Monday, January 15, 2018

Chaos in Manhattan

Traffic lights of a large city simultaneously in green, massive chain clashes ... Something more than two years ago, New York could have suffered the takeover of the transit system by a terrorist group, it didn´t happen but it was evident how simple it was to do it. Someone demonstrated the ease with which they could access the traffic automation systems that are being installed these days in the largest cities in the world.

Today at CIGTR we want to give voice to that someone, César Cerrudo, the creator of the chaos in Manhattan that June 3, 2014. Currently CTO of IOActive Labs, famous for his research in ICS / SCADA, Smart Cities, IoT and software security. Currently César could be considered one of the most important professional hackers in the world, and although many still link the term "hacker" with not very clean actions, in reality this term doesn´t allude more than the fact of having extensive knowledge in the network and the programing.

César is today one of the most talented hackers and it´s interesting to know about Cesar's career. Breaking off topics, Cesar never really finished college, as he says: he was busy doing useful things. "I always liked to take technology apart and when I started to get access to Internet I finally could get into hacking and start learning a lot and try different things, this was like 18 years ago or so. It wasn’t easy but I tried hard and could start doing interesting things, presenting at conferences, traveling around the world, etc."

His professional development has led him to step on several companies and projects, but when asked about his biggest challenge he is clear: "Hacking the internal components of MS Windows (Kernel, IPC, etc.) has been challenging because you need to learn much and there is not much documentation, reverse engineering, doing many tests in different versions of MS Windows, omitting many protections, etc. to find interesting vulnerabilities, exploitation techniques, exploits, etc. "

Being someone who started from his own home, you might think he has had access to a lot of devices and tools that have allowed him to access other people's terminals but in reality for him only 4 tools are the basic ones for any hacker: "I think that the main tools are a Hex editor, a good debugger, a C compiler or a scripting language interpreter and a good disassembler, with these few tools you can do everything, even create more tools if necessary."

A very current issue and linked to security are smart cities. In many of these cases, smart city projects lack a security focus because of their design. As expected, according to César, this is a tremendous error: "Most cities around the world are becoming smarter by implementing new technologies in different areas; the main problem is that most of this technology is insecure and cities they do not understand the associated risks and what they should do to reduce them."

Currently, cyberattacks are reaching all sectors, large and small are suffering the sophisticated and increasingly complex attacks of criminals. When César is asked about the most exposed industry for him, he answers that the health sector: "I think that health care is the most exposed since it has been shown that they do not have a good cybersecurity in general and they deal with human lives and / or confidential information. "

Everyone, whatever the area, we start from below. César had his passion clear from a very young age and thanks to that he has illustrated us not only with the example of Manhattan, but also with many more. César is the clear example that knowledge and skill do not always have to be placed in the hands of the "dark side" of the battle. Fortunately, on the good side of this cybersecurity struggle, we have great professionals who contribute every bit of their time to continue fighting against the attacks that try to break us down.


Post a Comment