I was pretty much the government’s poster boy for what I had done.
If you go to a coffee shop or at the airport, and you’re using open wireless, I would use a VPN service that you could subscribe for 10 bucks a month. Everything is encrypted in an encryption tunnel, so a hacker cannot tamper with your connection.
But a lot of businesses out there don’t see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it’s still a hard sell for people.
A lot of individuals out there carry a lot of proprietary information on their mobile devices, and they’re not protected. It’s a very target-rich environment.
I love solving puzzles, I love finding my way around obstacles, and I love learning new things about technology.
The explosion of companies deploying wireless networks insecurely is creating vulnerabilities, as they think it’s limited to the office – then they have Johnny Hacker in the parking lot with an 802.11 antenna using the network to send threatening emails to the president!
The government does things like insisting that all encryption programs should have a back door. But surely no one is stupid enough to think the terrorists are going to use encryption systems with a back door. The terrorists will simply hire a programmer to come up with a secure encryption scheme.
Not being allowed to use the Internet is kind of like not being allowed to use a telephone.
I keep my stuff updated all the time. Being in the security industry, I keep up to date with securities.
I don’t know the capabilities of our enemies. But I found it quite easy to circumvent security at certain phone companies throughout the United States. So if an inquisitive kid can do it, why can’t a cyberterrorist do it?
Security is always going to be a cat and mouse game because there’ll be people out there that are hunting for the zero day award, you have people that don’t have configuration management, don’t have vulnerability management, don’t have patch management.
I made stupid decisions as a kid, or as a young adult, but I’m trying to be now, I’m trying to take this lemon and make lemonade.
Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.
I did get a huge endorphin rush when I was able to crack a system because it was like a video game.
My argument is not that I shouldn’t have been punished, but that the punishment didn’t fit the crime.
What I found personally to be true was that it’s easier to manipulate people rather than technology.
Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.
I can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access.
It’s actually a smarter crime because imagine if you rob a bank, or you’re dealing drugs. If you get caught you’re going to spend a lot of time in custody. But with hacking, it’s much easier to commit the crime and the risk of punishment is slim to none.
The perfect PIN is not four digits and not associated with your life, like an old telephone number. It’s something easy for you to remember and hard for other people to guess.
Nine out of every 10 large corporations and government agencies have been attacked by computer intruders.
Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically.
At the end of the day, my goal was to be the best hacker.
I’m still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization.
I’m an expert witness in a case that’s in appeal about a guy who allegedly misappropriated source code from a major, major company – he actually worked there and then apparently they found it on his laptop later.
I started with CB radio, ham radio, and eventually went into computers. And I was just fascinated with it. And back then, when I was in school, computer hacking was encouraged. It was an encouraged activity. In fact, I remember one of the projects my teacher gave me was writing a log-in simulator.
I use Mac. Not because it’s more secure than everything else – because it is actually less secure than Windows – but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines.
A log-in simulator is a program to trick some unknowing user into providing their user name and password.
I saw myself as an electronic joy rider.
I was an accomplished computer trespasser. I don’t consider myself a thief.
Pages: 1 2