Interview with a hacker

Hacker: The current popular meaning of the term is to describe those who break into computer systems or networks, destroy data, steal copyrighted software, and perform other destructive or illegal acts.

On a side I admire these people, on another side i detest. Server administrators, developers and end-users always have to take appropriate actions to avoid these people thinking about how something can be exploited. But these people are extremely smart and I always have respect for smart and intelligent people.

A while ago a friend of mine presented me a 29-year-old girl, Catherine, just moved from the USA (Massachusetts) in my country. The first impression was pleasing, nothing fancy, she’s just another Jane Doe from the street you look after. We rapidly found a common subject: Internet and network security. Amazing, never thought i will ever talk with a beautiful girl about these subjects, no offense, ladies, I just didn’t meet this combination yet: beautiful and interested in IT&C. We talked about the internet till no avail, then after 9 hours of talking, which is uncommon in my case, we gave up and everybody went forward on its own road.

Then after a few days when I met again my friend who presented me Cathi, I asked him, what’s her job? The answer was shocking: she’s a hacker. I remained speechless.
I called her and invited for an interview, she gladly accepted.

Below you can read the most important questions, it’s a translation from german (because she talks german, too!) so I translated the best I could. So here’s the interview:

Q: Are you really a hacker?
A: Well, I don’t like that word. I’m just another programmer who likes to know more about people, computer systems, to look what’s behind the things and likes to do what others wouldn’t do.
Hacker is a too wide definition, for example there are hackers who break in end-user’s PC to place badware which will be used to steal personal data or will act like a dDOS client. These are black-hat hackers. When I started, I did things like that but now I would never ever do it again, so if you really want to call me a hacker, call me white-hat hacker.

Q: As far as I know you are a full-time hacker. Could you please elaborate?
A: As I said, I don’t do really bad things anymore. I break in systems because for example a corporation asks me to test their security. When we sign a contract, I will try to compromise their system, their internal network and their website. Again, I do it because that’s why I was hired for by the owner of these applications and systems.
If I find anything which acts like a start-point of an attack or I find any security hole, I report and suggest some fixes.
This job is full-time because of my manager who finds me these jobs. He does a very good job, I have work all the year, each day. I think I also have some kind of reputation because some clients tell me they found me through one of my previous client.

Q: Can you tell me which corporations did you work for so far?
A: Nah, that’s strictly confidential. For the record, I worked for some really big corporations and some really small LLCs too. I don’t make any differences, if they can pay my fee, I do it, the size of the firm doesn’t matter.

Q: So what’s your fee? Or if you can’t tell that, what was your income for the past year?
A: My fee depends on what do I have to do. If I have to break in a closed circuit system, costs much. If I have to hack a website, that costs less. It also depends on how complicated a system or application is. If I have to find security holes in a few script that will not cost as much like hacking a mammoth social network, for the matter of the example.
What was my income last year? If I’m not mistaken it was a bit more than 800.000 USD. So this is a profitable job.

Q: How did you learn how to break in systems?
A: That’s a hard question. I finished Computer Science on the MIT (author’s note: Massachusetts Institute of Technology), so that’s where the whole thing started. Everybody tells me I have incredible analytical sense, so that also contributes. Then as I said, I like to do what others won’t do and to look behind the things. I learned many things from others’ mistakes, too.
But I think the basics I learned at MIT, then the rest I learned by myself from books, examples and so on.

Q: You said you did some nasty things back in the days, too. What were these things?
A: First of all, I’m not proud of these things. I realize what I did was very bad and I consider those acts mistakes which I learned from.
While I was studying on MIT, I put twice the campus’s network on its knees, just because I could.
Then, when I finished the Uni, I didn’t search for a job. Bored at home I started to use my knowledge to spread a not so well-known virus on the East-Coast and successfully infect about one million computers.
Then a firm asked me to somehow promote their products, cheaply. I asked for 5 cents per email sent. I wrote a Trojan Horse and spread it on various P2P networks. The application affected only Windows systems with a mail program installed, but the number of these was more than enough to send out about one million spam message. Go figure about the income, it took me about 3 hours to create the whole thing, so the payment was exciting.

Q: If this business-model was so profitable, why did you give it up?
A: I’d rather not talk about this. Let be enough that with my actions I made someone homeless, someone who I respected and loved.

Q: How did you start the current job?
A: I wanted to use my knowledge for something good. I started to e-mail big companies about vulnerabilities I found on their websites, then one of the biggest e-shops mailed back that if I have the knowledge and willing, get in car and head in New york for a meeting with their technical department. I was there.
They gave me a notebook with wireless net access and asked me to break in the inner network. I did. Then we signed a contract and I tested all their systems and websites. They were very pleased, and they started to suggest their affiliates to hire me.
Then after a time I got so much e-mails and calls that I couldn’t focus on my job, thus I hired my manager.

Q: If you’d have the possibility, what would you tell the black-hat hackers?
A: What they do can be profitable on the financial side, but their action can bring someone severe consequences. There are jobs which are made for their knowledge, find one.