World renowned ethical hacker and social engineer, Freaky Clown in conversation with SNS Mid East shares his journey ad unique perspective about hacking, security, secrecy and privacy as he gets ready to be part of the Intersec 2022 to be held in Dubai from 16-18 January.
Hacking is a tricky business, and dark side is always very appealing for various reasons, please share your journey, how did you ventured into this business and how has it impacted your life?
I have never been attracted to the dark side of cyber, I grew up before the invention of the world wide web and got to know the foundations of computers. I would sit for hours reading manuals and figuring out how things worked. Back then there was very little to do on the internet, making money was never an option. I think growing up in that era meant that I had instilled in me a core ethical approach to computers and always wanted to help people understand them and make them more secure.
What does it take to become a good ethical hacker and what should be the starting point for anyone who wishes to be an ethical hacker?
First of all, you need a strong moral code, one that is fed not only by curiosity but one that thrives on sharing knowledge. You can learn almost every skill out there, but no matter what job you do, ethical hacker or not, it is the mindset you bring to your job that can have the biggest impact.
What is the basic difference between a hacker or cybercriminal and an ethical hacker, apart from begin, which side of the law are you?
Honestly, not a lot beyond the side of the law and contracts with the client, and it shouldn’t be. The more you understand how a criminal works the easier it is to protect against them. We use the same tools and tradecraft as criminals do in order to protect our clients. We do this by essentially simulating their methods of attack.
How would you define your association with Intersec and what are you going to present at the Dubai edition of Intersec next month?
As with every presentation I do around the globe, I like to bring my personal perspective on hacking, I have been fortunate enough to have a very long and distinguished career working around the globe at many different levels. This gives me an incredibly diverse perspective on hacking. My passion is sharing the information I can with people that may not fully understand the consequences of actions taken against them or even understanding the lengths that criminals will go in order to gain access to confidential data. My talk will be an exciting overview which will bring into sight a lot of techniques that people are not necessarily aware of. There will also be a live hacking demonstration on stage!
Technologies like AI, ML, analytics, biometrics, and others are playing a big role in advancing the video surveillance industry, in your view which direction is the industry heading?
I have been circumventing access controls, both digital and physical for decades and one thing I have noticed is that the more complex a system gets the more likely there is a security flaw in it. When it comes to systems such as ML and AI, its already possible to poison these types of security using techniques such as Adversarial Imaging. The security industry has an uncanny ability to provide false sense of security to people and as long as that continues, I am sure to have a job.
Integration of surveillance technologies with such technologies also opens up new challenges, exposing anyone and everyone on the streets, cafes, hotels, hospitals, and so on. In such scenario, how can one ensure an individual’s privacy can’t be compromised by hackers?
This is tricky, mostly because there is a difference between privacy and secrecy. Data is there for the taking any time it is collected, however collection of data can lead to amazing breakthroughs, look back at Cholera outbreak in London in 1856 which was helped with the collection and aggregation of data. This isn’t a new thing. I think that people often have a gut instinct to rebel against certain new technology, but when they really look into things it’s not as bad as they think.
For example, do I really honestly care if someone, anyone knows I walked into a specific cafe on a certain date? Not really! However, if I was doing something wrong I might. On the other hand, what if the data collected about me going into that cafe allows me to be contacted because everyone in that cafe was exposed to a deadly virus? Wouldn’t I want someone to know I was there? If you really have an ego-centric view that your privacy is more important that the greater good, then maybe you should consider giving up your mobile, computers, internet, credit cards, job, etc because they all collect data on you far beyond the odd CCTV camera you will come across in your day-to-day life.