Rafay Baloch is an Ethical Hacker and a Security expert from Pakistan; he is the owner of www.rafayhackingarticles.blogspot.com and the writer of the book "A Beginners Guide to Ethical Hacking. Vaidehi Sachin caught up with Rafay Baloch on facebook to know more about cyber security
Which websites have been Hacked by you recently?
I am an Ethical Hacker and use my information for positive purposes, I don't hack websites I just test them for vulnerabilities and then inform the respective owners to fix it before others do any serious damage.
There was recently news that Vijay Mallya's website was hacked? How far was it true?
Yes the information is 100 per cent true, even I saw the site myself when it was in a defaced state. It was hacked by Pak Cyber Army with SQL Injection attack. Recent studies show that around 90 per cent of the websites get hacked. This method is really difficult by default for Newbies. However there are some online tools through which even a script Kiddie can hack websites.
There are lot of Indian politicians and other bigwigs whose money is lying in Swiss bank accounts? How do you hack these accounts?
I haven't tried and also won't try because I use my Information for positive purposes. The most common method hackers' use to hack Swiss Bank accounts is through Phishing or Spoofing. Say the Hackers target is Paypal account. The hacker will create an exactly similar page like the original one and use some Social Engineering Techniques to make the victim login through that page. Once the victim logins through the Fake page he will loose his account there.
How can one learn hacking?
Well Hacking is not an Art which can be mastered overnight, it requires patience, knowledge, skills, creativity, dedication and of course time. Every one can learn Hacking provided that they learn from Basics and have a good source of knowledge. There are many scam services and softwares claiming to hack for you but their objective is just to steal your money. However there are many good books and other resources available through which one can become an Ethical Hacker
Have you heard about Bruce Sterling book "The Hacker Crackdown" where they gave an interview with the head of the New York Police Department? He says hackers are principally not good at creative programming. What do you think about it?
This can be sometimes true and some time not. How ever it has been observed that most popular hackers were good at creative programming, but still nowadays there are such Hacking tools that even script kiddies can start Hacking so in this case the statement can be considered true. Personally I think that one cannot be an Elite Hacker without knowledge of programming, which means that he cannot develop his own exploit and will use pre-developed exploits.
Is it hard to penetrate into the "closed" computer systems?
Yes it is difficult to penetrate into closed computer systems than open computer systems. Attacks such as Netbios Hacking won't work if the target is not online.
What hacker achievements could you tell us about?
At the age of 16, I became aware of most of the techniques which Hackers use. I think only few people are able to accomplish this at a young age. I run a blog www.rafayhackingarticles.blogspot.com with over 13000+ Rss readers educating 100000's of people every month to protect their sensitive information from being hacked by Hackers. I think this is my biggest Hacker Achievement.
I think hacking is probably unsafe, isn't it? There are some appropriate authorities like Cyber Crime Department that fights computer crime, don't they?
Yes hacking is probably unsafe; there are lots of laws introduced against Cyber crime. There are lots of Cyber Crime Departments such as FIA, CBI etc that fights against cyber crime. Having information about Hacking Techniques is not bad however what matters is how you use this information.
Do you think you are a criminal?
Certainly not as I have not hacked or defaced any person's private data illegally.
Why is the image of a hacker associated with romantics of 21st century for some people, and with crimes and computer piracy for others?
It depends upon your thinking some think it as part of protection however other think it as unethical.
How did people come to know about you and how did you multiply your business?
In March 2009, I started a security related website www.rafayhackingarticles.blogspot.com in which I spoke about some methods hackers use to penetrate systems and steals your private data and methods to protect them. The search engines started picking my content and gradually my website became popular day by day because I was providing my readers unique content which was not available any where. I don't make efforts to multiply my business but readers efforts makes my business go viral.
How easy is it to hack a computer? Has security improved much? Have things changed vis a vis what you did years ago?
With the tools available nowadays it can be a cakewalk for the Hacker to hack a computer system. However the security has gradually improved over the past few years. However since people are unaware about computer security its easier for the Hacker to hack a computer.
This is just for understanding as to how vulnerable is the common user?
A common user is not aware of Hacker's techniques so he is widely vulnerable
What does social engineering mean in the context of hacking?
Social engineering is defined as the process of obtaining others passwords or personal information by the act of manipulating people rather than by breaking in or using technical cracking techniques.
How do they use this concept of social engineering?
There are lots of way through which the Hackers use Social Engineering below is the example of a social engineering attack. Robert (Hacker) calls Michael and pretends to be a Google employee. Here is the conversation.
Robert: Hi Michael I am Robert a Google employee
Michael: Oh How are you doing?
Robert: Me fine. I am here to inform you that Google is performing a security update on all Google account and therefore to install those securities updates on your account.
Michael: Yes kindly install those security updates.
Robert: Thanks for your interest in our security updates we will require your password for installing it.
Michael (Victim) has become a victim of social engineering, he will give out his password thinking that the person whom he was chatting was a Google employee.
Note: The Hacker will create an account similar to
Google updates (at)gmail.com Security update (at)gmail.com
How would you consider the safety of online banking and credit cards online usage?
At times it can be safe. If you are unsure about the security of the website don't use it. However you can use some payment processors like Paypal, Alertpay etc to avoid your credit card number to be exposed.
Do you also use online banking for monetary transaction?
Yes I use Online Banking for monetary transactions.
What achievements in cyber space made you a celebrity overnight in your community?
My biggest achievement is my website which is one of the top security sites in my country.
I think you attract a lot of media attention? How does it feel?
Yes that's true. I feel that I deserve it for the work it do. Remember "Success never comes by accident.”
What are your other hobbies?
My other hobbies include playing Piano, Snooker etc.
Have you ever been hacked?
With the grace of ALLAH I haven't been hacked till now.
What can you tell us about iPhone hacking? What is the technology involved?
There are lots of Spyware softwares such as Mobile spy, Spyware Gold which allows you to spy on IPhones.
How do you see the future of hacking in the next 5 years?
In the next 5 years security will improve as well as Hackers. The number of Hackers will keep on increasing day by day hence security experts will have to try hard for assuring online security.
Why is there no unity among hackers?
This is because all Hackers have EGO and attitude problem, every hacker thinks that he is better than others.
Is it true that hackers are always anti-nationals?
No this statement is completely false. Even the cyber war between India and Pakistani Hackers started due to love and patriotism for their country.
What is the biggest threat to hacker?
I think the biggest threat to the Hacker is the anti Hacking and cyber crime departments
Can this profession ever be really ethical?
Yes this profession can be ethical. Ethical Hacker is an accepted Industry term, but it completely depends upon your use. Hackers are of three kinds
1. White Hats
2. Black Hats
3. Grey Hats
White Hat hackers use their information for positive purposes, where as Black hat hackers use their information for negative purposes and grey hats are in between both of them. Everything depends upon how you use the information.
Have you ever thought of challenging Bill Gates?
No. Bill Gates has computer security experts from all over the world. If you think that you know 8/10 there might be some people who know 9/10.