Sunday, November 22, 2015

Yago Jesús: "I spent one year in a police bunker to implement the DNIe"

Yago Jesús, co-founder of Security By Default

Men like Yago Jesús aren’t from Mars. Are from Saturn at least. Yago gives the impression of a mysterious being even for a lot of his friends. Serious, cold head, just his presence command respect and, like happens with other hackers, an invisible barrier looks separate him from the world. That doesn’t mean that they’re rude or they don’t care of anything: they just live above the rest of us, in an abstract mental corner. “I have a high sense of my personal and private life, I don’t like air my live, I suppose that’s why you don’t have many data about me”, says Yago Jesús when I asked him for his age or place of resident.

He encourage me to find information in an interview made by Chema Alonso who, confessing he isn’t very familiar with him, praise that he could “move at ease analyzing a hexadecimal uploading or managing the 2.0 image of a company”. Yago gave data about his work there: “I participated in one of the most important deployment in Europe for ‘The ruling ISP’, (also) we built the security department for another great ‘wire’ ISP. (…) I designed and developed a tool to encrypt mobile devices for a bank entity. I was with the responsible of the security and monitoring area in a military project…”. 
- -When I met you, you were advising to the government about the new electronic DNI. How a hacker become in advisor of high positions??

-Actually I’m part of the work team who implement the PKI of the electronic DNI, I was one year enclosed in a national police bunker in El Escorial. Was a very important project that allow me to meet real cracks of cryptography.

- The issue of digital certifications like you specially… My opinion is they just have destroyed a really good idea.

You’re enterely right but i don’t think the concept is destroyed, actually i think it’s still being the most feasible option, above other alternatives. Maybe which happened was the concept was based in a small universe and with less menaces, now is evolving very fast and I’m sure that it has a promising future.

- How you learnt cyber security?

- In different times, first with a legendary Amstrad PC 1512 in my home, i learnt a little of computing and even made my first steps writing virus, very simple and harmless. The computer had a modem, so I was hooked to IBERTEXT a long time, but after a shocking telephonic bill I left the computing apart, in this time I was 12. Later, in the late 1990s, I came back to computing and it was crazy, I entered in channels related to hacking, make friends, read… and since then, I’m still here.

- I’m only know one nick yours, I don’t know if you’ve had more: Icehouse

When i found the first screen of ‘put your nick here’ i use ICEHOUSE because is an Australian music group who I love it, even more in that time, I started to use and it stayed like that. During a short time i used MDuende for the song ‘Maldito Duende’ of Héroes del Silencio. I stopped using it because I had the unhappy idea of create a file called mduende.dip with the instructions to use certain 900 numbers famous in the late 1990s. That detail positioned me in the the list of ‘people to hunt’ during Operación Milenium.

It was an script I only gave to a little group of people, but in this time the people used to connect to the 900 from Windows because there were little information about how to do it from Linux, so it moved too much.

- Few hackers have written about the pile of tools you’ve written, and all of them are free and for cybersecurity

- Make your own tools is something VERY fun and didactical, first of all because demand you learn one or several programming languages and then because facing to embody in code an idea it’s a real challenge. See how reacts the community before the tools gives you a clear idea of the good/bad/useful/useless which is your too. It equalize you.

- One of them, Antiramsom, saved one person in the Navaja Negra convention when he was infected with a ransomware. How do you feel when you know that a tool of yours has saved someone computer?

- Actually i have several similar cases about this tool, I made it when I see the desesperation created by this kind of menace. Meet a women of 4x years old crying and saying that, or she recover her data, or she closed her company with a few employees, hit me strongly.

- Unhide is your most famous tool, even you have it in another website. Is used internationally. Again with the same question: how do you feel when the world use your creation?

- Unhide is a tool which I worked a lot, from his first implementation (a script in Pearl) until what is today… it has evolved quite enough. The Debian community has helped a lot, because they were the first in ‘packaging’ the tool and from there, all the companies added and also some *BSD system.

- eGarante is another wonderful, one of your last creations, to have certificated copies of publications on webs or social networks. It has been award-winning and it officially used by the Guardia Civil

- I don’t see eGarante like a tool but a service with a business project behind, with an investor, and people working on it.

- Unlike other colleagues your, like Lorenzo Martínez, you don’t go to so many conventions in CONs. Do you prefer write calmly in your home?

- Are differents filosofies, when I gave a chat about PKI in the Rooted of 2012, I presented for the first time a firewall of digital certifications and a ‘kit’ to attack to electronic DNI. But if I don’t have new material to show to the world, I prefer dedicate my time to other things. Worst of that is sometimes invest too much time on a concept/idea which finally doesn’t work and it seems that you’re stopped when actually you’re frustrated!

-As last question I usually ask to people a quote which they didn’t become yet in a password… but I think I ask to yo… a password.

- The only password you really can trust is the private RSA password in a smartcard associated to a digital certification.

Texto: Mercè Molist


Post a Comment