Hacker Interviews – Cesar Cerrudo

Today I propose you an interview with Cesar Cerrudo, CTO at IOActive Labs, famous for his research on ICS/SCADA, Smart Cities, IoT, software security.

Cesar Cerrudo is CTO at IOActive Labs, leading the team in producing ongoing cutting edge research on ICS/SCADA, Smart Cities, IoT, software security.

But Cesar, first of all, has chosen the hacking as a philosophy of life, he is one of the most talented professionals in the world that with his studies continuously demonstrate how much vulnerable is our society.

Enjoy the interview

Hi Cesar, first of all, thank you. You are one of the most talented hackers, I consider you among those professionals with a step ahead because your research offer to common people a view on the risks related to the hacking of smart objects that surround use, clamorous is your study on traffic light control systems.

Could you tell me which his your technical background and when you started hacking?

I have a software engineering background, never finished college I did all the college program but didn’t got the title because never took some finals, I was more busy learning useful stuff :). I always liked to take technology apart and when I started to get access to Internet I finally could get into hacking and start learning a lot and try different things, this was like 18 years ago or so. It wasn’t easy but I tried hard and could start doing interesting things, presenting at conferences, traveling around the world, etc.

What was your greatest hacking challenge?

I think hacking MS Windows internals (kernel, IPC, etc.) has been challenging because you need to learn a lot and there isn’t much documentation usually, do reverse engineering, do lots of testing in different MS Windows versions, bypass many protections, etc. in order to come up with interesting vulnerabilities, exploitation techniques, exploits, etc.

What are the 4 tools that cannot be missed in the hacker’s arsenal and why?

I think main tools are a Hex editor, a good debugger, a C compiler or scripting language interpreter and a good disassembler, with these few tools you can do everything, build more tools if needed.

Which are the most interesting hacking communities on the web today?

I’m not sure about this, I haven’t been in hacking communities lately, I guess any that shares cool stuff and discussed interesting topics should be good.

Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why? What scares you more in the internet?

I think healthcare is the one more exposed since it has been proven they don’t have good cyber security in general and they deal with human lives and/or sensitive information.

I don’t think I’m scared about anything in the Internet but I’m really worried about how many important and critical systems (infrastructure, healthcare, etc.) are opened to attacks just waiting to be hacked, I hope not but I think soon we will see a cyber attack ending up taking people lives it’s just matter of time if cyber security doesn’t improve.

We often hear about smart cities, places where the technology reigns and makes our life easy. Unfortunately, in the majority of cases, smart cities projects lack of a “security by design approach.” Do you believe concrete the risk of a major cyber attacks against smart components of modern cities?

Like I said before, there are many systems open to attacks including cities ones, it’s just matter of someone decide to hack them and launch attacks because the possibilities are there and are real, luckily we haven’t seen this type of attacks yet but it won’t surprise me it something happens tomorrow. Most cities around the world are becoming smarter deploying new technologies in different areas, the main problem is that most of that technology is insecure and cities are not understanding the associated risks and what they should do to reduce them.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Hacker, Cesar Cerrudo)