Interview with S.S ethical or halal hacker.

1-Question from René Serres: How can we define hacking today?

Answer from SS: Hacking is a malicious act against a computer system, it encompasses a set of techniques to exploit the possibilities, flaws and vulnerabilities of an element or a group of material elements such as computer systems, or humans like the fact that people cannot defend themselves. The history of hacking has its roots in code breakers. The motivation of hackers is not always the search for financial profit, but also the theft of data or state secrets, especially when we talk about nation-state attacks, ie cyber attacks among countries. The monetary motivation of the hacker can sometimes be direct, for example the demand for ransoms in the case of cyber attacks with “ransomware”, or even by the sale of private data, for example bank card data in darkweb websites.

2-Question from René Serres: In your opinion, how do you become a hacker?

Answer from S.S: Passion for cyber security often begins at a very young age. As a young computer scientist or not, one can become a hacker through contact with knowledgeable friends, or through research in forums, discussions around hacking, or in the context of entertainment activities and games. Unfortunately, these young people, after having succeeded in doing damage to certain companies, they begin to think of monetizing their actions at the risk of being caught in the net by the judicial system. Other young people become hackers through training. Ah yes, schools to train hackers do exist almost everywhere, and in big cities like Paris or London for example. There are also clubs around the subject and forums devoted to hacking which are held periodically. Finally, there are ethical hackers, like me, who are paid to detect attackers in time and notify company managers before it is too late. They are also called “white hackers” who practice hacking for a “good cause”, hacktivists for example.

To sum up, the culture of hacking is very open and diverse, you will find plenty of courses, workshops and conferences that will help you start your career. The first thing that a hacker must master perfectly is what is called “pen testing”, it is a diagnostic spell of the states of the ports of a computer system, it allows to detect open ports, the flaws to be exploited, etc;  in addition to mastering the basics of operating systems.

3-Question from René Serres: How did you learn hacking techniques?

Answer from S.S: Mainly at school. But also thanks to exchanges with people passionate about hacking. Quickly, I clung to the job of a hacker. Do not forget the passion and curiosity also help, in addition to academic learning. You know, a hacker somehow looks like a paparazzi! He must do everything in his power to achieve his goals.

4-Question from René Serres: What are the most common types of cyber threats?

Answer from S.S: Cyber ​​attacks are becoming more sophisticated on a daily basis and evolve with new technologies. The most common cyberattacks are: Phishing, denial of service attacks (DOS and DDOS), stealth downloading, password cracking, SQL injection, cross-site scripting (XSS), eavesdropping, malware …

One of the most common computer attacks today is “Data breach”, which involves the disclosure of sensitive and personal data. If we take for example health institutions, especially in the pandemic situation, they are very fragile sector and a very attractive target for hackers. We are now talking about digitized hospitals, which is good, but it is very expensive in terms of security. Behind, it is an IT architecture, servers and databases that encompass sensitive and personal data of patients and employees, which must be well protected against any breach.

For a greater deepening, I ask your readers to see more information at the following link: https://blog.netwrix.fr/2018/07/04/les-10-types-de-cyberattaques-les-plus-courants/

5-What are some  criminal offenses that a hacker can commit?

Answer from S.S:

Hacking is a double-edged sword. It can save lives and businesses, just as it can destroy the person who practices it. So you have to know where to use it, when and how. For example, obtaining unauthorized access to certain systems with a view to obtaining information valuable to competitors or stealing various personal data with a view to selling it is a criminal act, punishable by law. The various cyber attacks are increasing more and more with telecommuting activities that have become imperative to all of us with the Covid-19 pandemic. This imposes constant vigilance on all companies to ensure the protection of strategic information against attacks from cybercriminals.

6-Question: what is the cybersecurity situation in Moroccan companies?

Answer from S.S:

You already know that there are companies that invest a lot in their cybersecurity, and there are others who invest less. But the problem is that the techniques of defense are still very limited compared to the techniques of attack. In the context of my professional relations, in particular with my Moroccan friends, I know that today the majority of Moroccan companies are not well prepared to face the various cyberattacks of the kind that have attacked the east coast of the United States in 2021. This non-preparation is due in particular to the fragility of the security culture in companies, either on the technical and material side or on the human side. The technical side consists of the maintenance of computer equipment through updates, antivirus, firewalls, etc. On the human side, training employees in what is related to computer hygiene, such as awareness of the choice and protection of passwords, phishing through emails, etc.

Lack of awareness on the subject causes real problems and is often the cause of attacks on businesses. Awareness on this subject must be taken seriously more than ever, especially in the current circumstances of the pandemic which has allowed the acceleration of the digitalization of companies and has favored telecommuting. In the meantime, I am communicating to your readers the following link which gives the ten actions to be taken in order to ensure prevention of more than 50% with regard to certain cyber attacks: https://www.ssi.gouv.fr/entreprise/precautions-elementaires/dix-regles-de-base/

Interview conducted by René Serres for Lte magazine.