook are already "attacking" most of us with their honey pots, and we just hand over the most intimate information to them with our own free will.
• Start small. The classic rookie mistake is to write a whole program (or in the hardware world, build a whole circuit or machine). Then, muddle around for the next week trying to figure out why it didn't work like it was supposed to. Start small. Build the smallest working unit (write the shortest code, or a even a single command). Get that working, then build up around it incrementally.

The above are general principles to Learn How to Learn. Look for specific hacking tools in the future.

OK, now for my first (security) hack.

The following is how to approach programming as a newbie. Just like how I wrote my very first real world program, one should start with something simple: the classical example is to write a "Hello World" program.

In our context, we will do so from the terminal. If you are a total newbie, chances are that you are intimidated by the terminal. Fear not! You will come to love it.

Do this.

1. Open a terminal.

   If you want to learn anything about hacking, there is no sense in running a Windoze machine. If you don't already run Linux or a Mac, then Google "live usb linux" and make yourself a bootable USB (for example: Ubuntu). This lets you boot up into a Linux environment. Don't worry! This will go away when you power down, and have no affect on your normal software or data.

   Linux: Google how to open a terminal for your flavor of OS. In Ubuntu, the hotkeys are Ctrl-Alt-T.

   Mac: Hit Ctrl-space and type "terminal."

2. Now that you are in the terminal, type the following:

echo "Hello World!"

That's it! You just wrote your first software "program." Now here is the key to moving forward: play with the command using your own riffs. For example,

echo "Hello World - I'm awesome!"

Or here's one of the first things I did: add line spaces so your practice text isn't mashed in with the rest of the screen. Look up commands for your terminal (most likely BASH) and try them out.

First, type "clear" to make the screen nice and clean.

Now type your "Hello World" statement again. See how it is squished next to other lines? Well budding hacker, look up the options for the echo command. The "new line" code is "\n". This code is enabled by using the "-e" option for the echo command. So try this:

echo -e "\n\n\n\n Hello World! \n\n\n\n"

See how your output is out in the open now? You are off and running. Play around a little more with it.

You are ready for your first hack!

Here's what I did. I am on a Mac machine at the moment, so I used the "say" command which is pre-installed. Starting small, type this.

say hello world

If using Ubuntu, try the following.

echo "hello world" | espeak

If using a different flavor of Linux, or if the above didn't make any sound, then roll up your sleeves and start debugging. This usually means to start Googling commands and terms. This exercise is left for the student :-)

Now on to your first "hack"!

Practice this on your own machine first to make sure you can get it to work. Then when your buddy leaves the room, type this into their terminal - a Mac in the case of my son.

while true; do sleep 600; say You are hacked. Ha ha.; done

Yup. The boy just go owned by the old man. Hacked!

I was going to spell out the details of above, but this post is long enough already. Will just mention a few things.

• Before you do your dirty deed, while practicing on your own terminal try a shorter "sleep" time. The number is in seconds, so try a number like "2" to get more rapid responses while you customize the audio bomb you are dropping. I have 10 minutes (600 sec) in the example above. For your prank, you could try once an hour or once a day to make it harder to catch on.
• To halt the program, type

Ctrl-C

• A key technique in hacking is to cover your tracks. Once the victim gets annoyed, they will start looking around for the problem. With the simple code above, they will see an open terminal. If you type the code below, you can close the terminal and the code will stay alive, invisible in the background. Here's the code:

nohup sh -c 'while true; do sleep 600; say You are hacked. Ha ha.; done'

OK hacker, you have now gone next level: you can quit the terminal and cover your tracks.

This will keep running until your victim reboots the computer. Or since you know what you are looking for, you could step in and "kill" the process in a more elegant manner.