#2. Myth: Hacking Requires Lightning Reflexes
Jan Will/iStock/Getty Images
A lot of movies show hackers furiously typing on keyboards, commands flying across their screen too quickly to see -- movie hacking is a fast-paced job, requiring video-game-honed reflexes. It makes sense: You've got to outrun security, other hackers -- it's the computer equivalent of a gunfight. In the typical hacker duel, the attacker is firing commands and viruses at the system, while the target's own staff of nerds is racing to cut off the attack in real time, trying to chase down the hacker while he jukes and dodges with complex keyboard commands.
"Hack harder. Faster."
In the real world, most hacking tools are fire-and-forget. If you want to break into a site or an IP address, you just pick the right tool, "aim" it, and hit go. Then you walk away from the computer for a while until the tool finishes trying stuff. A lot of hacking is pressing "start" and then rolling out to grab some coffee.
This is not to make hacking sound effortless -- those tools are only right a certain percentage of the time, and the rest of the time will do absolutely nothing. But they do show you where the problems are. I'll spend maybe an hour letting the tool find a weak spot and then 15 minutes actually working out how to break in.
If this is making it sound like even professional hacking doesn't require an expert, well, let's take on the biggest myth of them all ...
#1. Myth: It Takes an Expert
There's a reason movie hackers always seem to live in basement hacker caves: They're the sort of people who spend every hour of their lives getting better at hacking. They're warrior monks, but with more Cheetos stains.
Boston Globe / Getty
Those orange robes also hide Monster stains surprisingly well.
The reality is that we go to career fairs at colleges and frequently hire people with almost no computer experience at all. It doesn't require years of study and dedication -- we can take someone from zero to hacker in six months. Security hacking -- what I do -- is actually an easy field to get into at entry level. You don't need years of training and a hearty Seth Green beard to start breaking into websites.
The floodlights, however, are an absolute necessity.
When you come on board, we assume you have no knowledge of how the Internet works, so we begin by explaining how websites respond to requests and move on to finding vulnerabilities. It doesn't take years of obsession to make an everyday hacker. It's a trade, like welding or bartending. And while the world has artisan metal workers and master mixologists, the everyday dudes who are just sticking metal together and pouring drinks for a paycheck keep those respective fields going.
The truth is, there are only about 50 different types of threat recognized by the Web Application Security Consortium, and each individual person at our company might only need to know how to track down a handful of those. It takes maybe a week or two to get the very basics of hacking down, and from almost the first day you're practicing on real applications. HackThisSite.org can train you up in the basics and have you doing hacks in a matter of weeks.
Blue jean jacket not required.
Learning and testing for vulnerabilities is the easy part of hacking (this ethical hacking course boasts a 90 percent success rate). The hard part starts if you decide to exploit that weakness. But there's more money (and fewer arrests) in resisting the urge to replace the background of Bank of America's website with your trusty ol' ejacupeen.jpg.
For example, I won "Notable Hack of the Month" at work last February because I found a vulnerability on a client's website, one that meant that in maybe an hour I could have written a script that would delete every user on that site ... or replace all the links in their accounts with hardcore Swedish Fish-based pornography. But I turned down that temptation for the chance to write a blog post about my achievement and the knowledge that I'll keep drawing a salary. Although I do have to live with the fact that they'll probably never make a movie about me.
Caleb Brinkman works for White Hat Security. You can visit his website here and his twitter here. Robert Evans is Cracked's head of dick joke journalism and manages the article captions. You can contact him here.
Related Reading: For more of Cracked's special brand of journalism, why not read this inside look at life as a prison guard. Next, let us bust some myths about drone warfare courtesy former drone pilot Brandon Bryant. And if you're planning to ship anything this holiday season, you owe it to yourself to read this article by a former UPS loader.