Today I have interviewed Claudio Caracciolo (@holesec) one of the most renowned Security Professional that works like Chief Security Ambassador for ElevenPaths
Claudio Caracciolo (@holesec) wrote a book and is known for his effective interpersonal skills and his ability as an international speaker.
Enjoy the Interview.
You are one of the world’s most talented cyber security experts, Could you tell me which his your technical background and when you started hacking?
First of all, thank you Pierluigi for the interview and for the compliment.
I studied Electronic Engineering and Telecommunications, but the real story it’s that I love break things, learn about it works and try to fix them or expand its functionalities. So, I live my entire live in that way, breaking everything I find. I break things that sometimes I could fix, that sometimes I could expand his functionalities and that sometimes I have to put in the trash…
I started hacking so time ago but I didn’t know… I started doing some electronic experiments with cameras and mixers, then I worked in a Garage trying to modify computers board on different cars, and finally I discovered communications system so I started to study outside of the University everything that I needed (programming languages, network concepts, hardware concepts, etc.) with the intention of learning how it was possible… But one day, I discovered Social Engineering and all my life makes sense XD.
What was your greatest hacking challenge?
Well, there is a lot of stories that I remember of my own work, some of them are about one of my passions: “Social Engineering” (you can read some off them in my blog in Spanish), but I have to tell you that the greatest hacking challenge for me it’s that one that I have to find… I have a lot of funny stories or good ones but I always search more training for my mind.
What are the 4 tools that cannot be missed in the hacker’s arsenal and why?
In my opinion, you have to use the tool that you need… Nowadays exist a lot of tools that do the same thing in a different way, or even at the same way but with different interface… If you know what do you have to do and how your tool works, you can use whenever you want…
In my case, I usually have Python with Scapy, Nmap, Wireshark, FruityWiFi and SEToolkit. I know there are 5 tools and not 4.
Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why?
Everyone. I don’t think there is one which is more exposed than others. There is some particularity in some type of industries but everyone are targets for criminals, hacktivist, students, etc., for example:
- Telecommunication are always attacked because they are a direct target or just because it‘s in the middle between the attacker and the victim.
- Energy Industry, is a target for terrorism, for governments, etc..
- Banking industry doesn’t need explanations.
- And so on…
Most of companies have technical problems and human’s problems, so we have a lot of work for a long long time.
We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure?
Yes, I’m sure about that.
The older technology, the not real educations in Cybersecurity, the long time amortization these special devices, the unpatched applications or unsupported operative systems exist more commonly in this industry…long time amortization these special devices, the unpatched applications or unsupported operative systems exist more commonly in this industry…
Fortunately, people and industrial vendors are starting to understand this type of threats and work around this.
What scares you more on the internet and why?
Scared? I’m not scared, I think that no one should be scared.
I am worried for that many Companies and Governments are not ready yet to protect us from basic attacks.
Thanks a lot!
[adrotate banner=”9″]adrotate banner=”9″]
(Security Affairs – hackers, Claudio Caracciolo)