What is a hack?
What does it mean to hack?
To be a hacker?
I start with these questions for a reason. We all have different thoughts about what these words mean. Then we put them into more distinct categories.
Life hacks anyone?
I was listening to a podcast the other day and this was the topic of their discussion. Most of the time, we view a hack as some sort of shortcut that we can take.
But personally, I like thinking of hacks and hacking in the cybersecurity sense, because that’s what I grew up idolizing. Not necessarily the law-breaking bits, but moreso the general approach.
It was all about being smarter, more clever, more creative than the people who designed the systems in the first place. It was about understanding the systems more than the people working on them. Knowing where the gaps were, diligently probing the system for weaknesses.
I don’t know about you, but that seems way different from life hacks to me.
On the podcast, one of the things they kept talking about was the fact that the people coming up with the best “hacks” were typically people who understood the fundamentals of what they were talking about and were simply trying to package up the most beneficial fundamentals into smaller “hacks” that people could more easily understand.
Now, that sounds a lot more like the hackers I was talking about, right?
But, like anything else, hackers have their levels. At the top are the “true” hackers, those who can attack systems anywhere if they decide there's something there they want. But they also package up these hacks, publish these exploits, build toolkits for people to use.
Then, on the lower rung, there were those people known as “script kiddies”. These are the people who didn’t really understand what they were doing, but they took those pre-packaged hacks and called themselves hackers. They were typically looked down upon by a lot of the hackers at the top, because there was no art there.
But I think those who looked down on the bottom rung typically missed a few points.
They were likely script kiddies themselves at one point. You don’t emerge at the top spontaneously. It takes time, work, and practice to get decent. Being a script kiddie is a great way to get your feet wet and take advantage of the work of others.
Many times, they valued doing things the hard way instead of using pre-packaged hacks. It was more “pure” that way. Because it was harder, it was more valuable. Have you ever felt that way? I know I have. I used to really hold on to that idea tightly.
It’s impossible to stay on the cutting edge alone. Systems are evolving too quickly. As complexity increases, it’s impossible to know everything about everything. By leveraging the work of others across systems everywhere, it’s a lot easier to stay up to date.
Turns out, this pattern exists pretty much everywhere. There are the people building the systems around us that we engage with daily. Then there are those working the edges of the system, looking for any way possible to gain an advantage. And, inevitably, someone sharing these exploits to the world: “Here are 7 tricks that your [doctor | sysadmin | therapist] will hate”.
There are those who believe that everyone should work within the system and look down on those people who play at the edges. But those at the edges play a very important role: they get the system to harden itself.
If nobody was trying to hack the system, the system would never improve. And then it would be vulnerable to anyone who eventually decided to exploit it.
Anatomy of a Hack
Let’s take a look at what a hack looks like over time.
In the beginning, there was a system. And the system was good. It took some inputs and provided some outputs. It did everything the key stakeholder wanted. It took X and output Y.
But then one day, someone realized that if you provide a certain variation of X, you could actually get Z instead of Y.
Turns out, there was a market for Z. And they were the only one who had Z.
This is called a Zero Day exploit. It’s not widely known, so this is where it’s the most valuable. The owners of the system haven’t had a chance to defend against this exploit because they don’t even know it exists.
Now, obviously, the discoverer of this exploit doesn’t want to share it with the world, because that makes the value of their discovery go down.
If the owners of the system were smart, they would have a “bug bounty” program that would pay the discoverer handsomely in exchange for the exploit. This is great for a number of different reasons, most notably, the person gets paid for discovering it, they can get paid in a legitimate way instead of dealing with typically shady characters, and they can feel good about making the system stronger.
But regardless of how it happens, eventually word spreads and a bunch of people know about how we can make the system output Z. And most people who are using the system have patched it, because that’s the easiest way to harden the system.
But maybe there are a couple of users who don’t bother to patch their versions of that system. They can still be exploited, but it’s not that valuable, because the vast majority of users will be patched.
Now let’s view this through the lens of “growth hacks” on social media. Someone discovers a way that they can leverage social media to grow some number (followers, likes, etc). At first, it works great. They can make their numbers (and likely those of the people around them) go up at will. But over time, people realize this hack and start publishing all they can about it. “Go viral every time with this one weird trick”
But, like an exploit, this will become less effective over time. At first, threads were a great way to share information on Twitter. And the algorithm was happy to share them widely. But then the script kiddies showed up and started trying to exploit the system with pre-packaged hacks.
“Twitter is a free university, but 99.7% of people are using it wrong.”
The more people using a hack, the less of a hack it really is.
How To Be A Hacker
Here’s my challenge to you: take the step from script kiddie to true hacker.
Understand the systems you are working in. Find the Zero Days.
It’s really easy to follow what everyone else is doing, but that is by definition a game you will lose. The people at the edges will always win over time. You don’t need a million different wins. One good Zero Day is all it takes. But to find those, you need to understand the fundamentals.
When you find a hack that is appealing, dig in to understand what it is about that hack that appeals to you. Don’t just accept that hack as it is. Take it apart. Learn how it works. What fundamentals apply?
Then try to recreate it somewhere else. Over time, patterns emerge. You’ll develop a feel for what to do when.
And when you’ve mastered the fundamentals, and you examine a system, you’ll see the edges and know what exploits might fit. You won’t need to rely on someone else to hack the system for you.
That’s when you’ll be a hacker.
Content Corner
Ok, gotta start with the obvious, which podcast episode triggered this entire newsletter?
The answer: No Clear Answers. This has quickly become one of my favorite podcasts. Check out their episode on Hacks:
I also had a chance last week to have a great conversation with a friend of mine who’s a mental health podcaster/YouTuber and we discussed the impact of AI on mental health.
Finally, I reached into the vault and pulled out an episode of How To Scale Yourself and grabbed some of my favorite moments from one of my favorite episodes.
You should definitely check this out if you want to learn how to become unignorable with your product.
Bonus: if you are interested in hacking, there’s a great book I recommend:
Hacking and the Art of Exploitation
It’s an older book, and it touches on some really low-level concepts, but it provides a great overview of using strong fundamentals to build powerful exploits.
Until next week!
~Leo