Interview with a professional hacker

April 26, 2008

After the DDOS attack against my blog this week , I decided to go to the channel I wrote in my initial hacker post about, as I believed that the most likely attacker is hacker I wrote about. After I joined the channel, the hacker opened a query to identify me as he thought I’m a bot. I wrote him that I’ve some questions and that I want to talk to him. He agreed to it and this post contains the important parts of the discussion and some thoughts off mine. He calls himself xeQt.

The first question I asked was if he did the DDOS attack against my blog. He said that he doesn’t do DDOS attacks and that my blog is no challenge for him. He told me that he has other methods to get even. After some discussion he said me that he don’t even know my blog, you will see in a later post that this is most likely not entire true. Within that discussion I also posted a link to my initial post, he said that he won’t click onto it but later said that he has an VPN for this anyway. As I will write in a second post he clicked onto it.

He than was interested if he got one of my servers, which I could decline as it was a server of a friend. This discussion leaded than to the point that he said that I should get used to DDOS attacks as he gets them daily, as he writes bad about other hacker groups which than attack him.

I asked him than if I could use this discussion in my blod and he said yes, as he has nothing to hide and that only a miracle will get him busted. I asked him if he has nothing to loose. He told me that he has no life so it doesn’t matter anyway and that he does not have a own internet connection, and therefore he beliefs he is safe. I guess he is using a open WLAN of one of his neighbors.

My next question was what he gains from the hacking that servers. He answered following: “I sell them to scammers, spammers”, this leaded to the question how long a hacked server stays online normally. He told me that this can vary from one day to one year, and that it depends what is done with the server. Which I can tell is quite true, as most of the time I get only called if the machine has a unusual high CPU usage, generates too much traffic or a mail server administrator detects spam mails from one of the servers in his network.

He than said that most server administrator don’t have much knowledge about Linux and that they don’t secure the systems and that he secures the servers for them and sells them to spammers or people who need root or botnet clients. With securing he means that he closes the attack vector that he used to gain access to the system so no other hacker can take that machine from him. To get a better picture of the size of his operations. He said to me that the hacks 500 servers daily. This means that he does not look for special target but for lowest hanging fruits for which he can gain automatic or semi automatic access to make a living.

We had also some other points (more technical) but these where the most interesting parts for my readers. I want to say thanks to xeQt for talking with me and allowing me to write about our discussion. I will write a second post with some plausibility checks as already written above, so stay tuned.


RSS feed for comments on this post. TrackBack URI

  1. […] I get to the actual topic of this post I want to write some sentences about users reactions to my last post. I was asked why I called the hacker a professional one, as that what he is doing is not […]

    Pingback by Robert Penz Blog » Plausibility checks — April 28, 2008 #

  2. how can i be a professional hacker?

    Comment by mandy — June 23, 2008 #

  3. sir,my name is aditya and i am from india…actually dere is some major problem someone has hacked my girlfriend account ..n now i dont know what to do..please find out any way

    Comment by aditya — June 13, 2011 #

  4. I recommend changing the passwords of all accounts which used the same password of her hacked account and also check if e.g. a forwarding to a email address of the cracker is configured. Best to look through all configurations options. And change also the passwords of other important accounts even if they have an other password.

    I would do this from an secure computer, as the computer she used to log into her account is maybe compromised. Than reinstall her computer to make sure there is no malware installed, as this is the most likely attack vector.

    Comment by robert — June 13, 2011 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 39 queries. 0.088 seconds.