A hacker (let’s call him John) contacted us a few months ago when we published our independent audit results. John wrote that he wanted to check if we’re ‘legit.’ One thing led to another, and we asked him to answer a few questions. John is the so-called ‘White Hat Hacker’, and his first hack was when he was 15. We spoke to John about hacking social media accounts, aircrafts and ethics in general. This is the 1st part of our conversation.

– Social media has over 3 billion users worldwide. How difficult is it to hack a Facebook account?

– Ok, so I have a hypothetical scenario. Say, I’m a hacker, and I want to hack someone’s Facebook account. What do I do?

– You probably check if his/her email and password has been leaked and try that combination?

– Exactly. You’d be surprised how often it actually works. Chances are, the person in question hasn’t changed the password or has been using the same password across different platforms.

If that doesn’t work, and if I’m highly motivated or paid to do the job, I will try other methods.

Scenario 1: I track the person in real life, which is also pretty simple. People share their workplaces, tag their friends and places they visit. Also, they often connect to public WiFis at cafes or restaurants. I’d check if the network is unprotected and try to break in. Then I could sniff the network traffic and try to capture specific packets which contain authentication data.

Scenario 2: by using a simple WiFi antenna (it costs around $5 on eBay), I can determine the name of your home WiFi by listening to WiFi probes when your device is looking where to connect, and by entering it on a website which collects WiFi detection events, like Wigle.net. Thus, I actually find your correct address (check it for yourself). After I know this, I set up a fake access point, the victim connects to it unknowingly, from this point, it’s basically Scenario 1.

wifis

An example from Wigle.net provided by John demonstrating that WiFi names are publicly available

Of course, the latter method is getting old, because people have been learning about SSL, about the importance of encryption. Just one advice – if you get an error message ‘Your connection is not private’, it’s a major red-flag of a man-in-the-middle attack. You can learn what different SSL errors mean here.

An example from Wigle.net provided by John demonstrating that each WiFi name has an exact address, which is also available publicly

–  Have you been ever caught while hacking?

– No, I haven’t. One time, a customer incorrectly estimated the test scope, so, basically, we did a free penetration test for some random companies. We found many critical vulnerabilities.

– What do you usually do if you find critical vulnerabilities?

– That really depends on the company. The most security-aware companies accept their vulnerabilities and even offer a reward. They understand the potential impact if the weaknesses were exploited by some rogue actors.

Others don’t want to accept the vulnerabilities. There was a case when I redid a security audit after 2 years of initial tests, and found that not even a single critical vulnerability had been fixed! Even after reporting again, they did nothing. After a year or so, there was a security incident that involved that company. Some proof of concept was released publicly. Instead of accepting their mistake, they threatened to sue the guy who exposed their vulnerabilities.

I contacted Surfshark although I didn’t find anything concerning. Sometimes I do it as a pat on the shoulder, like: you guys are legit.

– What can companies do to tighten their cybersecurity?

– Facebook and other big companies store an incredible amount of our data. They frequently audit their systems, even offer bounty programs. If you can find a bug which can compromise the stored data, you can earn ton of money. I know somebody who has recently received $15K for one report.

– Where is the line between ethical hacking and crime?

– Hacking can be divided into 3 categories. So-called Black Hat Hackers, who hack for their own gain. They exploit vulnerabilities to gather sensitive information, spread viruses, ransomware, and spyware. They sell the data on the dark market, act aggressively and destructively.

Gray Hat Hackers, or the ‘middle-man’ of the industry, they audit vendors but don’t necessarily have the permission to do so. Often, Grey Hats participate in bug bounty programs, find vulnerabilities and report them to the service providers in exchange for rewards.

White Hat Hackers (or ethical, noble hackers) defend ‘common interest.’ White Hats inform vendors about their findings, and give time to fix the issues. They also conduct security researches, publish their results in compliance with the responsible disclosure guidelines.

– Are you an ethical hacker?

– In general, I’m a White Hat, but there have been times when I had to cross the line between White and Grey. Although even in such cases, I’ve never destroyed or exploited anything more than I absolutely had to.

– Do hackers and whistleblowers like Edward Snowden have anything in common?

– Depends. On the one hand, I think Edward Snowden acted like a Black Hat, he violated every agreement he had with the NSA. But on the other hand, everything depends on which side of the barricade you’re on. Snowden switched sides when he realized that the scope of surveillance is intolerable. So he decided to leak his findings to inform the public about the state of surveillance.

Part II of the interview will be published soon

Protect yourself from snoopers with Surfshark

Only $1.99/mo. 30-day money-back guarantee with every plan

Buy NOW