Interview with a BlackHat
Comments
-
gabypr
Member Posts: 136 ■■■□□□□□□□
Very interesting, thanks for sharing.EC-Council Master in Security Science M.S.S [Done]
Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter -
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
Regarding his DDoS blackmail comment - I was recently at an ISC(2) conference in Phoenix in which a cybercrime FBI investigator flat out told us they do not invesgigate DDoS attacks unless the victim is an important target, such as a fortune 100 bank. Pretty much leaves everyone a sitting duck for that type of thing. -
mapletune
Member Posts: 316
cool article, thanks for sharing.
also, i'm guessing that the site is being ddos'ed.Studying: vmware, CompTIA Linux+, Storage+ or EMCISA
Future: CCNP, CCIE -
Master Of Puppets
Member Posts: 1,210
Great stuff, thanks!Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. -
RomBUS
Member Posts: 699 ■■■■□□□□□□
Wow very interesting...kinda makes it look too easy you know. This probably took a lot of years to setup and be part of something to pull off some of the things himself and his team did -
Sounds Good
Member Posts: 403
Makes me want to learn the black hat trade
On the plate: AWS Solutions Architect - Professional
Scheduled for: Unscheduled
Studying with: Linux Academy, aws docs -
effekted
Member Posts: 166
"Adam" is obviously highly skilled since he is still able to do what he's talking about, but like he mentioned a lot of it you can learn from google and various places on the internet. Compromising a system or getting in thru a vulnerability isn't the hard part, doing it without leaving a bread trail back to you is where you see the difference between noob/script kiddie and "professional" Blackhat.
Take the initial compromise of Sony for instance, anyone able to follow instructions could have google'd/watched a youtube video on using Metasploit and gotten into the system. It's been a while but I want to say it was an outdated Apache running either no root password or the default.
That's why its important to always patch anything open to the internet, change all default logins, and due diligence. Otherwise you're a stationary target just asking to be compromised. -
MiikeB
Member Posts: 301
I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.
I don't doubt some truth, for example he may very well have done DDoS for ransom etc, but "making millions and just funnel it through a cafe" type of comments seem like discussing something that he isn't actually familiar with the details of.Graduated - WGU BS IT December 2011
Currently Enrolled - WGU MBA IT Start: Nov 1 2012, On term break, restarting July 1.
QRT2, MGT2, JDT2, SAT2, JET2, JJT2, JFT2, JGT2, JHT2, MMT2, HNT2
Future Plans - Davenport MS IA, CISSP, VCP5, CCNA, ITIL
Currently Studying - VCP5, CCNA -
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.
Keep in mind this person worked in a crew; therefore he likely was not involved in all the minutia outside of his specialty. Early in the interview he claimed his specialty is social engineering.
To your credit, I agree, not everything you read on the internet is true; however I can see how one might not know intimate details of the entire operation.
