The $600,000 Joyride: Local hacker and former LulzSec member on why he went to prison
Published: October 30, 2013
“Our school basically had two sides to it: the hardcore athletic and the academics. For such a small school, it was really broken down. So the academic guys who competed in academic contests were right up there with the athletes,” Rivera reports. “There was never any of that old, generic athletes-and-jocks-pick-on-the-geeks thing.”
Even so, Rivera wishes he were better at something else. He sort of fell into computers and before he knew it, that’s who he was.
“Personally I dislike the fact that I’m good with computers. It might sound weird, but I wish I was better at something else. But computers was what stuck,” he says.
Takes One to Know One
As Rivera learned more about computers, he became more interested in network security. He came across a book at Borders called Elite Hackers Handbook, a joke book with advice on how to pick your handle and other comical bits. It listed a website on the back, and through talking to people on that site—mostly programmers—he found his way to another site where he met Kyle Browning.
Browning runs a site called RootHack.org which makes a game of breaking into competing teams’ systems. It’s a great way to learn the ins and outs of network security in a safe, legal manner. It’s especially appropriate for computer nerds who gain much of their knowledge not by studying, but by doing.
“The company I currently work for, we consider every one of ourselves to be, you know, hackers. We just figure it out and work through the problem. To me personally that’s what that term has always meant,” says Browning from San Francisco, where he works for a company called Work Habit.
“It’s coming down a little bit, but [‘hacker’] still has that malicious connotation to it, which is a shame.”
As corporate computer networks proliferated in the ’80s and ’90s, efforts to protect them became increasingly important. That’s when the idea of white hats and black hats evolved. The white hats represent, as you might imagine, security professionals who design systems. The black hats are those who would break in.
The saying Rivera always heard as he was being introduced to this world was that every white hat started out as a black hat. And it’s true. Companies like Microsoft and Facebook have hired people who report vulnerabilities created by poorly written code or mis-managed or -aligned systems. Some companies have bounty programs which will pay anyone who reports a weakness. The idea is that it takes a thief to truly understand a thief.
“The best security people understand attacks, understand intrusions, and the best way to understand something is to practice it,” says Veracode CTO Chris Wysopal, a security expert who was a member of the hacker “think tank” the L0pht in the ’90s. “Modern security started in the mid-to-late ’90s around this notion.... The majority are sort of self-taught, outside-of-the-mainstream people and to some degree that’s a big advantage because you’re thinking differently about the systems than the people that built them.”