December 26, 2016

“You are never completely safe, you will always be vulnerable. You are never sure but it’s all about mitigating that risk.”

Says Jamie Woodruff, Technical Director – Metrix Cloud LTD and Europe’s No. 1 Ethical Hacker was the official Information Partner for ‘ResellerClub Presents HostingCon Europe, 2016’ in Amsterdam.

Here’s an exclusive interview of Jamie Woodruff, Technical Director – Metrix Cloud LTD and Europe’s No. 1 Ethical Hacker.

How does ethical hacking work?

So, when a company gets breached or they want to potentially make sure that they do not get breached, it’s like an audit. They reach out to someone like me and ask if I can conduct a penetration test. The penetration test is covered under ethical hacking. We look into what applications are running, what server versions are running, what operating systems are running, what firewalls, what switches and patchy stuff like that. And then you will be able to get a scope based around that.

For instance, you look at the scope and you see, (a certain) set of IP ranges, they are running (certain) types of operating systems, so (you can derive) the types of attacks which can launch against that.

But ethical hacking itself is more of a case, what you define as ethics. It’s not what I’m hacking, it’s why I’m hacking it. There are black hat hackers and there are white hat hackers like me who protect it (the Internet). The way I look at it, (just like how) you need police to protect your physical assets, you need hackers to protect your online security.

When was the first time you hacked into a system?

Probably when I was 11.

How much has hacking evolved since then?

It has really evolved. When I grew up it was really about making a statement, it was all about online political agendas, Anonymous being a prime example, lulzsec, TeaMp0isoN, etc. It was all about defacing websites making pictures and saying “hacked by your handle” or “the name you use”.

Now-a-days hackers break into industries or break into companies and they sit in that company for a long period of time. They won’t modify or change anything. It’s all about extortion, all about taking money, taking resources away from people without them actually knowing, because obviously if the vendor finds out, they will patch the vulnerability and the hacker will not be able to gain access by the entry point.

Hypothetically, if I owned a company with personal data of users on my database, what precautions must I take to completely avoid data leaks?

Just implement common sense across your industry. Make sure your employees understand their roles and responsibilities inside the company. Make sure that the system administrators are actually looking and getting softwares like AlienVault to monitor threats and vulnerabilities on the systems, brute force attacks, Distributed Denial of Service (DDoS) attacks, and make sure you are actively progressing, looking into the industry of cyber security and how that applies to you.

So, it’s more of a case that you have got personal data, look at what holds that data – the database – how it has been configured, look for patches, look at what it’s hosted on. Is it a linux platform or on dedicated server? And then look to break down each process into several different processes and how you can apply skill sets towards that and to help mitigate the risk. You are never completely safe, you will always be vulnerable. You are never sure but it’s all about mitigating that risk.

What advice would you give SMBs with limited resources to protect their basic websites from being hacked?

On a board level or on a small industry level, you have to make sure you actively understand cyber security as a risk. Just like (if) you had 10 rolex daytonas, the risk of them stolen is high. From a cyber security perspective, treat your data like that.

The risk of your data being stolen is high, therefore you should implement x, y and z to help protect and prevent against that. I know it’s quite difficult from a budget perspective, however, there are numerous government bodies and agencies out there where you can get grants and funding that would assist and help you towards your goal to keep yourself secure as a small medium enterprise.

What was your most embarrassing experience with regards to hacking?

I don’t really know, to be honest. Probably… I don’t really know. That’s a hard question to answer!
Oh, I walked away from my computer once, which is very stupid, and one of my friends, it was only him in there and he actually changed my Facebook pictures to something incredibly rude and that was quite embarrassing considering I’m a cyber security guy, I mean I trusted him but it goes to show that you shouldn’t trust people (laughs).

Which movies would you recommend to watch, what is your favorite hacker based movie?

Probably Die Hard.
When they do the fire sale, probably hackers itself. I think we’re eventually going to get there one day, when they hack the national critical infrastructure!

Share this articleShare on FacebookShare on Google+Tweet about this on Twitter