Many people wonder what the life of a hacker looks like. Is a hacker a profession at all or maybe more of a passion? What do hackers do on a daily basis?
Despite what is being portrayed by Hollywood movies and computer games, the life of a professional hacker is far from 3d cybernetic structures and typing furiously on a keyboard…
A bit of history
In Hackers: Heroes of the Computer Revolution, Steven Levy traces the exploits of the computer revolution’s original hackers. Believe it or not, it all started with a railroad club and a bunch of folks interested in electronics. Computers emerged later on, after landline phones and mainframes were the actual targets for those innovators. Curiosity was and it is still the main driving force for all true hackers out there. Even today, hacking is about skills, dedication, patience, passion and creativity. Properly mixing these elements makes it possible to experiment with computers (and not only!).
In the context of computer security, hackers are generally grouped into three main categories:
White hat hackers
These hackers are known as the “good guys”. These are ethical computer hackers, or computer security experts, who specialize in penetration testing of an organization’s information systems. They usually work for those enterprises as in-house security professionals. There are also people that work for consulting firms and freelancers performing those security audits to bring a fresh perspective to the internal security teams. They always follow the rules and never take advantage of the access they have for their personal gain.
Black hat hackers
A black-hat hacker is an individual who attempts to gain unauthorized entry into a system or network to exploit them for malicious purposes. Those people do not have permission or authority to compromise their targets. The purpose of their action is to steal passwords, obtain financial information and other personal data. Often, black hat activities lead to material benefits in various forms. In short, we would call them “cyber-criminal”.
Grey hat hackers
As the name suggests, this is a category in between the white and black hats. As such, it is rather difficult to provide a precise definition. In some cases, grey hats exploit networks and computer systems in the way that black hats do, but without causing any harm. They may not have authorizations, but they are also not looking for personal gain. These hackers surf the Internet and hack into computers to notify the administrators that their systems contain weaknesses that must be fixed before it’s too late. In some other cases, these individuals find and disclose loopholes and vulnerabilities to different intelligence agencies.
In terms of technical skill sets, all these hackers work with the same tools and techniques. In today’s world, discovering a security vulnerability means knowing how computer systems work and how to subvert them.
“Any sufficiently advanced technology is indistinguishable from magic“
Arthur C. Clarke
Since my early days with computers, I have always cited Clarke’s Law to explain my job as a security researcher to non-technical people. Being a complex technology-based process, security testing is far from magic. It requires a proper mix of scientific know-how, creativity and expertise on new and legacy technologies. Staying up-to-date on the latest computer attacks also requires never-ending study, in-depth research as well as continual discussions with fellow security professionals.
So back to the original question: How do real-life hackers spend their days?
Far from the Hollywood fast-action scenes of Hackers (1995) and Swordfish (2001), most security professionals spend their long days by looking at code and reading never-ending specifications with the ultimate goal of understanding how systems work. Oftentimes, finding and exploiting vulnerabilities in a popular piece of software requires weeks or even months of work. Next time you see a programmer, you might wonder whether that person is an actual developer, or maybe a hacker!