Getting Into Gear
“It isn’t what you do. It’s how you do it.” — Timeless Saying
Think like a hacker. Act like a hacker.
In the 1960s, the hacker magazine 2600 ran an article that said there was water on the moon. That was in 1960. Then, it came out in news in the 21st century: Water was found on the moon!1 2 3 The government wanted to use it to make a lunar base.4 I remember being taught in school how the moon had no water and was lifeless because…the moon had no water! The whole world knew the moon had no water. But, this hacker knew the moon had water. How?
He did not hack NASA. He was into astronomy and his girlfriend bought him a telescope. The telescope came with specific instructions stating that one can not see colors with the telescope. With a list of instructions and explanations as to what kind of mirages and optical illusions would lead to seeing colors. The man thought this quite odd. After all, doesn’t color go through clear glass? Eyeglasses see in color, right?
So, he took his telescope up to his attic, aimed it at the moon and observed what he thought was blue near the polar caps of the moon. That is exactly where the water has been “recently” found.
After describing his experience with his telescope, then followed a discussion about hacking. How hacking is a way of life. How hacking is not taking things for granted based upon ‘say-so’s. How hacking is trying, experimentation and figuring things out.
In order to hack, ‘You have to play with a lock like a raccoon until you open it.’ Lots of engineers do this. Engineers at heart, can’t sit still in a chair, watching some gizmo without having to see how it works.
There is a German expression, ‘If two people do the same thing, it isn’t the same.’ As I said before, it is how you do it that counts.
These are character building exercies [as well as technical skill training].
Do you go by the book? If you were taught this is the way it works, is that the only way? Do you try to do things in different ways? Look at things from different perspectives? Try new approaches?
Leonardo DaVinci was undisputedly a mega-genius. He was also a hacker. He looked at things from many different perspectives. You see that in his drawings. Like modern day technical drawings, he shows a view from the top, from the side and mid-section slices. He even says so in his books, that you must observer things from different angles in order to understand it.5
When you think of hacking, think like Hannibal, the great general of ancient times.6 Hannibal went to war with Rome, the superpower of the ancient world. The Roman legions were the greatest army in the world. To get to Rome, Hannibal had to cross the Alps. Many of the passages were blocked by boulders. He had to overcome this obstacle or give up.
What do you think he did? Give up?
He stopped and contemplated the obstacle for 3 days until he came up with a solution. He over came the boulders.
Hannibal brought a secret weapon with him to attack Rome. Hannibal brought a powerful war machine that the Romans had never seen before and had no clue how to deal with. Did the Roman generals just give up? Did the Roman armies surrender? No! But, they avoided the obstacle that was too strong to deal with, until they devised a strategy and learned how to get around it.
Machiavelli, a notable medieval philosopher, politician and governmental minister, writes about this in his famous book, The Prince, and says, in life you must apply this philosophy to every obstacle you face. If it is too big to overcome, you must avoid it until you learn how to go around it or get over it.
That’s part of hacking. You can’t give up because you don’t know how it works. You can’t give up because you can’t figure it out today. You have to contemplate it. Study it. Until you come up with a plan on how to get in.
Sometimes, as is often done in engineering, you treat the parts you do know and temporarily forgo the parts you don’t know. You treat the unknown as a “black box”. You figure out the rest. Then, figure out the black box.
Sudoku. Here is a test and a way to develop this thinking habit. Play sudokus. Sudoku is a logic game. I works on process of elimination. To solve the puzzle, you have to look at it from different perspectives. You have to look at the rows, the columns, find different kinds of sets. If you can’t find a solution one way, you have to try another way.
I recommend playing this game to hone your logic and perception of details. Do one a day.
How do you do it? Do you give up? Do you spend all day trying? I don’t recommend that. My personal recommendation is work on a puzzle for a ½ hour. This is about average for the average person. You should be able to complete the puzzle in that time.
Do you hold on to the ones you can’t do and keep on trying later? Until you get them? My recommendation is to do exactly that. Can’t finish the puzzle in a ½ hour? Put it down. Pick it up some other time and finish it later.
Do you study how other people solve sudokus? Are you constantly learning new methods?
Are you a purist? This will certainly raise the bar.
What I mean by purist is, do you use reduction ad absurdum or not? You can solve something logically either directly or indirectly. A direct solution, proves what it is. An indirect solution proves what it is not. Then, we assume it is because, it can’t be anything else. Or, if you are left with a pair. Do you figure out a direct solution or pick one and try it. If it is right, you have the answer. If it is wrong, the other member of the pair is the answer. Purists call that a guess. Did you guess? Or, did you know?
Do you use pencil marks or do everything in your head?
Don’t call for help immediately, or even at all.
Achieve a balance between intuition and logical analysis. If you see an answer, use it. If do not see any answers, develop and fallback on processes [of elimination] that will show you answers.
For really good Sudoku web sites, try either www.brainbasher.com or the London Times. Brainbasher.com is free.
You need to be able to perceive details and anomalies. Doing sudokus will help.
You need to need to be able to recognize patterns. Doing sudokus will help.
Anagrams. The word game “Jumble” will help develop the mental skills necessary for perceiving permutations and developing a view from different perspectives.
Learn to type. You will be sitting at a keyboard and typing a lot. Learn to type.
There is something to be said about whether to use the QWERTY keyboard or Dvorak keyboard. The Dovrak keyboard is supposed to be easier and allows you to type faster. The QWERTY keyboard was developed in the era of mechanical typewriters. The QWERTY keyboard was designed to be difficult and slow down typists to avoid jamming keys. You can type much faster, especially on a computer keyboard. Personally, I have tried both and don’t see the value. Also, I found that the Dvorak keyboard for both hands stresses the right hand man; since the design of the Dvorak keyboard uses the right hand more. There are Dvorak keyboards for both hands, right hand and left hand.
Learn to Play Piano.
What came first the piano player or the programmer?
There is a correlation between good programmers and those who are musical. People who play piano are good programmers. That is a fact. Correlation does not mean causation. [Basic Economics, Thomas Sowell] The mental ability necessary for both tasks may be the same. Exercising those skills, especially in an alternate task, does strengthen those skills.
I recommend learning to play piano. Specifically piano. Because piano offers a visual aid to music theory. You see the proportion and pattern of the notes and scales. Also, it covers more scales and is easier to operate than other instruments, especially a violin. If you already play another instrument that’s fine.
Playing music involves pattern recognition. A necessary skill to develop to hack. The more you practice a song, the more patterns you will see in that song.
In addition, you learn that things can and are learned with practice. So too hacking, things come to you, you learn them, realize them, with practice. This will become obvious as new insights into the theory and analysis of each song you practice.
Learning to play will instill you some pride and self confidence. With each new song you learn, you will realize more that you can do stuff.
You will need to use a similar set of skills and take similar approaches to hacking and learning to hack as with learning to play piano. If you already are given or taking music lessons, take them seriously. If your school offers the option of learning to play an instrument avail yourself of the option! If you have to fend for yourself or; are an adult without the school option, get a keyboard. They are inexpensive. Usually, under $100-. Go onto Craigslist and get a used keyboard. You want something with 3 ½ or 4 scales. That’s 32 keys.
Then, you need some lessons and/or books. You can find a lot of good stuff online. You can get lots of teach yourself books, especially in the library. I can’t vouch for them. There are 2 very good online resources that I can vouch for. One is Shawn Cheek. The other is Dave’s Conservatoire.
Shawn Cheek. www.webpiaonteacher.com You can also go on to Youtube and find lots of videos from Shawn Cheek. Some are teasers. Others, are entire lessons. Check out the lessons on music theory the Circle of Fifths7 or a song, where the lesson is more than one minute. You will get a feel for his teaching style, which, IMHO, is excellent. He has inexpensive sets of lessons that will take you far.
Dave’s Conservatoire. http://www.daveconservatoire.org/ This is a music theory site. Feel free to contribute. All the basics of music theory are covered. It is an entire course. Piece by piece, step by step, from the very basic building blocks of music theory to the more advanced subjects. Lessons are easily understood and followed.
Learn Logic.
You need to learn logic and to think logically. I recommend studying the subject and will discuss this more in the chapter on programming languages.
Once upon a time, logic was a college requirement. It is a hard course and the passing grade was lowered so ordinarily people could pass the course and graduate college. Eventually, logic was dropped from the requirements. It’s study however, would serve anyone and everyone well.
Also, I highly recommend reading Euclid’s Elements. Euclid was one of the greatest teachers of all time. Certainly, one of the greatest Classical Greek teachers. He taught math. Geometry mostly. Some number theory. His math proofs are one long succession of logic. I promise this is nothing like your math class! Far more mesmerizing and entertaining!
Also, the Grecian math incorporates the Grecian philosophy of proportion. [Decline of the West, Oswald Spengler] Again, you will be shown and deal with proportion. Recognizing proportion is a necessary mental skill for computers, encryption/decryption and reverse engineering.
Do not think that these “games” and other activities are irrelevant. These “games” teach you and prepare you for the professional tasks at hand.
Make Plans. There is a very good book on software engineering, recommended by ACM [American Computing Machinery—the largest professional group of computer pros in the world], After the Gold Rush: Creating a True Profession of Software Engineering (DV-Best Practices) by Steve McConnell. In sum, the book makes a few excellent points about how to engineer software. These assertions are followed by studies that prove the point. Writing software should follow basic engineering principles. Make a plan. Make a design. Incrementally implement the design. Provide certification for engineers.
Following these guidelines enables accurate estimation of production time [to produce software] and; reduces the difficulty of writing software with constant rewrites to produce software that does what is wanted.
Apply the same rules to your cyber research. Not just in general, to all the different subjects I am suggesting you learn. But, also to any one testing of software and searching for bugs.
For example, if I wanted to go after the Chrome OS bug bounty, I wouldn’t study the whole operating system. I would study just those parts that I felt were relevant to my goal. I would start would the login and encryption routines. Then, the Internet access routines. Update routines for installing patches. Maybe read/write routines. Then, see if I could capture the password somehow or; make a new user accounts somehow or; escalate my account privileges.
Or, if I wanted to run a “phishing” scam; I could follow another course and try to get the email addressbook. I would think about what I would need to do that. So, what is the name of the addressbook file? Where does the addressbook file reside? What is the file format of the addressbook file? What kind of security permissions are needed to access the addressbook file? Do I have those permissions? If not, how can I get those permissions?
Now, that’s a plan. The plan, every plan, has steps. Step one becomes before step two. In fact, I can write this out as a procedure or method.
- How do I find out what the default mail reader is?
- What is the name of the addressbook file for the default mail reader?
- What is the file format of the addressbook file?
- Where does the addressbook file reside?
- What kind of security permissions are needed to access the addressbook file?
- Do I have those permissions?
- If not, how can I get those permissions?
Laying out the plan helped me refine the plan somewhat. I added a fundamental step and I reorder the steps into a more logical sequence. Also, the sequence orders the tasks in a more, from easy to difficult to solve, order.
For all the plans and how-to suggestions in this book [and in school, on the job and; in life]; do what works for you. Different people think differently, work differently are different. What works for one, may not work for another. Do what works for you.
Learn to flow with failure. Learn to learn from failure. Computers do things the same way over and over and over again. You just have to find the pattern.
I know a computer science professor, Barry Burd of Drew University, who wrote an excellent piece of advice in one of his books. He wrote “Java For Dummies”. He said, if you copy a working program example and it doesn’t work. Keep staring at the original and your copy. Most errors are typos. Eventually, you will catch the typo. Even though I have said you need to learn that the book may be wrong and I have had to debug program examples, in Microsoft courses no less; there is tremendous truth to this piece of advice—Especially, for Dr. Burd’s books.
You will write programs and they will not do what you tell them to. Often, it will be just typos. Often, you may not have understood the documentation of the programming language. You may have implemented the programming construct incorrectly based on a misunderstanding. Just keep looking at it and contemplating it. Reasonably, try different permutations. Not every alternative permutation that comes to you head, but a reasonable permutation. Go back and read the manual. Look online if anyone else has had this problem. The solution will come to you.
—
Study Exploits. Study the exploits of others. Study the weaknesses, vulnerabilities and bugs that others find. Read their books, auto-biographies and biographies. Troll the logs for bug bounties. Those offering bug bounties often say, what was already paid for. [They won’t pay for it twice. :-)] This is a way to learn from the best.
1 It’s Official: There’s Water on the Moon, Andrea Thompson, Our Amazing Planet, September 23, 2009, http://www.space.com/7328-official-water-moon.html
2 Water on the Moon Came From Solar Wind, October 10, 2014; http://www.foxnews.com/science/2014/10/10/water-on-moon-came-from-solar-wind.html
3 The Moon’s Water Came From Earth, Liz Kruesi, December 17, 2013; Discover Magazine, http://discovermagazine.com/2014/jan-feb/47-where-moon-water-comes-from
4 NASA is Studying How to Mine the Moon For Water, Mike Wall, October 9, 2014, http://www.space.com/27388-nasa-moon-mining-missions-water.html
5 How to Think Like DaVinci, by Micheal J. Gelb; Gelb discusses how daVinci thought and how one can emulate his thinking. Cites daVinci himself as saying that one must observe something from all angles, in order to know it. You can also observe drawings in daVinci’s notes. These included pictures with current technical drawing methods of cut aways, sectional drawings, top & side views.
7The “Circle of Fifths” is a fascinating part of music theory that involves a lot of proportion. You need to be able to abstractly see these kind of relationships in data and program logic as implemented in program code. Exercising the requisite part of the brain will assist in developing these skills.
Cyber Security 411 