NEWSLETTER

How much could a legally employed hacker expect to be paid to test a company’s security systems?

It depends on the company but anywhere between $200 and $5,000 per IP address for a corporate job. The money isn’t where the fun is though. The fun in audits is having legal access to hack anything you want, however you want, provided it doesn’t destroy data. The real funny thing about audits is that a lot of the time the IT department won’t tell the staff what is going on and so you get helpdesk managers and call centre staff losing the plot trying to figure out why nothing is working. Meanwhile, you are sitting out the back giggling with an evil smile on your face. I did an audit on a credit card gateway machine a few years back and proved it to be very insecure. I was able to access the whole system and crack the passwords within half a day. The bank which owned this machine sent in three high-paid security experts, all trained by Microsoft, to prove me wrong. For half a day I sat there watching these ‘experts’ try and suss the server out and every time it looked like they were making a bit of progress, I would send a BSOD (Blue Screen of Death) to confuse them. I heard later this bank was paying them over $100,000 a year each to secure a bunch of these servers. Dumb fucks. That server was taken away two days later and the company I worked for changed banks for their automated credit card transactions.

Awesome. What is the practice of war-driving?

War driving originated from something called war dialling. War dialling involved calling up a bunch of numbers, either randomly or in sequence, and trying to detect which ones were modems and consequently a possible hack. War driving is the wireless version of the same thing.

Do hackers do this regularly for fun?

They’ll probably do it until it’s easy, then forget about it and move onto something more challenging.

So if you were parked outside my house, how quickly could you hack my wireless password and get into my personal files?

That would all depend on what type of encryption and passwords you use. If you were slack like me and had your wireless password set to 0000, it would probably be easy. Someone who has a proper wireless hacking station will be able to get full access to unsecured files in under 10 minutes.

How many hours a week do you spend on your computer?

40 hours a week at work and 40+ hours a week at home. However that’s all playing World of Warcraft.

Have you ever been in trouble with the law?

Of the crew that I was in, one ended up in court, one ended up with multiple visits from the feds and another guy and I stayed real low (no bank accounts, no bills in our name, no license etc.) for about a year. I then decided it would be best if I didn’t involve myself in those activities anymore.

What’s the harshest sentence that has been dished out for a hacking offence?

I believe it was for removing or altering data. People like Electron got 18 months in minimum security. I know there have been harsher sentences for credit card fraud but that’s not real hacking—that’s stealing. And if you are going to steal, steal off the government and corporations, not the general population.

Tell us about the Australian hacking group The Realm. Who were they and what did they do?

That’s almost before my time. The Realm was a BBS (Bulletin Board System) from the late 80s where a lot of people would meet up and plan events. It quickly grew into a place for information exchange, swapping and developing exploits, dating and a place where computer geeks, who weren’t really accepted by society, could hang out and talk to each other.

There is a widely available hacking magazine called 2600. What does that stand for?

The 2600mhz tone, when played down an old school public phone, would drop the line directly into an international trunk, allowing whoever was on the end of the phone to dial anywhere in the world free of charge This was fixed at some stage in the 90s and I don’t believe it ever worked in Australia—at least it didn’t when I tried.

Is there a hacker’s code of conduct?

Most good hackers will make an effort not to break anything or steal anything.

Apart from taking advantage of computer security and phone systems, what other things could be hacked? We technically hacked this bar tonight by sneaking in hip flasks right?

Ha, yes that is a type of hacking. I hacked the Engine Control Unit on my car by unplugging the automatic and bypassing the thingy which says when to change gears, so instead of changing at 5,000 rpm it changes at 6,000+ rpm.

‘Social Engineering’ plays an important part in hacking right? Can you give us any examples of how this works?

‘Social Engineering’ could also be known as ‘being a con artist’ because that’s where a lot of it comes into play. It’s all about using good old fashion tricksies and lying to get information that will help you with a hack.

So do you have a normal day job in IT?

Fuck no. Computers shit me and if it wasn’t for pirated music, car videos and World of Warcraft, I probably wouldn’t use my computer at home very much either.

What makes a good hacker?

One who doesn’t get caught.

JOEY SPINOZA


IT’S IN THE COMPUTER | 1 | 2 |

< PREV

MORE FROM THIS ISSUE

NEXT >

POST A COMMENT [SIGN IN] Hi, in case you haven't heard, you can now sign up to become a "member" of Viceland.com, which entitles you to all sorts of amazing benefits like pictures and a nickname. Click here to make your own profile. You can still comment if you don't, but you gotta do it all 'nonymously.

Name:
Comment: