Thursday, July 30, 2009

31337 Spotlight: @SecurityRant

Hey everyone... as we roll on to Post #300... we get to know more interesting people in the InfoSec world. Today's victim of the limelight is someone who affectionately goes by "SecurityRant" on Twitter. While I don't know anything about this person - other than they have a dislike for my 31337 Spotlight series... and ironically couldn't wait to get on the page here - the interview is quite interesting. SecurityRant always has something to say, which is no shock... and it's usually disagreeing with what I'm going on about (again, no shock).

Love him (since the profile of SecurityRant seems to point to a male) or hate him... the brutal truth always comes at you like a ninja-star through the mouthpiece that is SecurityRant... so I won't stand in your way any longer... meet ... SecurityRant!

  • So... "SecurityRant" - tell us something about yourself
My name is @Securityrant I've worked for financials, governments, International organizations, security vendors and lately for MultiNational United. In my job I've handled nuclear material and I knew there were no WMD's. I've ridden mopeds with Russian boarder guards, sung songs in small sailing towns with polish sailors while drinking un-pasteurized beer. I've had diplomatic immunity and have know cold war spies. I know how to break down and service an AK-47 or an M4, I've learned the power of playing guitar on the beach next to a fire. I've been through a police interrogation (complete with bright lamp) and worked along side the secret service. I've altered my mind though various substances, climbed some of the tallest mountains in the world and have taught myself how to code in at least 10 different languages. I have written viruses and have exploited OS's and systems that don't exist anymore. I have run a BBS in central Europe, owned a FidoNet address, was a 150 level wizard/coder on the most popular MUD in Finland. I once brought down an entire International organization because of a typo in my code, oops. My favorite computer ever was a NeXTstation. I listen to industrial, metal, techno, trance, trip-hop and ambient. Some people think I can see the future, the truth is I am just good at pattern recognition. I don't believe in god. I'm an INTJ. There is less than 6 degrees of separation between me and Kevin Bacon. I can be a little annoying. I can keep a secret. I gave up most of what I listed above for money and a suit and if you knew who I was you wouldn't believe any of this because that's exactly the way I want it. Last but not least, in this entire paragraph I may have embellished the truth a little but I'm only lying about one thing.

My friends, I am the most interesting hacker in the world. I don't always drink, but when I do, I prefer a gin and tonic.
  • What types of technologies do you focus your 'hacking' on (and why)?
I hack the only thing worth hacking: Life. For any given encounter or personal goal there is always a set of words and actions that if played out in the right order can get you just about anything if you are really good at your craft. In every job I've ever had, I've been able to breech the security of the facility/place I worked. I used to report it and write it up, but these days I just do it for kicks and keep the details to myself. My approach is always a blend of physical and network penetration techniques. Some might say that's cheating but I say only the end result matters and I'm not doing this for the glory. My current project is reverse engineering the necessary steps to massive amounts of personal wealth. I think I'm pretty close.
  • What your most famous/proud accomplishment over the course of your career?
Wouldn't that be more of a curse if you could look back on your career/life and say that was my greatest moment? To me looking back like that just means you know you reached your peak and it's all downhill from here. The only time I look back is to learn from my mistakes, not my victories, and I've made _a lot_ of mistakes, but there is one accomplishment that I'm proud of: not being noticed. My greatest skill is to be underestimated, people just don't see me coming. But it's a double edged sword. It's something that gets me in trouble with people because they don't know if they can trust me (they can, assuming they have integrity themselves) or they think I'm slacking and it's why I'm angry a lot of the time. BTW, if you keep a low profile you learn real fast who are the people who just want to stand on your throat to get ahead because they ignore people who keep a low profile. This industry is filled with attention whores and vendor bullshit and it drives me nuts.
  • What got you started in Information Security...
You know that movie with Angelina Jolie and that guy named Zero Cool? Just kidding. The same reason any of us got into InfoSec - because of an uncontrollable thirst for knowledge, because I wanted root on everything (which was really naive BTW). I didn't really get into InfoSec, I just woke up one day and realized that's what I did for a living. I despise that the InfoSec industry even exists because if we were all doing it right, security would be part of everything we do, not something independent that we paint on after the house has been built. If a system or process is well engineered from the start, it's resistant to misuse and attack by default (notice I said resistant, nothing is ever secure over time). Security should be like air, only noticed when it's missing. Eventually my desire for knowledge led me to the desire to create something which is why I started working for security vendors.
  • Tell us something that people rarely know about you?
My true Identity, which I'm not going to tell you and all that stuff I listed up above. Since I'm not going to answer this question, I'll answer something else: Why am I here?

Why am I here?
I'm here to speak bluntly about the nonsense in the security industry and just call it the way I see it. I want to be fair however, if there is true innovation and something cool then I intend to draw attention to it as well but as luck would have it, there is more to be critical about than there is to applaud these days. Securityrant is anonymous because I don't want this to be about me personally (which by answering agreeing to this interview I'm breaking that rule a little, oh well). I want this experiment to be about the things I draw attention to, not me, but I do want the ideal represented by @Securityrant to be famous in a kinda Guy Fawkes, V is for Vendetta kind of way. Part of that means letting others contribute to Securityrant as well and I invite everyone to participate. If there is something you think needs to be said but don't want to be the one saying it, send Securityrant a direct message and Securityrant will get the word out assuming I don't think you suck.
  • BONUS: What was your first computer system?

The Atari 800, after that it was anything and everything I could get my hands on. BTW, why is it that hackers always want to talk about their first computer system? I think it's a not so secret attempt to try and prove how "elite" you think you are. I just said I cut my teeth on an Atari 800, does that make me elite? No it means I'm a freaking dinosaurs and doesn't prove I have skillz in any way. Now if I had said a PDP-11, now that might have been worthy of a little respect. See what I just did there?

No comments: