Ask HN: What do I need to learn to be useful as a hacker to defend my country?
The Ukrainians have called on the "hacker underground" to defend against Russia: https://news.ycombinator.com/item?id=30462219
Everyone of us here has above average computer skills, but most of us don't have offensive or defensive cyber warfare skills.
We have all seen how quickly war can break out.
What does one need to know to be of value to one's military, should the need ever arise?
What skills would they be looking for?
How can I acquire those skills?
55 comments
[ 8.2 ms ] story [ 109 ms ] threadAs part of that training, they should be showing you which skills they want, how they can be acquired, and so on.
This is also important because you need institutional legal support and an objective ethics framework to affiliate with. Otherwise one misstep and you can end up looking like a vigilante even though you had the best intentions. Or you could end up ready to take action yet without the infrastructure or other resources that would be needed to carry out your work in a wartime environment.
If they can't meet that minimum bar it's a non-starter IMO. You are left to your subjective estimations of what is needed and are without formal support. Contact your representatives and hold them to it.
Edit: Is op from UKR? I can't tell--if so the first priority is connection with community of experts no matter how small.
Probably the best education you can get anywhere.
Other than that, working as a pentester. Again, you can learn from online sources, but if you are a competent programmer, why not cold approach asking you would like to work in cyber security
https://youtu.be/admHGiHGnYY
NATO has decided it was fine with letting Russia have Ukraine with the expectation that Russia would not invade other countries. I swear I've heard this before in a history class.
https://www.gov.uk/government/organisations/joint-forces-com...
Learning and getting certified by a company that botched ~80% of their projects... indeed not a good idea.
https://www.gov.uk/government/organisations/strategic-comman...
https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
Adding on to what others have said I would say start with this. To be a useful "hacker" to *defend* your country start with ensuring you are not immediately exploitable yourself & then repeat for others close to you. A incomplete shortlist off the top of my head
1. Ensure all your devices are secured including great passwords, updates applied, minimal/no ports expose
2. Secure your financial instruments w/ great passwords and multifactor options. physical devices like yubikey is (afaik) top of the line, other styles are an improvement over nothing.
3. Create backups of important things so you're unlikely to be blackmailed by ransomware
(others, what am I missing?)
- Know when you might be introducing software vulnerabilities
- Find and repair bugs that might turn into vulnerabilities (things like static analysis and fuzzing, but also identifying code smells and where to inspect)
- Identify and avoid phishing attempts
- Identify (and, ideally, mitigate) places where resource exhaustion attacks are likely to be most effective
- Identify (and, ideally, mitigate) places where a process is dependent on external infrastructure that is controlled by another party
- Teach others how to do these things
These things are of high value in the day to day life of a software developer anyway, and there are lots of reputable resources available to learn and practice. In the future, if it turns out that you need offensive skills, that will work out OK too -- there's quite a bit of overlap, though not 100% overlap.
If, on the other hand, you're looking to start down a path that might have you doing useful things in a similar situation in 2032, this seems to me like a reasonable place to start.
If you don't understand a piece of software (and I mean really understand it) you probably can't break it in a meaningful way. You may accidentally break it, but your lack of understanding how it actually works will prevent you from further exploiting it.
Just my 2 cents. Hope it helps.
The quickest way to block cyberattacks with measurable security benefit is probably through network controls. ACLs, segmentation, firewalls, IDS/IPS, etc. You can deploy these and block a lot of attacks right off the bat. Looking into AD security, GPO, anything that can deploy configuration to your entire environment is common to exploit and important to lock down. Those are the kinds of measures that have really measurable impact and help prevent the kind of catastrophe that state-sanctioned operations create.
That being said, and now that it's clear that you aren't just going to push a number higher until you can send all of your cyber zerglings into the enemy's virtual mineral line, this is a good process to follow for finding serious vulnerabilities - exploiting them should be trivial if you have a good enough understanding of the system:
- Think of a system in use, at any layer of the stack. This could be a specific web application in use by the enemy, a runtime that's used by some applications of theirs, or a memory/cache model on a CPU architecture that's flawed or anything like that
- Learn enough about that system that you can understand any inner working of it
- Painstakingly look through areas where you, just via inference, can tell that there could be some sort of vulnerability - key areas to focus on are something that is something downstream to user input, or something similar.
All of that is to say that, if you aren't already "useful", your country is probably going to have a regime change before you can find anything strictly useful.
If there's something simple enough that someone who's relatively unexperienced can do it, then it's probably automated.
OR - use a bunch of stolen credit cards you bought online for $3 each to rent a few VPS' (maybe come up with some consolidation solution to more easily make accounts and setup SSH boxes) and throw as much layer 4 traffic at Russian endpoints as you can :-).
This is basically the same principle as international sanctions. Try to make everything harder for Russia and (unfortunately) for Russian people. Playing people's opinion against their leader. You can do the same in Belarus that saw civil unrest recently, mobilizing Russian soldiers.
I also think that tanks, fighter planes and helicopters are pretty hard to defend via hacking; it's like defending a password against a 5$ wrench used to hit you repeatedly.
- python, C, and assembler
- Gnuradio / HackRF (direction finding, spoofing/replay, jamming, etc)
- basic electronics
- basic model rocketry / pyrotechnics
- basic lock picking, escapes, first aid and wound care etc
- some off the shelf malware / botnet / RAT kits and usb installers, metasploit, etc.
From nothing to developing new zero day probably isn't going to happen during this conflict, and best hack will be using skills to get out of the country.
And cyber defense:
"... in cyberspace, it is much easier to attack than to defend. The primary defense we have against military attacks in cyberspace is counterattack and the threat of counterattack that leads to deterrence."