A sincere word of warning to all of the aspiring hackers out there

Lauri Love, a 31 year old British computer enthusiast, is currently facing extradition to the United States having been accused of hacking into computers owned by the FBI, the US Central Bank and the US missile defence agency.

His defence team isn’t actively disputing the accusations, but is arguing that Lauri is vulnerable due to his autism and won’t fare well in the US prison system. They argue that, as the crimes where allegedly committed in the United Kingdom, that is where he should be tried and if found guilty, imprisoned.

Unfortunately for Lauri, the UK and the US already have a comprehensive extradition treaty in place covering this sort of thing.

They have made assurances that:

• He will not face the death penalty
• They will make allowances to ensure that any extra support he needs in regards to his autism is provided

Also, unfortunately for Lauri Love:

• He was not extradited from another country to the UK (this would require that Countries approval too)
• He was not transferred to the UK by the International Criminal Court (this would invalidate the extradition treaty between the UK and the US in this case)

All of the above basically mean that, according to the extradition treaty between the UK and the US, Lauri Love is basically good to go.

There exist a number of free and open source tools, targeted at IT professionals, which are designed to help them find vulnerabilities and secure them.

They generally consist of scripts and software programs, written by highly skilled programmers and hackers, to target known vulnerabilities in software and operating systems and exploit them.

Kali Linux (the successor to Backtrack) is one such tool. If you can install a piece of software onto your PC, you know everything you need to setup Kali Linux.

It contains tools to scan the internet for vulnerable systems, and once you find them, other tools to exploit those vulnerabilities.

The internet is full of guides and YouTube videos demonstrating how to do all sorts of fun things with Kali Linux.

Whenever you read about a high profile hack in the media (such as Lauri Love, or the kids who hacked TalkTalk), most likely it was not somebody writing scripts to exploit unknown vulnerabilities in software and operating systems, but somebody using a tool such as Kali to find vulnerabilities on internet facing systems and exploiting them.

IT professionals who understands these tools and how they are used also generally appreciate the low level of skill involved in doing so. They are essentially as complex as using any point and click interface, no more difficult, once you are up and running, than ordering some food online, or tickets to a gig.

The real skill is involved in securing the systems you interrogate with Kali to make sure that the vulnerabilities you find actually go away.

None the less, every time this sort of story appears in the media, you get the predictable response of, They should be hiring this person, not sending him/her to prison!!, which I could not disagree with more.

You are (probably) going to get caught

Regardless of your views on the laws in your country, and extradition treaties between your country and other countries, they are what they are and you aren’t going to change them.

As the Lauri Love case has shown, playing the Autism card is not going to help you.

More importantly, when you use tools such as Kali Linux, you are criminally responsible for your actions when you do bad things.

When you use these tools to attack a server, regardless of whether it belongs to a company in your country or another country, or belongs to your government or another countries government, you run the very real risk of being caught.

In 2013 a student at the University of Harvard, Eldo Kim, used Tor to send a bomb threat to Harvard to get out of an exam he hadn’t studied for. He was caught because despite using Tor to conceal his identity, he had connected to Tor via the University network, while the threat had been sent through a darknet email service at the same time. It didn’t take a genius to connect the dots, also, he admitted it.

In the same year Ross Ulbricht, creator of the darknet online marketplace Silk Road, was caught whilst sitting in a public library logged into the management portal of the website, despite making a sincere effort to conceal his identity using Tor and VPN’s.

Everybody makes mistakes, everybody fucks up, and when your future is on the line, it just isn’t worth it.

Don’t stop hacking!

In spite of all of the above, don’t stop hacking.

If you enjoy spending your free time playing about with computers and tools such as Kali Linux, that is awesome, and I don’t want you stop.

I just want you to stop being an idiot.

Instead of hacking into random servers online, setup your own servers in your house and hack those.

Instead of exploiting vulnerabilities in companies owned by companies and governments you find online, setup your own SQL databases on those servers and learn how to inject SQL.

And then, learn how to make the attacks against the servers you have setup no longer work.

This isn’t expensive. You can purchase cheap pre-owned computers from sites such as CraigsList or Gumtree and install anything you like on them. You can also purchase cheap but powerful computers such as the Raspberry Pi, install potentially vulnerable software on that, and then go nuts.

These are the skills that will make you invaluable to any company who might decide to hire you. Hacking a server owned by a company or government will land you in prison, but knowing how to carry out these hacks, and being able to demonstrate this against your own hardware could land you a very well paid job with the same companies or governments.

Don’t be an idiot!