actorartathleteauthorbizcrimecrosspostcustomerservicedirectoredufoodgaminghealthjournalistmedicalmilmodpostmunimusicnewsworthynonprofitotherphilpolretailscispecialisedspecializedtechtourismtravelunique

I was a blackhat hacker and went to jail for 2 years - still on parole.

May 22nd 2017 by hacker_ama • 18 Questions • 61 Points

My short bio: I was a blackhat hacker and served 2 years 2 months in prison, i'm on parole now. I was sentenced to 3 years and 6 month, but i was a nice prisoner and so i'm on parole now.

They got me after a partner in crime went to jail, he served his sentenced and started hacking again, they got him again and he revealed my identity for a lower sentence.

English is not my first language, obviously. Please ignore all those stupid grammar and translation mistakes.

My Proof: http://i.imgur.com/qJqAymn.jpg (its my penalty order and lists all my crimes, the entire letter is 21 pages in total) there was no media involved, so there are no articles in newspapers or something (thank god)

Crimes summarized: Sabotage of computers, fraud, preparation and committed spying out of data, dealing with stolen digital data, exploitation of secrets, forming of a criminal organization, instruction, approval and reward to commit crimes, money laundering, taking pictures and recording the voice of a person without permission.

Q:

If you were a hacker and sent to prison, shouldn't one of the conditions of your parole be limited internet access? Anyway, how did you learn to hack?

A:

I'm from germany, there are not such parole rules here - which makes sense since a normal TV would be enough to hack into my neighboors WLAN.

"Learn" hacking, good question. Most people ask how or when i started hacking. I think you can't "learn" hacking, your mindset has to be "hacker"-like. Most people are pleased how their phone, laptop or clock works. I was never satisfied until i understood HOW it worked and HOW i can use it for other things.


Q:

Hey op, any possibility of you becoming an information system cyber security expert ?

https://www.reddit.com/r/IAmA/comments/6cfgm2/i_am_a_certified_information_system_auditor_cisa/?st=J2ZMQD92&sh=6549981c

A:

Its hard in germany to get such a job without a college degree. But i will try it as soon as i can!


Q:

Was it all worth it?

A:

Yep. To be in jail sucks but i visited all the countries i'm interested in, i had fun and the most important part - my SO is still with me.


Q:

Who were the primary victims of your crimes? Were they large organizations or normal people? Do you feel remorse for any of the victims?

A:

The most money i made with companies, i stole their secrets and sold them. When i started i blackmailed people, cheating husbands and spouses are paying much money to save their already broken relationship.


Q:

how'd you meet your partner in crime or what medium did you meet them through?

A:

He asked for a malware developer in a forum almost 10 year ago. It was fun so we continued working together. We are still good friends.


Q:

Coolest thing you've done? (hacking related)

A:

Asking my SO for her number back then. I met her 4 years before i went to jail and she is still with me, i'm lucky.

I was at a bar, spoofing and sniffing WLAN and testing a new tool i made at my laptop. I was almost through and then this girl came in, i had low self-esteem so i didn't even though about speaking to her - that changed when she got her laptop out, a laptop covered with hacking related stickers. Long story short: I spoofed the wlan, blocked her out of the internet and asked for her number as a ransom. She laughed and gave me her number. She worked as a IT trainee and we came along.

Don't know what happened in my brain in that moment, i was a fat, shy guy at that time and suddenly i asked out this beautiful girl.


Q:

Did you make a lot of money doing the things you did?

and

Is it still possible today to make that level of money doing the same things or have things changed? (recent strict KYC regulations on everything to do with finance online seems to be a bit of an extra hurdle - or maybe it is meaningless?)

A:

The police seized about 7.000€ in bitcoins and 20.000€ in cash. Well, thats what they seized. :)

Today you can make even more money with the same things, even with the same techniques.

KYC? Use bitcoins, trade from person to person or just steal someones identity. The rest is social engineering, the security system can be perfect - humans are not.

EDIT: typo - 70.000€ in bitcoins.. i just leave it there for the laughs.


Q:

Did they get all of your money or only a tiny amount and you still have a bunch of money squirrelled away. I would think a hacker would know how to hide money.

Not a cop

A:

Ask me again in 3 years. Periods of limitation are funny things!


Q:

Thanks for the AMA and I am curious about your list of crimes. Do you think you would have gotten the same sentencing if you committed fewer of those crimes, but still of the same caliber? "Dealing with stolen digital data" and "sabotage of computers" seems to go hand in hand, and I am just curious if the aggregate collection makes it more or about equal severity in the eyes of the law

Do you see a path to becoming a white hacker or what are your plans for future work?

A:

In that kind of letter they write everything down what they know about, i got it before there was a trial. I wasn't charged for everything since some things belongs together like you said. Forming of a criminal organization without rewarding or approving a commited crime sounds pretty unsuccessful.

I got a "okish" sentence i had a clean record and that saved my ass. A previously convicted person could have been in prison for 7-8 years.

I think about working as a freelancer in IT but since i know how much money there is on the other side.... maybe i should get away from that stuff completly.


Q:

Could you describe the process you used to compromise systems?

A:

many random infections: Hacking well known sites for a short period of time, so no one notices it. Spreading malware over p2p networks - stop pirating movies, porn or games from those places.

sniffing mobile devices: Go out with our laptop and setup a WLAN access point (sector antenna in your backbag is pretty useful.) sniff everything.

Companies: Tricky.. social engineering and hacking is involved, pretty much at the same time. To hack a company you have to be a really good liar because you will most likely have to call them at some point. Sometimes there are security flaws but thats not always the case and when thats your full-time job you can't wait for those lucky days.


Q:

For you to hack a phone what information would you need about it?

(Or what kind of contact with it)

A:

For a specific device i have to touch it, know the owner, or have control over the WLAN access. Most infections are random.

But you would let me use your phone when i have to call my mom because Uncle Freddy just died...


Q:

Is it easier to hack through a laptop, or through social engineering?

A:

Depends on the situation. Getting as many victims as possible? Random spreading. Hacking a specific target? Social engineering.


Q:

What do you think caused you to steal money? Was it a lack of money growing up? Poor parents? Society pushing people to be consumers and want the best of everything?

Congrats on upgrading you education while serving your sentence! All the Best for you in the future!

A:

I had pretty low self-esteem at the point i started being a blackhat. All i wanted was money, coke and bitches. Ended up with a girl who deserves a ring on the finger and gets it soon.


Q:

Serious question: On what parameters do they classify a prisoner to be 'nice'?

A:

I had school to get a better graduation, i finished that, i never had problems with other inmates.. i even remembered the birthday of a guard. Just be a normal person, don't start to eat peoples hearts and stuff.


Q:

Do you hold it against your former 'partner' for giving you up? Would you have done the same in his position?

A:

No, he had a infant at that time. His sentence was 6 years before he "betrayed" me, after it it was 4 with a possible parol after 3 years.


Q:

Do you hate your partner in crime for turning you in? or do you understand his situation and forgive him? Would you have done the same in his place?

A:

No, he was a fresh father - his kid was born 2 weeks before the police kicked in the door. He lowered his senctence to be with his kid. No bad blood there.


Q:

Do you use backtrack Linux ?

A:

I used it! Great OS, everything you need. But Archlinux is my favorite when i had to choose a main-hacking-OS.


Q:

Op,how old are you ?

A:

I'm in my verrrry late 20s