Our friends from SecNews.gr, published a very interesting interview they got from the Greek hacker [PAOK]. We transfer it to you:
SecNews in Pan-Hellenic EXCLUSIVITY presents the interview of the hacker [PAOK] that he has done number of attacks with political targeting.
Achieving this was not easy at all. The editorial team faced exceptional difficulties to secure a secure anonymous communication with him (while reaffirming his identity) but the most important to be built within a short time, a relationship of trust so that he can make us public what he likes.
[alert variation = ”alert-info”] The young hacker, with the mature - despite his age - argumentation but also with a full understanding of his actions regarding their legal / criminal impact, developed his positions within 5 hours of communication. [/ alert]Within 25 questions and highly detailed [PAOK] makes his mark about με το hacking στην Ελλάδα αλλά και τις επιθέσεις που έχει πραγματοποιήσει. Επιπλέον δίνει σαφείς οδηγίες σε εταιρείες και ιδιώτες, ενώ αποκαλύπτει ότι διαθέτει access σε servers & εξυπηρετητές που θα χρησιμοποιήσει όταν κρίνει απαραίτητο.
The hacker [PAOK] interview questions from SecNews
The methods & ways of hacking according to [PAOK]
There are many parameters that play a role depending on the case… .On the other hand, this is what we say "The end justifies the means".
That is, if the goal is important, you will "fight" it as much as humanly possible, until you succeed or fail in the access you want to gain. Extremely many search hours in the digital game of "thief" and "policeman" :)
SecNews: Can you tell us a few categories of companies / public bodies or organizations you have access to and what kind of access is this?
[PAOK]:There are several agencies that I still have access to, although many "closed" my door when they located the preparatory stages of the attack :). Mostly though Greek government agencies and companies dealing with the public sector (either customer relationships or working with the public in other areas).
(Editor's note: During the interview, [PAOK] informed us that during the conduct of the TIF, he had assaulted site (of course, low traffic) of the Thessaloniki Union Police Officers. Indeed, we have confirmed this [here]).
SecNews: In what ways / procedures do you perform your attacks. Are your own tools available or are you using exploits / weaknesses in the software?
When you "scan" a target, your goal is to find vulnerabilities that you can exploit to steal data from databases and / or gain shell-level access to the server and beyond; .
The level of security of websites in Greece & the community of Greek hackers
[PAOK]: The level of security of the websites, as I said, can not in any case be said to be high at least for my own data. Many sites, companies, or individuals are vulnerable, which is if you want them to be. But higher profile goals (like Banks and multinational companies) are definitely a bit better.
There are clear steps to upgrade the security level of websites in Greece, but they often entrust the construction and hosting of websites to people who can not adequately protect their customers' data and infrastructure resulting in sensitive data leaking to hackers that nobody can know their moods.
SecNews: What do you think about active hackers right now in Greece
[PAOK]: The hacking community of Greece it's not as active as I have seen lately, but that does not mean that there are not enough highly skilled hackers in Greece. I think the potential exists, but lacking the strong incentive to act. And do not forget that in the times we live now, time is limited due to the many hours of work to make a living.Hackers, I assure you, are also part of our society who work or study or have families and there is not much time left to deal intensively with their "taste". we have seen several "strong" blows of Greek hackers from time to time.
SecNews: Tell us a little about you, do you the attacks alone or are you a member of a wider organized group?
The "political" blows of [PAOK]
[PAOK]: The goal is no other, from the sound of a youth protest, whether it be heard where it should be.
I don't discriminate, I don't listen to "colors” of parties and I don't just “insert” them into my strikes. Depending on the case, I can reward an organization / person in my own way if it is right based on its actions towards the whole of our society.I did not succeed. There are so many who do not know and I will never succeed, but I will not stop trying for the will of the Greek youth. The youth, as we see in our everyday life, have it written and uneducated, without a trace of programming in education, the Greek government. It is obvious that our Education year after year, Minister with Minister and according to the tastes of each and not after mature planning and making good decisions, goes from evil to worse.
[PAOK]:I always watch and take into account the situation so that I do not cause major problems to the servers I manage to access. In no case I do not have anything with the managers or the company that manages them.
Usually my goal is to post a message, usually addressed to political people or services, or to get some information that might be useful, but I NEVER destroy archives or someone's job without a very serious reason… In case there is a serious reason (these times are minimal), the only convenient solution you can follow is to destroy files at the admin / root administrator level and with such procedures that can not be recovered…In short, server corruption… Bad things!
Fear of capture and measures taken.
[PAOK]: Yes, unfortunately, dealing with hacking brings you into a state of semi-super-gross-illegality, depending on what kind of hacking you will commit, but everything is in the game and I know the dangers I run. I, like most I imagine, look to take as many measures as possible, so as not to get to the point of getting involved with the police. So far this has not happened and I hope it does not happen… :)
[PAOK]: Reading, it's the first one I can think of. The next one is tests… many tests. Basically, if you look at them in turn, you need to read to get familiar with the subject and with the methods you will want to work on and after many tests. Perhaps in your own machines at the beginning, in order to be able to reach the level of doing what you can read so long.
At the next level, you can also get in touch with other hackers around the world to exchange views, knowledge, methods, etc.. But this is definitely the last one, because you have to have some performances, a level to be able to be accepted by such communities. In fact, if you make some high profile blows as we say, these communities find you on their own many times.
Tips & Ways to protect users & companies from [PAOK]
[PAOK]: A Windows user, who is the largest mass and the most vulnerable, it would be good not to open / run files that do not know what they are / are doing and who sent them. There are many ways that a PC can be infected and even with the particular operating system. a good antivirus program and a good setup of the router, to be cut off before starting some thingsAnother important thing users have to keep in mind is not to leave their computer open and not to be present in places that a third party can access, either known or unknown.These are the most basic but effective steps to protect a day-to-day user.
[PAOK]: It can to keep all the software installed on its server up-to-date. At very regular intervals, one must distinguish which and with which rights one can access to its server in order to avoid any security problems (RCE, RFI, PHP SHELL, etc.) that he or she does not know. There are quite a few things they can do, and they usually have the appropriate security officer or group of people to do what it takes to have no problems.Those who do not have it, usually have problems and are… worthy of their fate :)
[PAOK]:I can not say there is trust in the hacking community. You can not trust, because when talking about hacking, we usually talk about acts that, as we mentioned above, sound between legitimacy and illegality, so you have to be very careful because you never know who can hide behind an IP. A little more trustworthy option may be the encrypted messages between hackers who have previously exchanged public keys with each other for the sake of at least reading the message only the one I know has the key.But trust can not say that there is.
The first attacks of [PAOK] and his "greyhat" approach
[PAOK]: My advice is be careful and have been accustomed to what exactly they are doing or wanting to do. This is why, the digital world, is a world where nothing is erased and nothing is lost. You can always find trouble, even for something that may have happened months or years ago. It's a special hacking deal, you get knowledge, you see things with another eye, but above all you must know what you are doing and the consequences of it.
[PAOK]: I hacked myself for the first time around my 15-16. It was a branch that always involved me and I always wanted to become a piece of it. I have always been woken about how they do it, how they do that, etc.
But I had not seen it seriously, but to deal with it. By the time I bought a new computer at a stage, I installed a firewall for protection, and the next day I worked I saw firewall notifications for attempts to invade my computer from some addresses, etc. This was the reason for deal.
I immediately started trying to look at where these addresses are, what they are trying to do to me and one question brought the other. So it became part of a community with a lot of reading about the beginning and a lot of food for thought later. Although the digital remains an exciting world.
SecNews: What prompted you to carry out the attacks. In which category join yourself (blackhat / greyhat / whitehat hacker)
Later, however, as a more active member of society, by entering the labor market and facing the problems of every citizen of this country, I began to express my opinion, perhaps even my other concomitants, at the same time through hacking. I found that attacks on servers were a field that I could express, a kind of graffiti with a message post that would see a lot of people
. So, having acquired the knowledge, I began to alter web pages by sending messages in any direction or sought to collect data and documents that I, according to my humble view, consider important.I put myself in the Grayhat Hackers category
[PAOK]: I do not have a precise view now that we are talking but they are enough in their totality. You need to have access wherever you can in any way. It can be useful at some stage. You can do different if you have access to servers.
[button type = ”button” size = ”btn-medium” block = ”btn-block”] Description of the attacks. His view on DDoS [/ button]
[PAOK]: A common process is to gather as much information as you can for a goal. Everything… Everything can be useful along the way. Then you look to find system weaknesses and where you can "hit" to achieve what you want.
Of course, you also look to "cover your ears" as much as possible. Now whether you will succeed or where you can go to achieve it and what techniques you will follow to do it, is everyone's personal and differs from case by case.
[PAOK]: It's not easy, most of the time, at least where I'm aiming. It needs a lot of searching and you can use different techniques. Some may help you do what you want. We always talk about where you're targeting, not random targeting with automated tools. In cases where a public software failure is found and you just want to find goals through google, as most do, things are much easier.
[PAOK]: No, I do not participate in such attacks, I prefer to work alone or with someone I know, we are thinking in the same way and have a common purpose.
What he thinks about the future
[PAOK]: My role model is a hacker that I have admired in very strong blows, even though he is in an "opponent" country. This is Agd_Scorp of Turkish Hacking group Turkguvenligi. Person with a lot of knowledge!
[PAOK]: Fortunately so far I have not had any adventures with her Cyber Crime and I hope I do not have. From afar and loved ones :)
[PAOK]: What can I tell you… no one knows what happens in 5 years. I wish I had even more knowledge in the field of computers and security and with stronger High Profile hits.