Yes, I am a criminal. My crime is that of curiosity. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.
- The Hacker Manifesto, by The Mentor
By W1ntermute, founder of W1nterSec.
This is for all you newbloods out there, fresh on the scene, and looking for the next step in your quest to conquer the corrupt.
As people, we are vexed by the current climate of governmental corruption.
This is why we exist.
Because we’re fed up and agitated at the injustices committed by the elite 1%. Because these injustices go unchecked, we recognize that no one is actually watching the Watchers.
This is where we come in.
We live in a vastly interconnected world that’s symbiotic with our digital age and because this world’s governments make use of the same technology infrastructure we use, those who possess the right skill sets can and do wield power over them.
And then there’s you.
Everyone with a dream of fighting “the machine” is looking to find their voice, their purpose, and some means to facilitate change in the political arena.
Because this is universally true, hacktivism plays a pivotal role in strong-arming those who are corrupt and forcing them in some way to yield to the voice of the people, idealistically, of course.
Shucking off the chains of bondage to this draconian machine is indeed a human birthright and moral obligation. Truly, there is no higher duty than to fight corruption, because the corrupt will never correct themselves.
Thus, the hacktivist exists to show by reasonable force that the scope of governmental power can be undone in an instant. With one data dump, all its secrets can be exposed: for the secrets of the corrupt are what their empire has been built upon. When you chip away at the structure, eventually it will fall.
Without secrets, the power of its silent and deceptive movements and shadowy encroachments will dissolve. So, when the mask is ripped away, everyone sees them as they truly are.
Hacktivists exist to shed light in dark places. We expose the unseen.
Joining a Hacktivist Group: Growth Through Culture
If you don’t possess much knowledge but have the willingness to learn, then joining a hacking group has always been the age-old way of learning and sharpening your skills.
But a word to the wise: avoid public hacking forums. These are not safe hackerspaces to connect with others. They are frequented by law enforcement, scammers, etc. Visit them only to read tutorials and learn, not to respond to recruitment calls or make friends.
Legitimate hacking groups provide camaraderie and mentorship. Best of all, a free environment to ask questions along the way. A group setting also shows which attack methods are trending, provides an exclusive view into the underworkings of the hacktivist subculture, and exposes you to key players on the frontlines of hacktivism.
Anonymity is Power: Don’t Get Caught
Before any newbloods should ever pursue testing out their knowledge of hacking in the wild, OPSEC absolutely must come first.
OPSEC stands for “operational security.” It’s the measures a user takes to ensure their presence on the internet remains anonymous. Anonymity is power. It’s powerful because it removes the element of retaliation and arrest from the list of power plays used by law enforcement and corrupt government regimes. It ensures you will not be forcefully silenced and can continue to operate.
The tools of OPSEC are simple, and there are many free resources users can utilize to ensure their activities aren’t caught on the proverbial radar. While which tools are best are subject to much debate, you can gain an idea of what’s important.
Use a VPN
A Virtual Private Network (VPN) at its most basic, is an app that users can download onto their computer or smart devices designed to create a privacy layer that provides end-to-end encryption to their internet connection.
Basically, your Internet Service Provider (ISP) will see that you’re connected to a server, the contents of which are encrypted. They won’t be able to see what you’re connected to. Any connection to a website or app will be protected, and the information you input will be protected against interception by a malicious third party.
ProtonVPN provides a free VPN option, for those who can’t afford to pay. However, it is important to note that ProtonVPN is based out of Geneva, Switzerland, which is bound by bilateral treaties with the United States and other countries.
The company only operates under Swiss law, and does not generate logs, or record IP addresses, and does not cooperate or act on court-ordered warrants. Nevertheless, use it at your own discretion.
If you’re participating in a group operation and you’re the only idiot in the crew who’s not using a VPN and you get caught, you will jeopardize everyone else around you. So, don’t be an idiot.
VPNs Paid With Crypto
ExpressVPN, NordVPN, Surfshark, and CyberGhost are VPN services that allow anonymous payment options using cryptocurrency. Nevertheless, it is prudent for any hacker to do their own research into each company in the journey for finding reliable anonymity.
RTFM and Google It
RTFM is hacker slang for “read the fucking manual.” It’s okay to ask questions. But it’s not okay if you’re in the habit of just asking others for the answer. Get in the habit of researching EVERYTHING. If you don’t, you’ll never become a hacker.
Let’s Learn to Hack: Free Online Training Resources
If you’re not sure where to start, the following free online resources will point you in the right direction.
The Bandit Wargame is a game for absolute beginners. Users connect to play via SSH (secure shell) and is designed to help build and strengthen your command line and Linux skills.
TryHackMe provides real-world labs designed for users to train and test their cybersecurity skills. Everything you learn in their real-time modules you can try out in their deployable online virtual machines.
picoCTF is an online game targeted toward a teenage user base looking for cybersecurity training. It offers a unique storyline with a variety of challenges that require different techniques to solve the challenges.
HackTheBox is a huge cybersecurity training platform, where anyone can test their hacking skills and learn new techniques to practice in a sandbox virtual environment.
Udemy is an online training and marketplace platform that boasts over 213,000 courses and 57 million students. With both free and paid online courses, users can browse a plethora of cybersecurity courses.
Metasploitable is a machine designed for penetration testing. If you want to simulate a vulnerable machine to hone your hacking skills, download this. Then, make sure you’re running Metasploit Framework to find and exploit vulnerabilities discovered in the Metasploitable environment.
HackThisSite is an online hacking community that also features a variety of realistic hacking challenges. If you’re new to the scene, this is a good spot to learn some of the basics before moving on to more skilled challenges elsewhere.
Cybrary is a free cybersecurity education and training center that also offers certification preparation. This is a perfect place for cybersecurity and IT workforce development. Many hackers and newbloods use Cybrary to develop new skills.
Script Kiddies Have No Honor
It’s okay to learn how to use hacking scripts others have coded. It’s not okay to have no working knowledge of how they work, or why they work - or don’t work.
Simply watching a video tutorial on YouTube and trying it on your own machine doesn’t make you a hacker. So, be sure to learn some networking fundamentals.
Using hacking tools doesn't make you a hacker, or expert. Understanding why these things work, and how it all comes together and can be altered or manipulated is an entirely different matter.
Learn what TCP and UDP ports are. Research what packets are, and how they can be manipulated. What is the difference between an IPv4 address and an IPv6 address, and how they’re assigned? Learn the 5 TCP/IP layers. Learn what the OSI model (Open System Interconnect) is, and what a MAC address is. What are ARP tables?DNS?
Once you have an understanding of how computers talk to each other, you’ll be the person who knows how to manipulate them. Without this basic foundation, you’ll just be a script kiddie, making a shit ton of noise but having no knowledge of how to control or strengthen your attacks without triggering alarms.
Remember: your success will be in what you know, and what you’ve experienced from your knowledge. Not in how well you can use a script.
After you’ve built a foundation, master the use of your tools. Don’t get frustrated when things don’t go your way! Master the tools, and master your hackerspace. Learn everything you can about the tools you use.
Now go change the world =)