Lorenzo Franceschi-Bicchierai reports:
We spoke to the hacker who claimed to have broken into the servers of the Democratic National Committee, who goes by the name of “Guccifer 2.0,” in reference to the notorious hacker who leaked the George W. Bush paintings and recentlyclaimed to have hacked Hillary Clinton’s email server.
In the interest of transparency, and to let readers judge for themselves, we decided to publish the full chat log. We kept the parts in Romanian, adding the English translation, according to Google Translate.
Read it on Motherboard.
I have issues with this. I think Guccifer craves being in the spotlight and seeking attention behaviors. Part of me thinks no one should give the time of day.
So you’re going to ignore the data because you don’t like the hacker/messenger? I can see not wanting to encourage illegal hacking by feeding egos, but responding to the hacker instead of what the hack teaches us or reveals strikes me as short-sighted.
Not ignore the data. That is not what I am stating. There are lots of lessons the DNC as well as other companies and organizations can learn from this.
I am okay with sharing for reasons that will be helpful in the near future. My issue is with this, can Guccifer 2.0 be trusted or is he using this a manipulative ploy for something else? I don’t know. Maybe I am just turning into a jaded skeptic now. In my career, I have worked with lots of master manipulators who you cant take their full word on.
It’s the role of journos to track down/investigate/confirm or refute claims.
I have been working in the Information Assurance and Computer Network Defense arena for a very long time. I learned a few things about trust and telling the truth. Within the team at work, its best to fess up to any mistakes immediately, and always tell the truth. I for one will not cover for anyone when it comes to work, ethics or issues at work. I do my job, I tell the truth. By doing so, the reputation is a good one. Over time I have learned to pick the battles wisely. Show both sides of the story without remorse. Its helps see both views before knee jerking a response.
This does not apply to the outside. I never see any of the hackers as totally trustworthy. If they were, they wouldn’t be putting their careers or livelihood on the line. What many do not realize is that since they have been online using the internet, they have left a trail that will lead back to them. I won’t go into specifics, but if the authorities consider the person worth going after, they will.
One thing many people forget about these hackers is, they do not reside on US soil. Consider them foreigners, because they consider you one as well. They don’t play by your rules. They are reluctant to tell you how they specifically compromised an entity so if they decide to use it elsewhere, they still can without having the software exploit patched, or the password changed.
Not all of them are in it for the limelight. Most are simply pissed off at the ease of which they can break into things. Looking at a powerhouse of a country, supposedly having all these spoils and riches around the country, and the country does not care about the individual person, its more about money and power.
Some hackers are simply people who skirt the line between a black hat and possibly a grey./white hat. Your opinion really does not matter to them. You should be lucky they are willing to communicate with them. You can develop skills to communicate with these people where they MIGHT be a little more up front with you, but never truly trust the individual(s) or think there is a single person communicating with you.
You should never consider what they send you as safe, especially any sort of file that can be used as a payload. You’d be surprised to know how many file extensions and exploits for each are out there that a current anti-malware suite will not detect. Remember port 80 on most routers is wide open, and unless people are diving in logs and watching more than they personally can handle, attempts to get in go unnoticed.
Like I said, some hackers are pissed off at how good other countries have it, and how sloppy the security is. Others simply despise a country and seemingly always look at it as the evil side. Some are young and ignorant and lack direction, so they get sucked in as a puppet for other peoples evil work. Some like to toy with others and watch people have to run through their buns to stop a leak. Some are in it for the money.
No matter the type of person that claims responsibility for a hack, it typically breaks a law that is in place somewhere. By doing so, it seems like the person/people involved either do not care about their livelihood, career or seem almost bullet proof. When the hack occurs, they have some sense of control of what they have caused, and with that, at least for a short period of time some have that personal high, and exhibit different emotional conditions by doing so. everyone of these incidents have to be treated separately. There are many clues in many of these people’s writings, you just have to digest them in chunks to get a better understanding how to communcate with them better.
This is a generic post, not meant for or pointing fingers at anyone. Its a watered down version of what I have tried in the past and worked, so feel free to use any of it.
I was referring to ‘those hackers’ who do so for unfaulty and unwarranted reasons, not those hackers who are certified and trained in the profession. There is a huge difference between a hacker like Guccifer 2.0 and certified professional hackers.