Sunday, March 13, 2016

Alberto Moro: "You don't know about SQL Injection until you haven't keyed in a ' "

Alberto Moro. Malware Analyst en Panda Security

Mandingo is best know by his nickname than by his real name, Alberto Moro. He got famous in the computing when in 2003 won a hacking tournament called Boinas Negras (Black Berets), being the best of 4.000 participants. It was the first time the tournament was celebrated, organized by two respectable figures of the Spanish hacker community, Juan Carlos García Cuartango and Gonzalo Álvarez Marañon. Mandingo won the first edition. He brought a cheese table, a beret, a book and a on-site security course. 

In those times, hacking tournaments were only a few, but Mandingo controlled all of them: " I had participated in other tournaments before. I remember Izal, with its blue background, its ranks, ranking, forum and its different tests. There I had the opportunity of met virtually Romansoft and others. I also remember playing to some wargame like the S21sec ( I earned some cash) and I had "fought" against Kachakil and others, in the Chema's challenges (elladodelmal)", he explains.

- Are you still playing to hacking challenges?

- I left participating a few years ago; I prefer to dedicate my free time to drawing/painting, reading, programming, listening to music, geting out or playing video games. I maintained a wargame ( for many years I can't remember (more than 10 years), which has suffered multiple transformations. The purpose, entertain and educate.

What is the best way to learn about cybersecurity than challenging yourself? In my opinion, I don't think I am wrong, Yo don't know about SQL Injection until you haven't keyed in a ' in a X entry and obtained -what you search for-; doesn't matter much as you read, if you want learn about something, it is necessary to practise and practise.

- You studied telecommunications, is that true?

- Yes. When I finished high school it was in fashion and well, it seemed you could browse a lot with hardware and software... and I actually browsed... but looking for time to study because passing the exams wasn't easy precisely. I was part of a computing association and we spent much time "playing"; we met many "guardians", server protectors and "telnet accounts" which gave access to Internet; was pretty interesting knowing how the network works in its primary condition.

- Of all the cybersecurity range of possibilities, why do you dedicate to malware?

- Because it always seemed very interesting for me. I not only have the opportunity to work in cybersecurity, which I love, but also I'm constantly learning and struggling against the last cyberspace oddities, fighting against crime and making our computing experience more safer. I investigate, analyze menaces, develop countermeasures, I use all I learnt... I admit I have fun.

Along many years I worked as security auditor, making especially web security and network (external and internal) audits, pentesting, and sporadically matters related to wifi security, voip, mobiles, etc. Despite of it was interesting, I always missed to learn about what I don't know. This is how criminals operate, what information we manage, how we can improve our defenses, how are the last generation "critters", etc. The need to know and acquire more knowledge about how things works has led me here.

- I suppose ransomware is your area right now. Is the future so raw as it seems, with these critters?

- The "ransomware phenomenon" is certainly being important. Requiring a rescue to clean or unblock your computer is one thing but, encrypting the files? It's too much :)

The evolution of these kind of menace has been important in the last years, and studying it internally we see there are more and more "mature" products: asymmetric cryptography, C&C servers hidding in the TOR network, payment in Bitcoins... how do you stop this? This is a real challenge.

-Are there some ransomwares which specially attract your attention?

- A recent one called "KeRanger". Why? Because works in OSX (there are no many) and it´s the way of distribution. According to what people say, they altered the Transmission package, a pretty popular Bittorrent for Mac and they signed it to jump the Gatekeeper restrictions. But there are more... they hacked the official website and putted the modified package where the original was; great work. Once the UPX is unpacked, it's a interesting read :)

- Is the ransomware the malware which most "turns on" or there are others you like more, intellectually speaking?

- Sincerely, I like all the malware versions we can find, above all when are oddities or evolutions of previous malwares. But not only this, I also see the local exploits or used in its distribution (if it exist), the anti detection/virtualization/sandboxing techniques used and having time to analyze possible 0days, reproducing them and analyzing them locally, improving tools, fighting against encryption routines, etc.

-Spain had the best virus expert group of the history, 29A. Do we keep having this excellence?

- I think the excellence doesn't lose, only evolves and adapts to new times. There exist all kind of communities, with passionate people and high technical profiles, amazing developers and "speakers" who fill rooms and locals. What can I say? The "rookies" are coming strong :)

-When I started to use a computer, 30 years ago, there were virus. Today I am still using it and the virus are still existing. Will we ever get rid of them?

- Well, this is like thinking total security exists and we can modify it with an unique measure or punctual solution. We have to contemplate this phenomenon as a live race where everybody want to win, but it seems it never ends. On one hand we have people who want to make money, stealing or
speculating with third party-assets. On the other hand we have people who try to stop this giving solutions and fighting against crime and we have also the users who just choose which antivirus, protection software or which measures are going to take.

-Is the malware the main security problem we have on Internet or you highlight others?

-I think the main problem is we don't grow up enough to understand the technology and its potential in its entirety. More education in the use of those technologies is necessary , as well as understanding that making a backup isn't copying the files to another folder, knowing risks exist and using preventive solutions, the MW is only a tool, and behind it can be individuals or organizations and even governments, the information is money, the cryptography is necessary and the privacy is a right...

-Last question: Is there any ethical rule guiding your steps?

- Wait, I'm looking your "Hackstory"... I like this: "You can create art and beauty with a computer." :)

- Thank you :)

Text: Mercè Molist


Post a Comment