Our friends from SecNews.gr, published a very interesting interview they got from the Greek hacker [PAOK]. We transfer it to you:
SecNews in Pan-Hellenic EXCLUSIVITY presents the interview of the hacker [PAOK] that he has done number of attacks with political targeting.
Achieving this was not easy at all. The editorial team faced exceptional difficulties to secure a secure anonymous communication with him (while reaffirming his identity) but the most important to be built within a short time, a relationship confidences so that he could make public to us what he himself wished.
[alert variation = ”alert-info”] The young hacker, with the mature - despite his age - argumentation but also with a full understanding of his actions regarding their legal / criminal impact, developed his positions within 5 hours of communication. [/ alert]SecNews publishes the report, which we estimate will help security firms and organizations understand the psychology and the way of thinking of greyhat hackers but also to understand their methods and practices to protect themselves.
[alert variation = ”alert-success”] Besides, the reason for the interview that [PAOK] chose to give to SecNews, was exactly that, that is, the information and not his personal, as he pointed out to us, development and promotion. [/ alert]
The interview for safety reasons, as the interviewee wanted, took place from long ago, taking all the necessary security measures he appreciated so that if his identity was not revealed in any way. At the start of the interview, he was very cautious, but he was changing and slowly outlined the world of hackers from within.
Within 25 questions and highly detailed [PAOK] makes his mark about with the hacking in Greece but also the attacks he has carried out. In addition, it gives clear instructions to companies and individuals, while revealing that it has access to servers & servers it will use when it deems necessary.
The hacker [PAOK] interview questions from SecNews
SecNews: What do you think is what makes young people hacking in Greece?
[PAOK]: I think it's a bit of a curiosity about whether they are able to make a successful attack and above all is a means of reacting to youth which in itself is an incentive for one to engage.
The methods & ways of hacking according to [PAOK]
SecNews: How difficult is it to gain access to a company or organization?
[PAOK]: Here the answer will necessarily be very vague... You never know what you will encounter when you scan a server or an organization's network. Sometimes it is easier and sometimes much harder than you first thought.
There are many parameters that play a role depending on the case… .On the other hand, this is what we say "The end justifies the means".
That is, if the goal is important, you will "fight" it as much as humanly possible, until you succeed or fail in the access you want to gain. Extremely many search hours in the digital game of "thief" and "policeman" :)
There are many parameters that play a role depending on the case… .On the other hand, this is what we say "The end justifies the means".
That is, if the goal is important, you will "fight" it as much as humanly possible, until you succeed or fail in the access you want to gain. Extremely many search hours in the digital game of "thief" and "policeman" :)
SecNews: Can you tell us a few categories of companies / public bodies or organizations you have access to and what kind of access is this?
[PAOK]:There are several agencies that I still have access to, although many "closed" my door when they located the preparatory stages of the attack :). Mostly though Greek government agencies and companies dealing with the public sector (either customer relationships or working with the public in other areas).
(Editor's note: During the interview, [PAOK] informed us that during the conduct of the TIF, he had assaulted site (of course, low traffic) of the Thessaloniki Union Police Officers. Indeed, we have confirmed this [here]).
SecNews: In what ways / procedures do you perform your attacks. Are your own tools available or are you using exploits / weaknesses in the software?
Όταν “σκανάρεις” έναν στόχο, ο σκοπός σου είναι να βρείς αδυναμίες τις οποίες να είσαι σε θέση να εκμεταλλευτείς, ώστε να υποκλέψεις data από τις βάσεις δεδομένων ή/και να αποκτήσεις πρόσβαση σε επίπεδο shell στον server και απο κει και πέρα … ότι προκύψει.
When you "scan" a target, your goal is to find vulnerabilities that you can exploit to steal data from databases and / or gain shell-level access to the server and beyond; .
Some methods are more time-consuming, of patience (such as xss, cookie stealing, social engineering , etc.) and some more direct as (sQL injection, shell uploading etc.). However, it has caused me that big companies and organizations in Greece 2014 and have not realized the importance of SQL Injection fixes, leaving them vulnerable for many years!!
The level of security of websites in Greece & the community of Greek hackers
SecNews: What is your assessment regarding the level of security of websites / infrastructures and services of general interest in Greece
[PAOK]: The level of security of the websites, as I said, can not in any case be said to be high at least for my own data. Many sites, companies, or individuals are vulnerable, which is if you want them to be. But higher profile goals (like Banks and multinational companies) are definitely a bit better.
There are clear steps to upgrade the security level of websites in Greece, but they often entrust the construction and hosting of websites to people who can not adequately protect their customers' data and infrastructure resulting in sensitive data leaking to hackers that nobody can know their moods.
[PAOK]: The level of security of the websites, as I said, can not in any case be said to be high at least for my own data. Many sites, companies, or individuals are vulnerable, which is if you want them to be. But higher profile goals (like Banks and multinational companies) are definitely a bit better.
There are clear steps to upgrade the security level of websites in Greece, but they often entrust the construction and hosting of websites to people who can not adequately protect their customers' data and infrastructure resulting in sensitive data leaking to hackers that nobody can know their moods.
SecNews: What do you think about active hackers right now in Greece
[PAOK]: The hacking community of Greece it's not as active as I have seen lately, but that does not mean that there are not enough highly skilled hackers in Greece. I think the potential exists, but lacking the strong incentive to act. And do not forget that in the times we live now, time is limited due to the many hours of work to make a living.Hackers, I assure you, are also part of our society who work or study or have families and there is not much time left to deal intensively with their "taste". we have seen several "strong" blows of Greek hackers from time to time.
SecNews: Tell us a little about you, do you the attacks alone or are you a member of a wider organized group?
[PAOK]: [blockquote] I "work" most of the time on my own ό .not for any particular reason but because I just did not happen to be an active member of a group. My case did not happen due to other obligations that from time to time keep me away from hacking. I clearly showed my support to the Greek hacking scene in several of my hits but I can not say that we did an organized hit as a team. [/ blockquote]
The "political" blows of [PAOK]
SecNews: We have seen in the past that your hits have a negative apolitical effect and send a message in all directions, turning against misinformation with many recipients. Describe what is the target of the attacks you have made so far. Do you think you have achieved your goals?
[PAOK]: The goal is no other, from the sound of a youth protest, whether it be heard where it should be.
I do not discriminate, I do not listen to "colors" of parties and I do not "shove them", only, in my hits. Depending on the case, I can reward an organization / person in my own way if it is right based on its actions towards the whole of our society.I did not succeed. There are so many who do not know and I will never succeed, but I will not stop trying for the will of the Greek youth. The youth, as we see in our everyday life, have it written and uneducated, without a trace of programming in education, the Greek government. It is obvious that our Education year after year, Minister with Minister and according to the tastes of each and not after mature planning and making good decisions, goes from evil to worse.
[PAOK]: The goal is no other, from the sound of a youth protest, whether it be heard where it should be.
I do not discriminate, I do not listen to "colors" of parties and I do not "shove them", only, in my hits. Depending on the case, I can reward an organization / person in my own way if it is right based on its actions towards the whole of our society.I did not succeed. There are so many who do not know and I will never succeed, but I will not stop trying for the will of the Greek youth. The youth, as we see in our everyday life, have it written and uneducated, without a trace of programming in education, the Greek government. It is obvious that our Education year after year, Minister with Minister and according to the tastes of each and not after mature planning and making good decisions, goes from evil to worse.
SecNews: Tell us one of your most important achievements
I would like to explain to Mr. Papagal that we were all eating together when we did not even have a view and we were kids or even unborn
I would love it then explain to us Mr. Pangalos that we were all eating together when we did not even have a view and we were kids or even unborn when this and his company were already devouring and devouring the labors and sacrifices of the Greek people.That's why if you noticed in that hit I was a little more aggressive than usualOr I was boiling soul :).
Something similar was the case of Tsovola which again heard something famous then, "Tsovola give it all", for which we still pay the money we borrowed then to "give it all" ίναι. There are some things that just make you angry and then they tell you that we ate it together. In Greece, I believe that these were blows that someone just had to do.
SecNews: From the attacks you have done, as a whole, you do not damage the servers. It's something you watch out for during the attack, or it's just a random event.
[PAOK]:I always watch and take into account the situation so that I do not cause major problems to the servers I manage to access. In no case I do not have anything with the managers or the company that manages them.
[PAOK]:I always watch and take into account the situation so that I do not cause major problems to the servers I manage to access. In no case I do not have anything with the managers or the company that manages them.
Usually my goal is to post a message, usually addressed to political people or services, or to get some information that might be useful, but NEVER destroy files or work of someone without a very serious reason… In case there is a serious reason (these times are minimal), the only convenient solution you can follow is to destroy files at the admin / root administrator level and with such procedures that can not be recovered…In short, server corruption… Bad things!
Fear of capture and measures taken.
SecNews: In any case, however, your activity often straddles the line between legality & illegality. Of course, there is always the fear of arrest. What do you think about this. Are you taking any action?
[PAOK]: Yes, unfortunately, dealing with hacking brings you into a state of semi-super-gross-illegality, depending on what kind of hacking you will commit, but everything is in the game and I know the dangers I run. I, like most I imagine, look to take as many measures as possible, so as not to get to the point of getting involved with the police. So far this has not happened and I hope it does not happen… :)
[PAOK]: Yes, unfortunately, dealing with hacking brings you into a state of semi-super-gross-illegality, depending on what kind of hacking you will commit, but everything is in the game and I know the dangers I run. I, like most I imagine, look to take as many measures as possible, so as not to get to the point of getting involved with the police. So far this has not happened and I hope it does not happen… :)
SecNews: As one of the most "productive" hacker attacks, how did you get all this knowledge? By exchanging information with other hackers in Greece & abroad and if so in what ways is this done?
[PAOK]: Reading, it's the first one I can think of. The next one is tests… many tests. Basically, if you look at them in turn, you need to read to get familiar with the subject and with the methods you will want to work on and after many tests. Perhaps in your own machines at the beginning, in order to be able to reach the level of doing what you can read so long.
[PAOK]: Reading, it's the first one I can think of. The next one is tests… many tests. Basically, if you look at them in turn, you need to read to get familiar with the subject and with the methods you will want to work on and after many tests. Perhaps in your own machines at the beginning, in order to be able to reach the level of doing what you can read so long.
At the next level, you can also get in touch with other hackers around the world to exchange views, knowledge, methods, etc.. But this is definitely the last one, because you have to have some performances, a level to be able to be accepted by such communities. In fact, if you make some high profile blows as we say, these communities find you on their own many times.
One of the most common ways to get in touch is forums, but often the strongest and most remarkable forums are inviting only and you can only enter by invitation from an existing member who has suggested your registration. Again, they are not closed and you can get free to exchange views. Most people are using even more official tools like Twitter, especially when we want to learn news from a Hacking group or individual hacker, or even open a dialogue with us for any exchange of views.
Tips & Ways to protect users & companies from [PAOK]
SecNews: What a user can do to protect themselves from similar hacker attacks.
[PAOK]: A Windows user, who is the largest mass and the most vulnerable, it would be good not to open / run files that do not know what they are / are doing and who sent them. There are many ways that a PC can be infected and even with the particular operating system. a good antivirus program and a good setup of the router, to be cut off before starting some thingsAnother important thing users have to keep in mind is not to leave their computer open and not to be present in places that a third party can access, either known or unknown.These are the most basic but effective steps to protect a day-to-day user.
[PAOK]: A Windows user, who is the largest mass and the most vulnerable, it would be good not to open / run files that do not know what they are / are doing and who sent them. There are many ways that a PC can be infected and even with the particular operating system. a good antivirus program and a good setup of the router, to be cut off before starting some thingsAnother important thing users have to keep in mind is not to leave their computer open and not to be present in places that a third party can access, either known or unknown.These are the most basic but effective steps to protect a day-to-day user.
SecNews: What a company or organization can do to protect themselves from similar hacker attacks
[PAOK]: It can to keep all the software installed on its server up-to-date. At very regular intervals, it must distinguish where and with what rights, everyone will be able to access its server, in order to avoid any security problems (RCE, RFI, PHP SHELL, etc.) that it might not know it has. There are several things it can do and they usually have the corresponding authorized person (security officer) or group of people to do whatever it takes to keep them out of trouble.Those who do not have it, usually have problems and are… worthy of their fate :)
[PAOK]: It can to keep all the software installed on its server up-to-date. At very regular intervals, it must distinguish where and with what rights, everyone will be able to access its server, in order to avoid any security problems (RCE, RFI, PHP SHELL, etc.) that it might not know it has. There are several things it can do and they usually have the corresponding authorized person (security officer) or group of people to do whatever it takes to keep them out of trouble.Those who do not have it, usually have problems and are… worthy of their fate :)
SecNews: Is there ultimate confidence in hacking community?
[PAOK]:I can not say there is trust in the hacking community. You can not trust, because when talking about hacking, we usually talk about acts that, as we mentioned above, sound between legitimacy and illegality, so you have to be very careful because you never know who can hide behind an IP. A little more trustworthy option may be the encrypted messages between hackers who have previously exchanged public keys with each other for the sake of at least reading the message only the one I know has the key.But trust can not say that there is.
[PAOK]:I can not say there is trust in the hacking community. You can not trust, because when talking about hacking, we usually talk about acts that, as we mentioned above, sound between legitimacy and illegality, so you have to be very careful because you never know who can hide behind an IP. A little more trustworthy option may be the encrypted messages between hackers who have previously exchanged public keys with each other for the sake of at least reading the message only the one I know has the key.But trust can not say that there is.
The first attacks of [PAOK] and his "greyhat" approach
SecNews: What's your advice on new kids who are involved in security and / or hacking.
[PAOK]: My advice is be careful and have been accustomed to what exactly they are doing or wanting to do. This is why, the digital world, is a world where nothing is erased and nothing is lost. You can always find trouble, even for something that may have happened months or years ago. It's a special hacking deal, you get knowledge, you see things with another eye, but above all you must know what you are doing and the consequences of it.
[PAOK]: My advice is be careful and have been accustomed to what exactly they are doing or wanting to do. This is why, the digital world, is a world where nothing is erased and nothing is lost. You can always find trouble, even for something that may have happened months or years ago. It's a special hacking deal, you get knowledge, you see things with another eye, but above all you must know what you are doing and the consequences of it.
SecNews: Can you remember the first time you hacked?
[PAOK]: I hacked myself for the first time around my 15-16. It was a branch that always involved me and I always wanted to become a piece of it. I have always been woken about how they do it, how they do that, etc.
But I had not seen it seriously, but to deal with it. By the time I bought a new computer at a stage, I installed a firewall for protection, and the next day I worked I saw firewall notifications for attempts to invade my computer from some addresses, etc. This was the reason for deal.
[PAOK]: I hacked myself for the first time around my 15-16. It was a branch that always involved me and I always wanted to become a piece of it. I have always been woken about how they do it, how they do that, etc.
But I had not seen it seriously, but to deal with it. By the time I bought a new computer at a stage, I installed a firewall for protection, and the next day I worked I saw firewall notifications for attempts to invade my computer from some addresses, etc. This was the reason for deal.
I immediately started trying to look at where these addresses are, what they are trying to do to me and one question brought the other. So it became part of a community with a lot of reading about the beginning and a lot of food for thought later. Although the digital remains an exciting world.
SecNews: What prompted you to carry out the attacks. In which category join yourself (blackhat / greyhat / whitehat hacker)
[PAOK]: I have not always been attacking servers.At first I was pleased to make my plate, my taste that they say with private personal computers.
Later, however, as a more active member of society, by entering the labor market and facing the problems of every citizen of this country, I began to express my opinion, perhaps even my other concomitants, at the same time through hacking. I found that attacks on servers were a field that I could express, a kind of graffiti with a message post that would see a lot of people
Later, however, as a more active member of society, by entering the labor market and facing the problems of every citizen of this country, I began to express my opinion, perhaps even my other concomitants, at the same time through hacking. I found that attacks on servers were a field that I could express, a kind of graffiti with a message post that would see a lot of people
. So, having acquired the knowledge, I began to alter web pages by sending messages in any direction or sought to collect data and documents that I, according to my humble view, consider important.I put myself in the Grayhat Hackers category
. You do not know how you will react to something you find or read, while some do not want to read it for example.
SecNews: Do you have an estimate of how many servers you have under your control?
[PAOK]: I do not have a precise view now that we are talking but they are enough in their totality. You need to have access wherever you can in any way. It can be useful at some stage. You can do different if you have access to servers.
[PAOK]: I do not have a precise view now that we are talking but they are enough in their totality. You need to have access wherever you can in any way. It can be useful at some stage. You can do different if you have access to servers.
[button type = ”button” size = ”btn-medium” block = ”btn-block”] Description of the attacks. His view on DDoS [/ button]
SecNews: You can describe the attack procedure in simple words (without of course revealing details that should not be made public)
[PAOK]: A common process is to gather as much information as you can for a goal. Everything… Everything can be useful along the way. Then you look to find system weaknesses and where you can "hit" to achieve what you want.
Of course, you also look to "cover your ears" as much as possible. Now whether you will succeed or where you can go to achieve it and what techniques you will follow to do it, is everyone's personal and differs from case by case.
[PAOK]: A common process is to gather as much information as you can for a goal. Everything… Everything can be useful along the way. Then you look to find system weaknesses and where you can "hit" to achieve what you want.
Of course, you also look to "cover your ears" as much as possible. Now whether you will succeed or where you can go to achieve it and what techniques you will follow to do it, is everyone's personal and differs from case by case.
SecNews: How easy is it to finally make an attack?
[PAOK]: It's not easy, most of the time, at least where I'm aiming. It needs a lot of searching and you can use different techniques. Some may help you do what you want. We always talk about where you're targeting, not random targeting with automated tools. In cases where a public software failure is found and you just want to find goals through google, as most do, things are much easier.
[PAOK]: It's not easy, most of the time, at least where I'm aiming. It needs a lot of searching and you can use different techniques. Some may help you do what you want. We always talk about where you're targeting, not random targeting with automated tools. In cases where a public software failure is found and you just want to find goals through google, as most do, things are much easier.
SecNews: Are you involved in other attacks such as DDoS?
[PAOK]: No, I do not participate in such attacks, I prefer to work alone or with someone I know, we are thinking in the same way and have a common purpose.
[PAOK]: No, I do not participate in such attacks, I prefer to work alone or with someone I know, we are thinking in the same way and have a common purpose.
What he thinks about the future
SecNews: Do you have a template from Greece or abroad?
[PAOK]: My role model is a hacker that I have admired in very strong blows, even though he is in an "opponent" country. This is Agd_Scorp of Turkish Hacking group Turkguvenligi. Person with a lot of knowledge!
[PAOK]: My role model is a hacker that I have admired in very strong blows, even though he is in an "opponent" country. This is Agd_Scorp of Turkish Hacking group Turkguvenligi. Person with a lot of knowledge!
SecNews: Have you ever had legal adventures or been involved in any matter of your hacking?
[PAOK]: Fortunately so far I have not had any adventures with her Cyber Crime and I hope I do not have. From afar and loved ones :)
[PAOK]: Fortunately so far I have not had any adventures with her Cyber Crime and I hope I do not have. From afar and loved ones :)
SecNews: How do you see yourself after 5 years
[PAOK]: What can I tell you… no one knows what happens in 5 years. I wish I had even more knowledge in the field of computers and security and with stronger High Profile hits.
[PAOK]: What can I tell you… no one knows what happens in 5 years. I wish I had even more knowledge in the field of computers and security and with stronger High Profile hits.
[signoff] The author of SecNews, found that [PAOK] presents itself as a "hacker with a cause". Of course, on the other hand, the issues that arise regarding the criminal & legal part of the mentioned acts, can not be ignored, especially those related to personal data. The main concern of the coordinated state is to make use of such skills for the good of society as a whole and the country, adequately protecting young people from delinquent behavior. This is possible if the potential of young people like [PAOK] and many others involved in "hacking" is turned in the right direction (as has been done in China and the US respectively). SecNews thanks [PAOK] for providing the interview. [/ Signoff]
