How the Media Gets it Wrong On Infosec

In a recent article by channel4.com Gregory Evans was interviewed and asked questions regarding hacking compared to his time and now.

Let us dissect this article and we will soon see why it is complete bulls**t.

“In the late 1990s Gregory Evans is said to have been one of the FBI‘s most wanted computer hackers. He made millions of dollars but after serving a prison sentence was ordered to pay back nearly $10 million.” 

Now he runs a security company helping others prevent cyber attack.

He states ” Before, it was just a whole bunch of kids trying to do mischief and trying to break into a system to see what they could access to be curious. It was not to shut down companies. People would hack systems just to see how it worked and get in.”

This from the guy who made millions of dollars from hacking???

Are you serious??

Let me get this right, you made millions of dollars from hacking, but it was just out of curiosity…

Right…

Now I know most of the kids of that day and a lot of them today indeed do it just out of curiosity, but you sir were not one of them.

Thats why you sell your services as a security consultant now..

Lets move on shall we..

“Is hacking now dominated by Distributed Denial of Service (DDoS) attacks?

Yes. You see a lot of DDoS attacks. They are a lot easier to perform to knock a website offline. You can use a lot of computers where the owner doesn’t even know. You can just put in an IP address or a web address and send over so many requests at the same time to knock off a site. That is not hacking because they never came in. It’s like someone coming over to your house and beating on the door and the door opens and you step in. They didn’t break the law just for banging on the door. However if they step in and access information, then that’s illegal.”

No dude..DDOS is like parking a thousand cars in front of your garage door so nobody can get in or out. Hacking is like crawling into the ventilation shafts to get into a vault. Do you even know how DDOS works? The only correct thing he said was that DDOS is not hacking. And guess what DDOS is illegal! Ryan Cleary just got arrested for it!

Moving on…

“How significant do you think social media is in this current wave?

Social media is very big. I think the founders of Facebook and Twitter are more powerful than the President of the United States. We’ve seen earlier this year how social media was used to actually overthrow governments in the Middle East. Social media is a great way for some of these hackers to meet before they go into private chatrooms and start chatting about hacking. Social media also plays a big part in identity theft as well. Facebook is currently working on a face recognition application. If you put up a picture, it will go through Facebook’s half a billion users and try to match up who that face belongs to. That’s kind of scary.”

More powerful than the US president? You mean that facebook can order the military to war now? News to me… And facebook didnt overthrow those governments, the people of those countries did, they just talked about it on facebook while it happened, like everyone else talks about their lives on facebook….

“Do you think the authorities are doing a good job of tracing suspected hackers?

I think they are doing what they can. To me hackers are more dangerous than al-Qaeda right now. So, we need to spend more time and resources on that before I can fully say they are doing a good job. The hackers are like bogie men though. That’s why it’s so hard to catch them.”

More dangerous than an international terrorist organization with a kill count in the thousands, a bunch of kids who at the worst have done monetary damage to a company and at the least have just annoyed some administrators are *more dangerous* then the people who blew up the world trade center, do you have no shame sir??

“What kind of punishment can hackers expect if convicted in the US?

I’ve seen everything from three years to 20 years. They have to make the laws, not just in this country, but all countries more strict.”

What so some kid doesn’t start another company just like yours? You stole millions of dollars, *you* did far worse than lulzsec ever did.

This article is completely full of crap, this is the noise that people listen to, and the lies they swallow daily about infosec, if you ever want to know why companies like Sony got hacked you can blame guys like Gregory Evans for selling them a false sense of security.