10/16/2014

why the journalist did not do his job when he 'abused' a young hacker to penetrate a server at the KUL

okay this is an important discussion because this discussion has to be held because the last ten years I have been confronted with the same kind of demands by journalists or the same kind of attitude

first we are talking about the serverhacker - not the modemhacker (about which I am going to write in a minute but who is astonishing guy (and he is looking for a job for his passion)

and serverhacker is maybe a big word because they didn't show how he did it and it is not clear if he only used some standard methods or really had to prepare a whole strategy and mix different kinds of attacks to arrive finally at his goal (the data)

  if you do a penetration test always define a goal that is worthwhile and that is always get the data from the machine because it is the only thing for which you can be condemed, it is the only thing that really matters and the only thing that afterwards make budgets and programmers move. Getting in or getting control over the server is bad but is not a CODE RED. Being able to extract important or personal data is always a CODE RED. So if you do a penetration test, tell them to get a certain dataset that is important to you.

but I was saying that the journalist did not do his job and this for the following reasons (and this must give you out there some thoughts if you are talking with or working with journalists)

   * if you are a source and you want to have a life afterwards, you better keep out of the picture if you have to do or say things that could be illegal or that could get you in deep trouble. Never underestimate the immediate power of the media (it will blow over and you will after a while be forgotten (in jail maybe)) so while some journalists will be pushing to the limits of sensationalism you will have to keep in your mind that you have to live your life and keep your credibility afterwards. You could make enormous headlines for one day all over the news, but the next day you will be taken down by your opponents (and the press will also just report that even if they are talking totally nonsense).

 NO picture NO video No name

 * if you are going to be used to do illegal things (under our very strict computercrime law) than you should ask them in writing in how far you are going to be protected as a source. Because if you are a source of the journalist (and you are not in the picture and your name is not mentioned) than you fall under certain legal protection because the sources of the journalists are legally protected (except if you penetrate a nuclear installation or an armybase and set off a situation that falls under exceptional national security and so on).

 He is not mentioned as a source, the reporter plays the game of reporting things, this is slightly different.

* if there is going to be trial and you will need legal defense, who is going to pay for that and because you did those things as a source for this media, than they should preview some participation in the financial costs of that trial (and if you are going in appeal against your probably first conviction than it will cost even more).

* You should get your own lawyer to assist you when this is all put into motion (and than they will probably go and start looking for somebody else because you are too difficult and than you know that their intention were nog clear, they just wanted some sensational shots from a marginal lone hacker from his bedroom to use and than forget all about the consequences for the guy they are leaving behind afterwards.

 I speak from experience and I had to help friends during these ten years to stay out of trouble and I can assure you that this was not funny and we - and my friends - stayed out of trouble because we were sure we had everything covered before we went PUBLIC.

 If the young hacker is to be interrogated by the FCCU he should absolutely bring a lawyer with him to assist him.

 It is time for the organisation of journalists to set up guidelines to stop this kind of behaviour that is totally unresponsable in this case. The direction of the VRT is very proud that they are not explicitly mentioned in the case but they are definitely totally linked to the case, because if their journalist did his job as he should have done (protect the anonimity of his source-hacker saying only that he 'received those files during his investigation' than he hacker should have been safe and he would have been safe and the police would have no case to do a search and if everybody would have kept quiet - which would have been in the interest of everyone - than everybody would forget about this other case of hacking in Belgium of which many are to follow in the months and years to come (because of our securitysituation)).

 

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.