Sunday, March 6, 2016

Leonardo Nve: "I can't help but feel envious about the NSA's TAO team"

Leonardo Nve. Hacker.

Leonardo Nve was called "Fuego Fatuo" when he was part of the Spanish 90 hacker elite. Today, 38 years old, married and with two sons, he works doing what he learnt in these times, being Senior pentester for Cisco, after 11 years working in the Spanish consulting S21sec. Leonardo teaches also certificated courses in the Carnegie Mellon University and others, for fun, on international and national hacker community forums. And, he says: "I've been giving informative talks since the first Undercon ;)".

The Undercon was the first public hacker convention in Spain. For those times, Fuego Fatuo was in groups like the Phreaker National Company of Spain o COM30, cards cloner, numbers 900 dealer and network robber. Today, Leonardo enjoys driving airplanes and doing magic. His smile shows us a hearth which, as yesterday, pulses curious and rebel.

- Can I say in the interview your nickname in the 90's was Fuego Fatuo?

- Sure, paranoia doesn't works for me.

- How do you entered in contact with your first computer?

- I was really young when  a Canon V-20 MSX entered in my home, courtesy of my uncle when I was 5. And I started my first programs on Basic when I was 6 in the Maristas computing club.

- And the hacking?

- Ind a pre-Internet era, I started with virus >:), concretely in 1989, I know the date because a book about the 'Friday 13th' and the 'Pelota' virus has been already published and I still have it.

- You were part of a group in the 90's... how did you know them?

-  Is an inevitable conclusion when in it opened the first internet café in Murcia, a small town, , the 'Murciana Scene 'got together.

-Yo were in CPNE, COM30, The Old School... How were those groups, the hacker activity in the 90's, what is your biggest memory?

- We were friends above all, friends with really strange common concerns for those times, it was where the security DIDN'T exist, all the connected were virtually hackable. And we did it just by technical/scientifical interest, to better knowing the system, how it works and hacking systems was a fair play. Then, as additional activity was the phreaking, forgotten nowadays. What isn't in my biggest memory of those times are the women involved on hacking, such a shame.

- Is there some ethical rule which had guided your steps?

-Basically don't having the economical profit through hacking as an objective, pentesting is another different thing. My ethic was always scientific, or almost... Sometimes, seeing the actual numbers, I don't know if this ethic is the best.

- Which numbers do you mean?

- I mean actual cybercrime numbers, I see the balance between risk/benefits is positive ;)

- Do you remember the first computer you hacked?

- I remember my high school computers with my first virus, I never gave it a name. And after that... the most ancient I remember is a Murcia´s University work station, I remember even the bug. Also I remember scanning Internet the 'phf', a very popular bug of my times ¡I laugh of today hartbleeds or sheelshocks!

- Do you prefer the hacking of those times?

- Meeting with team friends, discussing objectives, interesting technical debates and going to work, I think I can say we achieved our objective at the 100%. As I said the cybersecurity concept, the real one, hadn't started until well into the XXI century.

 - And now? What has changed?

- Time, kids, people getting adult, earning money and losing this youth impulse. And the new ones have entered in a very different world, now the law is harder with hacking crimes, if you research and find a 0 day, you can sell it or as you probably have a Bug Bounty too, the scientific altruism has been lost. The technology is more complicated or there is more, in my times you knew about all and know you specialize in something or you bite off more than you can chew.

Also in my times we were only a few, and we created a real community. We knew each others, we had direct contact and the congress we made were really non-profit. However, I don't want the cliche the past was better, today we have 200Mb fibre in home and in those times I went with 9600bps with my Nokia 5100.

- From phreaking to hacking satellites, the technological change has been really big or it's only our feeling?

- It seems. In those times, and in my satellites talks I say it, the satellites matter was there. It was even easier. Warezzman taught me to tap it, then for my information talk I wanted to expand my knowledge.

- You were in the main American media with your satellite research. Imagine there aren't laws: what you can do with a satellite? 

- Almost everything, since introducing me in the company's networks which had these systems hired, to send wrong data to renewable energy because many of them works via satellite.

- What are you investigating now?

- Many time ago I realized there are many theoretical attacks but then  in the practice, nobody knows how to make it and how many 'hype' is there in the description. I'm working on it, in the Blackhat I'll give a course about Man in the middle techniques, trying to create a laboratory in the most real way as possible for the students learning and practicing more than the typicals concept tests we usually publish when we present a new attack or vulnerability. Also, I love to present something new and not things which are actually other´s investigation results, in this course I'm going to introduce new techniques and improvements to the next NSA generation which will make their work better :).

- Wich one do you think is the network main problem which requires the hacker community  attention?

- Terrorism, pedophile, organized crime, in that order. There exists many hacker giving solutions, patches, advices, privacy talks. Only a few, but they exist, launching tools and giving talks about how to find and follow Daesh Twitter accounts or suspicious Facebook profiles. I think is bad the people criticize Universities which research how to decrypt Tor to find the bad guys. Is truth that, as all have a double use, some people says the encryption is used by terrorists and bad guys to communicate themselves and other people says the Tor attacks are used to attack the good guys....

- What do you say to young boys who start in hacking?

- It is useful for anything, but basically to have fun (in a healthy way, of course), when you enjoy what you make, you make it well, if you don't enjoy reading and writing hundreds of codelines, making network captures and reading them in Matrix styles or reading and reading to understand the articles published by people, you better look for other work. If you enjoy doing this or making memory maps of a exploit process, HAPPY HACKING!

- Would you put your knowledge to the army service?

- Seeing what is outside and inside, I would do it if they ask me. Aside, the "toys" they have attracted the attention of my scientific and playful mind. I always admit I can't help but feel healthy envious about the NSA's TAO team.

Text: Mercè Molist


Post a Comment