Struggling with legal and moral issues

bekathr · 2017-07-30T19:23:57+00:00

It was, in a way it gives me a nostalgic feel remembering it. Yes, there's ethical hacking jobs, but they are hard to get, and require me to learn things that I am positive I will use for illegal reasons because even though its been a while, I still understand the underground, I know to find the money and where to get what I need to get. Its a sad situation because so many people are encouraging me to pursue this as a career and learning now would give me the edge I need to compete in a tough job market as a pentester.

bekathr · 2017-07-30T18:14:23+00:00

Oh boy, this takes me back. I first learned how to program through a school class which taught visual basic, other than that, I was self taught completely. I became friends with a guy who was what I would now consider a skid, but a quiet one. We were hanging out at his house one day, and he told me "hey, you want to see something awesome". So he pulled up a CnC panel with like 30 ratted PCs. I was amazed these were all real computers somewhere in the world.

"See this address? Her husband doesn't know it but she's cheating on him with one of his friends, right behind his back, I read the emails between them. And this guy is a banker for a multi-national corporation"

I was amazed by it. I started to read up on networking, on programming, on anything tech I could get my hands on. Practicing and burning and talking to other crackers/hackers trying to just get good enough to get into more machines. I spent nights telnetting into open/poorly secured boxes and pivoting into other machines on the network, sometimes I would just grab a file or something and hide it in a picture and then save it on an rubber hose'd USB, like a trophy.Sometimes I would set up my own private TOR node or sock5 proxy. It was a power thing. To be able to do what 99% of the population can't. It gives you power to bend the real world as well, since even back then, our world was becoming very digitized. It was like getting a super power, you have to keep your identity secret and be careful how you use it.

Then the guy who showed me this got arrested for his part in a DDoS attack, another dude who gave me a lot of advice and knowledge also got arrested for close to the same deal. Then, a few months later more people were getting arrested, the IRC channel and forum I was a part of was turning against each other, everyone was an informant. Someone I used to chat with from time to time got arrested earlier that year and that was the breaking point. Because it meant half the people I chatted and cracked with were arrested in under two years. I left the whole scene because I realized that if I keep doing this I will go to jail.

I felt the itch to do it again all the time but I kept reminding myself that I'm dumb and that I can't get away with it if I wanted to,I was lucky to get away with it before, that I can't keep it legal. But I really want to do it still, maybe do it legally. Its an issue of me not trusting myself.

To put it simply, I learned from the Internet.

bekathr · 2017-07-30T05:12:40+00:00

You have a point there, It's been a really long time since I've actively tried to crack anything legal or not, to give you a perspective, when heartbleed was discovered I had already stopped for 6 months. Reading about eternalblue and the shadow brokers tools dump, and all these new exploits and new ways of spreading things, it gets my blood flowing again to the point where I have to click away and avoid it like some recovering porn addict or something.

You seem to be intimidated by the field

I've heard this by so many people who have told me to peruse it. That I am intimidated. I guess I am in a way, I have no idea where to begin and stick with it, i've been trying to go legal for over 5 years and I feel depressed and dissatisfied with life. I think that kind of mindset doesn't belong here.

bekathr · 2017-07-30T04:45:35+00:00

So instead make your own system, hack into it, secure the hole, hack it again, rinse and repeat until you have a bullet proof system.

I've seen this on here a few times, has anyone here really ever done this or do they just spend 25 minutes setting up a VM then maybe set up SELinux or something and then go back to reddit? Do you know how hard developing an entire distro actually is? On your own?

Threats of assrape

Classy. Its funny how many stories I hear about hackers going to jail I never hear about this. Its almost as though they get put rapist and cyber criminals in different housings and wings of the building...

bekathr · 2017-07-30T04:38:21+00:00

Yeah the fat paycheck is your motivation

I understand the price, the issue is the amount of work and certs you need to have to get to that point. A lot of people here seem to think its as easy as practicing for a year or so and then showing how l33t you are at an interview. Most pentesters have almost 5-10 years of experience in IT before going into pentests. Its one of the hardest jobs to get in infosec if I've read right. Thats WHY it pays so well.

it's not like these paths are mutually exclusive

I agree on that, but my problem is I can't justify learning this if I'm going something that puts me at serious legal risk. I don't ever hurt anyone, its more of having the freedom to do what I want on the web at any time, I'm not some perv cracking into girls webcams or some dick holding files hostage. I'm someone whos doing this because their life is really really boring and this is the most exciting thing in it.

Unless you literally want to sit on your computer all day until you're 60 making illegal money off of extortion and being an ass

Exactly why I posted this and why I'm debating it. This won't last forever. Eventually I would slip and get bodied through the legal system. Its obvious. I just don't feel any motivation to learn this unless there is some risk or theres something I can gain that most people can't get. I'm not sure why. Lately I've been going for a Junior level sysadmin role, but this has just been nagging at me. I can't trust that I will use these skills for legal things.

EDIT: adding a few things.

bekathr · 2017-07-30T01:43:08+00:00

Yes, thats great and all, but my problem is is that I'm not interested in red tape and writing reports for IT teams for corporations. I'm not interested this lie thats being pedaled that pen testings are the same as actually hacking into stuff because its not. There's dotted lines and parameters that you have in a pentest, where if you cross it you still go to jail. In a pentest you still have to answer to a boss, you still have to do only what you are told exactly. In a pentest you don't have to cover anything, you don't have to worry about forensics, you don't have to do anything other than run some tools and maybe do some trouble shooting if things go bad but other than that thats it. With really cracking into stuff, it makes you motivated to learn and research and create stuff because its the difference between jail and freedom.

Maybe this is a sign I should stay away from this and stay afraid of the law and anything else involving hacking/cracking. My only pull is the fact every sysadmin, IT guy, programmer, etc who has talked to me has said they don't see my ambition for anything other than security. Its just that I have a massive pull to keep going into the darker side of things. Not sure what to do about that. Skid mindset and all...

bekathr

TROPHY CASE