I talked to an ethical hacker. At the age of 29, E. works for a communications company in Bucharest. He graduated in Telecommunications at the Polytechnic University of Bucharest, and after graduating, he worked in communications security and cybersecurity for several companies in the telecom industry. He agreed to talk about hacking, risks, and ways to protect ourselves.
Reporter: Hi E.! Thanks for agreeing to talk. First of all, what is an ethical hacker?
E: He is a man with the ability to do much harm, who decides not to do so. (laughs) Seriously, an ethical hacker is an IT professional who understands how hackers operate and tries to make it as difficult as possible for them. You need to have a good understanding of how operating systems, programming languages, and networks work in order to properly configure and protect them.
A: When did you realize you wanted to do this?
E: The first time I came across game codes. We saw that some players used programs that gave them an advantage over other players. I wanted to use them too. I quickly realized that it didn’t satisfy me, but that was the first contact. In high school I laid the groundwork for programming. Then, in college, I had colleagues build their applications, install them on lab computers, and copy the questions and answers from some previous group exams. Or program a memory stick and copy documents from the teacher’s computer. Thus they had the subjects of the previous exam. (This sentence can be deleted if it is too much). (laughs) I really realized that I wanted to work in this field at one of my first jobs. One day, I was hacked by someone from Spain. It took us almost 24 hours to understand how they created the security breach. It is very easy for someone to make a mistake or not to do their job well and someone will try to take advantage.
A: What is the worst thing a hacker can do?
E: Nowadays, a hacker can kill people. In many ways. An example that comes to mind now is the Swatting phenomenon. This involves finding out the location of the victim, her name and calling the emergency number. The hacker uses the victim’s name, says he is armed, that he killed someone, is in a house with a child and is going to kill him and then commit suicide. The reaction of law enforcement in many countries is lethal in such situations. Also, a few years ago, in Italy, a group of hackers attacked a server playing host to the services of the unique emergency number. They blocked about a hundred calls to the emergency number, resulting in two casualties.
A: Why are hackers doing this?
E: Many times, they just want to show that they can do things that others haven’t thought of. For example, not long ago, a group of hackers in London managed to change the display on a billboard in the city center in about 15 minutes. They put a message like that – we managed to do that. They violated several laws in the process, but in the end, they escaped. Most start with harmless stuff. Stolen game user accounts, friends’ social media passwords, and so on. From a certain level, for money. (smile)
A: How do hackers make money?
E: There are some classic variants. Cloned card fraud, blackmail and, lately, ransomware. They encrypt all information on a server and ask for a reward to give users access to data. If it’s your laptop, maybe it’s easier to buy another hard drive. But if you are a hospital and you have critical patient information in digital format, that information can make the difference between life and death. Rewards can reach millions of dollars.
A: What is the purpose of a hacker when he attacks?
E: In short, any hacker’s ultimate goal is to access a server with admin rights. Once here, he can do absolutely anything he wants. From encryption to modifying or deleting data. The process is long and difficult and I will not go into details.
A: We are seeing more and more attacks at the institutional level, during this tense period.
E: Indeed. Fortunately, the attacks have not been very effective so far. What we have seen so far has been chaotic attacks, with no definite purpose. It doesn’t cause much damage, but it does create panic.
A: What are the advantages of being a good hacker, not a bad one?
E: No day looks the same. You have to use your logic, deduction and imagination. You work differently. You put yourself in a hacker’s mind and think about how to counteract his logic. It is a very demanding job, but it also gives you a lot of satisfaction.
A: And from a material point of view?
E: It’s a very well paid job. In Romania, the salaries of an inexperienced junior start at RON 2,000 per month, but can also reach RON 60,000 per month for an experienced specialist working in a niche. If you are a company that can lose hundreds of thousands of euros for every hour of downtime (during which the services are down), you can afford to pay well the people who protect you from such situations.
A: Sounds good. How can I enter the field?
E: (laughs) You need passion and curiosity first and foremost. You have to like it and want to understand how the systems work and why. Maybe half of my time is spent studying and researching. It is an area where if you are not up to date with the latest technologies and developments, you fall behind very quickly. Then everyone has their own style of learning. There are many courses, tutorials, some are free on the internet, others are expensive, but they give you a certificate. For a student, I recommend learning programming as early as possible. Any programming language helps. It is an infinite field. Nobody knows everything. You have to get used to this idea, but you want to learn as much as possible.
A: Can you give me an example of a case where you faced a hacker?
E: Not really a hacker, but a scammer. I was contacted on a social media platform by a user I didn’t know who promised me that if I signed up for a site, I would receive a significant reward in Bitcoin. Careful! No one will ever give you free Bitcoin. There are indeed companies that offer you other crypto currencies at launch, but never Bitcoin. Having some time available, I dealt with the situation that on an internal project. I rigorously analyzed the site. He asked for a lot of personal information and also the private key from his bitcoin wallet. I noticed that to create an account, you could also add a picture. I uploaded a script that looked like a picture and in short, I managed to get admin rights. I blocked the option to create an account on the site so that no other victims appear and I wrote big on the first page “This is a scam”. Then I reported the email and the domain to the service provider along with all the evidence I had. Providers usually have a blacklist that they share with each other. Good luck getting started and finding a new provider.
A: Is your job dangerous?
E: It can happen. Think about getting access to critical systems and information. Systems that centralize or control significant cash flows. With access to certain systems, there may be less friendly people interested in this information. Basically, you lay low. I will never have a job description on social media ethical hacker. Nobody does that. I protect my identity and data security, but without becoming paranoid. I do my job and I don’t stand out. I enjoy life without showing it.
A: What is the phenomenon of social engineering?
E: They are good handling professionals and programmers. They choose or receive a target, which they then spin. Find all possible data about that person online. Then he spins the group of relatives. Look for a weak link that could be used. Assuming you have access to critical information, a social engineer may try to befriend you. Or break the social media account of a good friend of yours and then pretend to be that friend and send you a link that allows them access to your device. They are social chameleons and are often hired by companies to test the physical security of certain buildings, or various vulnerabilities of the human factor.
A: Please tell me, how do I protect myself as a basic technology user in 2022?
E: The best advice I can give you is to take care of your accounts. Use passwords as long as possible. This increases the difficulty of a breach. Use multiple fingerprint, sms, or third-party authentication services. Do not recycle the same password. I recommend using an offline password manager. I do not recommend those integrated in the browser. And for sensitive information, at least make a backup.
#INTERVIEW #ethical #hacker #hacker #kill #people #today