Pierluigi Paganini November 17, 2016

Today we will speak with Kapustkiy, which continues to be in the headlines due to the recent strings of attacks against embassies.

Kapustkiy is a pentester that is targeting organizations and embassies across the world. Recently he breached the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), while a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy and his friend Kasimierz (@Kasimierz_).

The last victims of the hacker are two subdomains of Virginia University & Sub domain of University of Wisconsin (http://pastebin.com/i1wmM5D1 ) and another embassy, the Indian Embassy in New York (http://pastebin.com/Akm9x4dD )

Enjoy the interview.

You are a talented cyber security expert, Could you tell me which his your technical background and when you started hacking? Please ould you tell me more about.

My name is Kapustkiy and I’m 17 years old.  I started “hacking” when I was 13 years old and I was inspired by LulzSec.
They had breached a lot of high profiles and I also wanted to become like them, but I didn’t want to be a Black Hat.

What scares you more on the internet and why? • We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure? Thanks a lot again, please send me just a couple of statements about the introduction that want to include in the post (including media reference) and a picture of you (otherwise I’ll take it on the internet).

Could you tell me which his your technical background and when you started hacking? Which are your motivations?

My motivation is that I like to help administrators to fix their websites so they can secure them. In the future, I want to have a job in the cyber security industry.

When I was 13 years old I started the basic things like SQL and LFI. At that moment I’m doing some research to find some websites that were vulnerable and I found a big University in England who had an SQLi flaw. I breached its database and the website was offline for around 3 days. When I saw that the website was down I started to change my mind and I don’t want to do any damage again for leaking all the personal information.

What was your greatest hacking challenge? Which was your latest hack? Can you describe me it?

At this moment, nothing special in my opinion. Because all the websites that I was managed to breach were just simple a “SQLi”

What are the 4 tools that cannot be missed in the hacker’s arsenal and why?

I don’t know which tools cannot be missed. Everyone has his own tools to hack something. I (Kapustkiy) don’t describe myself as a hacker but as a Security pentester. I use pentestbox. Which is very easy to use for people who also want to become a Pentester.

Which are the most interesting hacking communities on the web today, why?

The most interesting community on the web? I don’t know, to be honest. There are many hacking communities such as Hackforums that attract a lot of hackers and wannabe experts.

Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why?

In my opinion, I think that Government agencies are most exposed to cyber attacks. The reason behind my statement is that I think that hackers are targeting them to express their dissent and to protest against their politics. Like anonymous always does. They attack websites to fight corruption.

What scares you more on the internet and why?

I think that cyber attacks could be very dangerous for industry, especially the economic. A few years ago the Syrian Electronic Army managed to hack the Associated Press, and started to send a fake tweet which led the stock market tipped down a lot. I think that most of those attacks will happen a lot in the future.

How do you select your targets? Why main embassies?

I started to focus on embassies because I was shocked about the low security in Asia. Most of the embassies in Europe are better protected against this kind of hacks. But the main thing is that it is very dangerous to have a bad security especially when you are managing the kind of data accessed by internal staff of an “Embassy”. A lot of personal information is avaible on their websites, this data could be used for further attacks by nation-state actors.

I also wanted to add that I was inspired by an other hacker named CyberZeist which is a former member of the UGNazi hacker group.

Thanks a lot!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Hacker, Kapustkiy)