Pierluigi Paganini
August 09, 2016
Enjoy the interview!
Hi Nikie, you are a talent of the hacking community, can you tell more about your technical background? When did you start hacking?
I wouldn’t call myself a hacker in the strictest sense of the term. I participate more in intelligence gathering, background support and activist support than active hacking. I am always on a quest for more information about everything, irrespective of its source and that’s really what’s lead me to where I am now. My first computer was a nondescript, beige, plastic tower from a Big Box store in my hometown.
I can’t even remember any of the specs for it, but I have fond memories of losing hours playing Encarta’s Mind Maze alone in my room.
Back then, I wasn’t allowed to connect to the internet, so everything was offline. My family also wasn’t technically skilled, so I remember reading manuals and books that had been purchased at the same time as the computer, trying to learn how to fix various issues, to varying levels of success.
When I eventually did get connected, I spent almost every available moment online, reading and researching any topic I could think of, from cryptozoology to poorly written tutorials. I’ve always had an insatiable desire for information and that rings true today, even though it occasionally got me into trouble in the process.
My first “hacking” experience probably came about when I was a teen, maybe 14 or 15. I wasn’t very skilled socially, but I felt comfortable talking with people online, so I had taken to frequenting various chat rooms and BBSs. I managed to attract the attention of a particularly vindictive user who demanded that I send him photos or he would hack my computer into oblivion. Rather than cave to his demands, I dared him to do it. I can’t quite remember what he did, but I ended up with
a strange file on my system that interfered with my computer’s ability to get online. Luckily, I had a friend in my neighborhood who let me use his computer to do some digging and we eventually fixed the problem. It was a gamble, but I was, and probably still am, too vindictive to let someone try and push me around.
After that though, I was hyper-aware that there weren’t always going to be friendly entities online and that they wouldn’t hesitate to take advantage of someone. I never stood down against a bully IRL and seeing how other women were being treated online inspired me to continue growing my skillset so that I would always be able to respond in kind to future threats. That pushed me to learn about how I could prevent future attacks, both against myself and others who may not be as conscious of the threats out there. My concern for others’ safety later lead me down the path to security and privacy research. I’ve been neck deep in it ever since then, professionally and personally.
Which are the most interesting hacking communities on the web today?
For me, there is no one community that is more interesting than another. I currently follow discussions about personal information security and encryption advancements pretty closely, as they tie in to my professional interests, but I am also fascinated by the growing communities of hackers working toward improving accessibility for the differently abled and those communities that are undermining oppressive regimes with the proliferation of knowledge.
In the past few years, I have met and talked with so many people working toward building inclusive communities within the technology sphere. Activism and hacktivism is also another area that really
resonates with me. I love interacting with the people who are working to bring information to oppressed countries and communities, breaking down false ideologies and giving people the opportunity to build informed opinions based in actual fact rather than political
propaganda.
Political and social concerns aside, I think that Twitter has been the most active and entertaining community to be a part of. I only occasionally pop up in larger conversations online, but I like that my sense of humor and wit is usually well received within the Twitter/hacking community and the community is, in general, a fairly good humored group of astronomically smart people having a good laugh.
What about the militarization of the cyberspace?
Militarization of technology and information has always been one of the strongest tools any group can have, be they “official” or rebellious. By attempting to control and manipulate the flow of
information and availability of technology, regimes attempt to influence and control their populations, limiting the opportunity for dissent and strengthening their own holds over power. It’s a scary thing to consider, but every modern nation or emerging nation is doing this and so much of the population is unaware that they’re being manipulated. The cyber landscape is the easiest platform for nation states to attempt to control as well, so it’s doubly concerning.
With the advancements in technology and inter-connectivity, it has become incredibly simple to capitalize upon cheap technology to strengthen the power of the governing party. It’s uncomfortable and disheartening to see governments, large and local, using technology
against their citizens and hiding behind the veil of “security”. To me, the only way to help keep some of these powers in check is to constantly expose and teach about the new technologies and their uses.
The more people know about what is available to be used against them, the more vigilant they will become. Hell, even my grandmother has a glittery snail sticker over her webcam now and she actively uses multi-factor authentication in her online interactions.
What scares you the most on the Internet?
I think ignorance of the generally connected population is the scariest thing. As we move into the era where IoT becomes commonplace and our lives and information are more freely passing through the tubes, ignorance of the threats out there and apathy toward groups attempting
to strip away protections like encryption and standards for privacy weigh heavily on my mind. The lack of concern that the average user has for the invasions of privacy and violations of what I see as human rights is worrying. People should care about what their political systems are doing with their information and how they’re attempting to spy on their citizens AND their enemies. I don’t think enough people worry about the possibility of losing access to the endless troves of information if the wrong regime comes to power.
I’m also constantly concerned for the underrepresented on the internet. I support the fight against rampant sexism, racism, ableism and exclusionary tactics online and I worry that others are abused
because they may not be as aggressive as I have had to become or they don’t have the support to fight back against what’s being said to or about them.
What would you change about the cyber security industry and why?
I am currently helping to build a more inclusive environment for women within the CyberSec/InfoSec community. Part of this is through activism and participation in communities that focus on bringing young girls and women into the fold and showing them that gender has nothing to do with skill or ability and that we need them more than ever.
Another arm is actively calling out people in the community when they think they are getting away with abusing, criticizing, harassing or outright attacking women in the industry and bringing attention to their actions.
There’s this long lived stereotype that hackers and security professionals are all uncool neck-beards who live in a relative’s basement and don’t ever talk to women. While that’s, for the most
part, untrue, every time I’m at an event where men are heckling or harassing the women there just because they’re women, or some guy thinks it’s totally okay to ignore a blatant “No” from a woman, that stereotype pops into my head. I know far too many women who have been scared out of the community by men who treated them like they were unworthy or somehow lesser, simply based upon gender (which usually seems like an insecurity on that man’s part), and it’s disgusting.
Stuff like this continues to happen though, mainly because people don’t draw attention to it and don’t force the perpetrators into the spotlight, so my goal is to bring every instance I see to light. If
they don’t feel safe skulking around, acting like cavemen, then maybe some of this behavior will stop and the community will be able to benefit from the resulting influx of women who don’t feel threatened.
I’m a common Internet user that is asking you how to protect my privacy? Which are the tools that I can use to avoid monitoring and surveillance on the Internet?
If you are online, then there will always be a threat to your privacy and security, regardless of the safeguards in place. That being said, my standard advice to those who ask is to always consider what you are putting out there to begin with. Information is the strongest tool in an arsenal and when you limit what others can get, then you limit your exposure and vulnerability. I try to teach my family and colleagues about the benefits of encryption and operational security. Helping
people understand that laziness and convenience can be one of the most detrimental aspects to their safety is important to me, so explaining why the hassle of using a VPN or incognito/private modes on browsers is usually a first step. I try to openly and frequently bring up new phishing techniques that I’m seeing and talk to my friends and family about keeping an eye out for suspicious behavior when they’re online.
Ideally, no secrets connected to the rest of the world is the safest, but that’s just not possible anymore. Now, we just have to focus on being our own custodians of our data, protecting what we put out there and considering the impact of what is already available.
Don’t be lazier than the person trying to take advantage of you.
Thank you .Nikie!
Pierluigi
[adrotate banner=”9″]
(Security Affairs – .Nikie, hacker)
