It’s true, I had hacked into a lot of companies, and took copies of the source code to analyze it for security bugs. If I could locate security bugs, I could become better at hacking into their systems. It was all towards becoming a better hacker.
I got so passionate about technology. Hacking to me was like a video game. It was about getting trophies. I just kept going on and on, despite all the trouble I was getting into, because I was hooked.
As a young boy, I was taught in high school that hacking was cool.
Social engineering bypasses all technologies, including firewalls.
There is no patch for stupidity.
Social engineers veil themselves in a cloak of believability.
Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.
The key to social engineering is influencing a person to do something that allows the hacker to gain access to information or your network.
You can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.
Social engineering is using manipulation, influence and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits that attacker.
Oracle, for example, has even hired people to dumpster dive for information about its competitor, Microsoft. It’s not even illegal, because trash isn’t covered by data secrecy laws.
I get hired to hack into computers now and sometimes it’s actually easier than it was years ago.
Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.
I think it goes back to my high school days. In computer class, the first assignment was to write a program to print the first 100 Fibonacci numbers. Instead, I wrote a program that would steal passwords of students. My teacher gave me an A.
Security is always going to be a cat and mouse game because there’ll be people out there that are hunting for the zero day award, you have people that don’t have configuration management, don’t have vulnerability management, don’t have patch management.
It’s actually a smarter crime because imagine if you rob a bank, or you’re dealing drugs. If you get caught you’re going to spend a lot of time in custody. But with hacking, it’s much easier to commit the crime and the risk of punishment is slim to none.
When I was in prison, a Colombian drug lord, offered me $5 million in cash to manipulate a computer system so that he would be released. I turned him down.
I made stupid decisions as a kid, or as a young adult, but I’m trying to be now, I’m trying to take this lemon and make lemonade.
It was used for decades to describe talented computer enthusiasts, people whose skill at using computers to solve technical problems and puzzles was – and is – respected and admired by others possessing similar technical skills.
Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn’t have enough space on my 200 megabyte hard drive.