Hacker Interviews – Korrupt

Another interview with one of the black souls of the Internet, Korrupt, which is involved in various hacking campaigns.

Enjoy the Interview.

 

You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about.

I started programming about 12 years ago and became a web developer 10 years ago (at a young age). Within a few years, I had learned about web exploitation such as:.basic DoS (there were only simple ICMP attacks at the time), buffer overflows, brute forcing, SQL injection, etc. My motivation at that time was just to have fun trolling people online. As I grew older my motivation changed to exposing corruption-whether that be exploiting vital Islamic State information or Government propaganda.

Could you tell me which his your technical background and when you started hacking? Which are your motivations?

I just fell love with hacking when I started hacking in 2010 and I found fun in hacking websites and servers. Later I started to master programming languages like python, php and c++ and begin writing exploits and 0days for web apps.

What was your greatest hacking challenge? Which was your latest hack? Can you describe me it?

My greatest hacking challenge was exploiting a Government contracted ISP that I happen to stumble upon a few months back, I’m going to withold the company name but I will say:.the company was worth over 14 billion dollars.. the goal was to infect anyone using.the ISP to gather confidential information the Government doesn’t want their citizens to know about, but being that they had enough money to put me away for a long time; I shared the exploitation information with their IT team and helped them patch the vulnerabilities. My latest hack was exploiting a hack team that would troll anons (this is the third team we have hacked). My team and I took over their IRC, from there we got ahold of their main server, website, and Twitter due to their lack of security precautions.

What are the 4 tools that cannot be missed in the hacker’s arsenal and why?

As for tools that would be a necessity for any hacker, that all depends on what the hacker wishes to do and how connected the hacker is to good group’s. There are plenty of public tools out there, but private tools are always the most powerful – so knowing the right people is key. As for public tools, my personal favorites would be: Metasploit SQLMap HashCat VNCScanner Hydra These tools are essential, Metasploit is one of the biggest exploitation tools around with exploits for just about anything. SQLMap is nice for basic SQL injection techniques, and will even brute hashes if needed. When SQLMap or other tools can’t crack a hash, that’s when Hashcat comes in handy. VNCScanner is a nice tool to discover VNC’s running on a range of IP’s, in which Hydra can then brute force those. The VNC’s are useful for other attacks, such as DDoS or Intel gathering if you scan the proper range you’re looking for (ie. Government).

Which are the most interesting hacking communities on the web today, why?

The most interesting hacking communities around (to me) today would be TeamR00T’s IRC/Forums which is hosted on the darkweb. Its my hack team, we help teach potential hackers as well as lend a hand to Anonymous in the cyber warfare that has been going on. There are other private dark web communities as well, but I do not have permission to list those here. Anonymous is another great community to be involved in, people join from all over the world to help expose corruption and lend hands any way possible-it’s a beautiful thing really!

Did you participate in hacking attacks against the IS propaganda online? When? How?

Yes, I participate in the attacks against IS propaganda online. I run #OpDDoSISIS and help lead multiple other groups involved in taking down IS. Usually, we look for vulnerabilities, or even just dox members of their sites.

Where do you find IS people to hack? How do you choose your targets?

As for where we find people/sites: usually, we can find people helping to aid IS by pulling their users from IS affiliated websites. We have an Intel op that just gathers websites, infiltrates/spy’s-on their communities, etc – and we have hacking/DoS operations that are in charge of taking down their websites and (if possible) members.

We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure?

And yes, it is definitely major and lethal cyber attacks against a critical infrastructure-all data is precious, and the right data in the wrong hands could leave lives at stake. A lot of hackers tend to leak the wrong confidential information – information that could harm many people. In fact, my team recently wiped a Police database clean because an anti-police group was going to dump the data publicly. This information included full doxes of Police and Military personnel. I’m not sure if I’m answering this last question properly – if not please elaborate :]

Thanks a lot!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Hacker, Korrupt)