Pierluigi Paganini
August 28, 2016
Enjoy the interview!
Did you conduct several hacking campaigns? Could you tell me more about you and your team?
We have been dedicated to operations, such as taking down BBC, Donald Trump, NASA, and XBOX. I started out as just a kid wanting to mess around with a few games, later on, I realized I was more skilled than the average child. I began learning how to program in Python and Ruby. I, later on, became a Certified Network Security Analyst but did not take the offer to work for the Federal Bureau.
Could you tell me which his your technical background and when you started hacking? Which are your motivations?
My motivation for hacking is the excitement of being able to tell someone a security flaw they may have missed.
What was your greatest hacking challenge?
The greatest hack I’ve done would be breaching an entire DNS server which held 30,000 domains back in 2014, sadly I only got the chance to deface about 20 domains and left the rest alone. 70% of all DNS servers around the world are still vulnerable to the 0day till this day.
Which was your latest hack? Can you describe me it?
The latest series of attacks are against celebrities actually! Our team is observing celebrity websites and we are shocked that most celebrities don’t secure the website nearly 50,000 people visit in an hour. Recently http://Adele.com was held offline an entire day August 20th during a concert. The page for a short period of time displayed some of her domain login information.
What are the 4 tools that cannot be missed in the hacker’s arsenal and why?
4 tools:
Which are the most interesting hacking communities on the web today, why?
Hacking communities nowadays aren’t as common, within our boundaries we would state the Turkish Hackers, Greek Hackers, Ghost Squad Hackers, and Tactical Team Hackers, and Ourmine as far as web security are some of the most interesting groups out there at this point in time.
Did you participate in hacking attacks against the IS propaganda online? When? How?
Yes, participate in hacking attacks against IS, in my former group we use to take down ISIS twitter and facebook accounts and after that I personally took a few down and DDoSed some websites.
Where do you find IS people to hack? How do you choose your targets?
We did participate in the attacks against the Islamic State back in December, through June we defaced IS propaganda websites and jacked Twitter accounts. I’m going to do a bit of a leak because it isn’t really hacking when you are jacking ISIS Twitter accounts. People located in Saudi Arabia doesn’t need emails to register on Twitter. @ctrlsec on Twitter tweets out vulnerable ISIS accounts every 5 minutes. Since they don’t need an email to register Twitter automatically defaults their email to Gmail, so the email would be twitterhandle@gmail.com. All we have to do is make that email which isn’t valid and recover the account. 30% of Twitter is vulnerable to the 0day, have fun jacking ISIS Twitter accounts!
We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure?
Yes, we think a big risk not taking the necessary steps when you are securing your critical infrastructure. The potential threat of hackers is just around the corner.
[adrotate banner=”9″]
(Security Affairs – New World Hackers, Hacking)
