Interview with a BlackHat

wes allen

Kinda interesting:

Interview With A Blackhat (Part 1) | WhiteHat Security Blog

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

gabypr

Very interesting, thanks for sharing.

MrAgent

Great read. Thanks for sharing.

YFZblu

Regarding his DDoS blackmail comment - I was recently at an ISC(2) conference in Phoenix in which a cybercrime FBI investigator flat out told us they do not invesgigate DDoS attacks unless the victim is an important target, such as a fortune 100 bank. Pretty much leaves everyone a sitting duck for that type of thing.

olaHalo

I shared this with many coworkers, they all seem impressed.

mapletune

cool article, thanks for sharing.

also, i'm guessing that the site is being ddos'ed.

Master Of Puppets

Great stuff, thanks!

SecurityThroughObscurity

Interview with a pompous young man.

z3r0cool

"Uni"?
"Mummy"?
"fortnight"?

definitely a Brit

RomBUS

Wow very interesting...kinda makes it look too easy you know. This probably took a lot of years to setup and be part of something to pull off some of the things himself and his team did

Sounds Good

Makes me want to learn the black hat trade

effekted

"Adam" is obviously highly skilled since he is still able to do what he's talking about, but like he mentioned a lot of it you can learn from google and various places on the internet. Compromising a system or getting in thru a vulnerability isn't the hard part, doing it without leaving a bread trail back to you is where you see the difference between noob/script kiddie and "professional" Blackhat.

Take the initial compromise of Sony for instance, anyone able to follow instructions could have google'd/watched a youtube video on using Metasploit and gotten into the system. It's been a while but I want to say it was an outdated Apache running either no root password or the default.

That's why its important to always patch anything open to the internet, change all default logins, and due diligence. Otherwise you're a stationary target just asking to be compromised.

UnixGuy

amazing read! thanks for sharing!

MiikeB

I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.

I don't doubt some truth, for example he may very well have done DDoS for ransom etc, but "making millions and just funnel it through a cafe" type of comments seem like discussing something that he isn't actually familiar with the details of.

YFZblu

MiikeB wrote: »

I'm not convinced this is 100% true or accurate. His explanations were overly simple and generic, and when he tried to act like he was going in to detail it sounded even more oversimplified.

Keep in mind this person worked in a crew; therefore he likely was not involved in all the minutia outside of his specialty. Early in the interview he claimed his specialty is social engineering.

To your credit, I agree, not everything you read on the internet is true; however I can see how one might not know intimate details of the entire operation.

mworwell

Thanks for sharing. Very interesting interview.