Before you move on, no, this is not a line from a horror movie. This was the line that captured my imagination as a child. I don’t remember how old I was when I first saw War Games, starring Matthew Broderick, but after seeing Broderick’s character David play a high stakes game of chess with the super computer, “WOPR” or “Joshua” with the threat of global thermal nuclear war, I knew I wanted to learn more about computers and software engineering. Seeing David hack into the North American Aerospace Defense Command through the phone line and meet Joshua by using Professor Falken’s old user account inspired me to want to learn about hacking and what it entailed. My curiosity was fueled by stories from my parents, both computer hardware and software engineers who worked for the United States Navy in various capacities, about the work they did during the Cold War in the 1980’s. It’s been a long road, and I took a major detour, but I’m finally pursuing that dream.
The first program most programmers ever write displays “Hello world.” Mine was “Stop.” Four little letters translated from an ASCII dictionary into binary: 01010011 01110100 01101111 01110000. Why? Because I was a smart ass. In eighth grade I was pestering my mom who yelled at me, “Can you spell ‘Stop!’?” to which I replied, “0–1–1–0–0–1,” or something like that. In beautiful parenting fashion she said, “Alright smart ass, now you’re going to actually learn how to spell it in binary code, since you want to be an engineer so bad.” I spent the weekend learning about Binary code, Hexadecimal code, and ASCII and writing out the alphabet, lowercase and upper case, by hand, in binary code without a reference sheet to copy from. The unintended consequence? I now had a code to pass notes with in class that could not be translated unless the recipient had a key. My history teacher was impressed, my parents? Not so much.
In high school I took on the persona of a rebel without a cause. What was I rebelling against? I have no idea. I was rebelling for the sake of rebellion. Did I party and get in with the wrong crowd? Nope. I hung out with the other geeks and nerds. My friends talked about the Anarchist Cookbook, the deep web, and hacking other people’s MySpace accounts, and I was intrigued. How does one hack a MySpace account? I googled. I discovered Incognito browsing and hooked up my laptop to a neighbor’s guest WiFi account they had left unsecured and downloaded the Anarchist Cookbook. I read the chapter about hacking and eventually found Hack This Site!. Through Hack This Site! I learned how to write HTML and implement redirects for forgotten password requests. I learned how to manipulate the code of a website to gain access to features that required user log-in credentials either through brute-force or obtaining those credentials through interception. And then, one day, I tried it.
My high school had a very basic website in 2008. There was no CSS, the style was inline style tags in the HTML. There was minimal Javascript since there wasn’t much media that had to be manipulated, merely hyper-links that led to different pages and the student portal to track grades and class schedules. But there was a “Staff Only” section that needed a staff member’s login. Challenge Accepted. I had already tried using my student login but that gave an error that I didn’t have the right permissions. Fair enough. I pulled up the source code for the site, loaded it up in Notepad, DELETED the code block requiring the need to log in, saved the file, and then loaded said file in Firefox, and I was in. I couldn’t believe it. In the most brute-force way, I had managed to gain access to the Staff Only page. There were links to the Loss of Privileges List, attendance records, a database that had every student’s student i.d. number with their name, a link to the teachers’ portal and grade-book (which was hosted on a separate site, so I didn’t dare try to hack it), the school library’s own intranet, which showed who had what books checked out, who owed fees for late, lost, or damaged books, and the online catalog, and bulletin board with current events around the school. The rush of adrenaline was exhilarating. Out of fear of being caught, I closed everything down because I knew there was the possibility that our webmaster and IT department could track all accesses on the network. But I now had a new project.
Over the course of the next couple of weeks, I worked to find a way to login to the school computers without needing to use my own login. Unfortunately, this proved rather difficult and I got caught. While working in the computer lab during English class, I had finished my essay and decided to try to poke around on the student database and see if student passwords were stored with their ID numbers. The man who was in charge of the computer labs was very much like Mr. Filch, from the Harry Potter series, in terms of temperament, and we enjoyed playing with various settings to see him freak out because he wasn’t the sharpest tool in the shed and would think we broke the computer. I figured as long as it looked like I was working, he wouldn’t notice what I was actually doing. I was wrong. While I was manipulating the code for the website to remove the login feature, he decided to actually read what I was typing. When I loaded the Notepad file in Firefox he asked me what I was doing. I tried to play it off by saying it was a school project, while minimizing the screen to pull up my essay, but he wasn’t buying it. After pushing me aside, he pulled up the browser and saw what I had done. He was livid. He called the webmaster over, who happened to also be my vice principal and told him what he had caught me doing. My vice principal seemed rather amused and asked me how I managed to gain access, so I showed him. After rolling his eyes and chuckling a little, he dismissed me and left. Anytime I had to work in the computer lab, the lab supervisor forced me to sit in front him him for the rest of the year. Needless to say, that security vulnerability was fixed, but I soon found I could request a forgotten password and send the email to a fake account I had access to. I also exploited this vulnerability for a few weeks, gaining the passwords of several staff members and even one of the administrators. When the new semester started, and we received new students, I created a new student login with a common last name and a random first initial that would get lost in the database of computer accounts, which I had found was separate from the database of all enrolled students, since it didn’t require a student ID number. Shortly afterwards though, I found that this vulnerability was also fixed and I lost access to my fake student account. Out of fear of getting caught, I stopped hacking, and decided I would get into too much trouble if I pursued software engineering. Other attractions in high school distracted me, and when I graduated, I had decided to go into pursuing a career as a chef, even though for my senior portfolio exhibition, I had written up my own web page to showcase my portfolio. When asked by the Geographic Information Systems teacher and the counselor who sat in on my presentation why I didn’t pursue software engineering more in school, I told them I had gotten in trouble with it once and that my own counselor was less than supportive, so I decided to try something new that I had fallen in love with as a part time dishwasher and prep-cook at an Italian restaurant.
Twelve years later, here I am, once again diving into coding. Through General Assembly, I have learned how to build full stack web applications with JavaScript, Nodejs, React, and Express, and am looking once more into authentication and cyber-security, this time with a white hat. These last eight weeks have been incredibly challenging but I love the problem solving, and when a program runs the way I want it to after hours of working to get the logic right, it is so rewarding. My classmates and instructors have been incredibly supportive, and I am so excited for my new career as a software engineer.
The Measure of a Man 