Interview: A Cybersecurity Expert Shares His Tips for System Hacking
A conversation with Certified Ethical Hacker Nicola Kalderash
From the perspective of an ethical hacker, can you explain what system hacking is?
From my perspective as an ethical hacker, system hacking is Lockheed Martin’s old definition of cybersecurity: [the] Cyber Kill Chain. The Cyber Kill Chain is all about reconnaissance, infiltration, deploying, finding a vulnerability, exploiting that vulnerability, deploying a payload, command and control, [and] multiplication so that you always have a back door to that system.
The rapid growth of things like the cloud, Internet of Things (IoT), and various new technologies has changed the definition of a system. How should ethical hackers approach this changing landscape?
Educat[e] yourself and never stop being curious. Some cybersecurity professionals probably feel, after a couple of certifications, that they know it all, and that’s backward thinking because things are changing. The landscape is moving and shifting, and you must stay ahead of the curve.
Educate yourself and never stop being curious.
Therefore, continue to keep reading and educating yourself. Stay up to date through blogs, podcasts, or even Twitter. You have the tools from the CISA [Cybersecurity and Infrastructure Security Agency] office to help you stay grounded in the newest threats, vulnerabilities, and threat landscape so you can still be a professional in your career and succeed for your employer.
Have you encountered system types that are more vulnerable than others?
I think the IoT is vulnerable, but more so the infrastructure IoT, a/k/a IIoT. These are systems and power grids. You see that with the dark energy hack that happened in 2015 against Ukraine from Russia, and you see that [with] the NotPetya attack that Russia launched against Ukraine and even some of these newer attacks, as Russia is—of course—attacking Ukraine, as they’re in a full-on war with them.
It’s because IIoT infrastructure is not designed with security in mind. It already has a lot of flaws, and then you’re putting it in the hands of people that don’t necessarily understand cybersecurity. So, what are they going to do? They’re calling a result to no password or default passwords, and it’s just a recipe for trouble. This is an area that I’ve specialized in a lot and [am] trying to learn about, because I think IIoT has the potential to cause massive mayhem.
You’re seeing it happen in Ukraine live—which is, in a dark sense, fascinating to read about, and my heart goes out to the Ukrainian people, but you see all these things in theory, and now you’re seeing action. It’s scary seeing how devastating [it is] when you attack this critical infrastructure through just cybersecurity methods. You can shut down an entire country, so that is a lesson of how this continues to be important.
America and other Western countries need to keep watch of this so they can protect their assets, because there are a lot of those gaping holes in our security, even back home in the U.S. or whatever other country you might be from watching this video.
What is your preferred attack platform when conducting system attacks and exploits?
Kali Linux is a good tool because there are so many tools developed in the hacking sphere that you can play around with. You[’ve] got steganography tools, password crackers, and vulnerability scanners that seem to work better with Linux. The way I learned, it seems to be a better system suited for deploying plate payloads.
Kali Linux is the best platform if you want to get started in hacking.
I will eventually start learning how to create malicious software for educational purposes. I don’t want to become some evil hacker, but to think like a hacker to prevent the bad guys from doing their things. Kali Linux is the best platform if you want to get started in hacking. Learning Linux and how to utilize that command line will serve you well in your career.
What tools would you recommend to someone just learning about system hacking?
I would recommend that people take a course on Linux. EC-Council has a CodeRed subscription, which I’ve signed up for, and you can get access to dozens and dozens of videos to continue learning after you get to [the] C|EH. I think it’s a great value. They usually throw in some promotions here and there, for those who want to wait for a better deal.
Otherwise, if you are looking for free work resources, you can find several things on YouTube. If you’re looking for specific systems, learn about the command line, because almost everything about hacking comes down to networking and pinging, and all this stuff is in the command line.
As a C|EH, what advice would you give to companies designing systems?
As a C|EH, I would say that fast is slow, and slow is fast. What I mean by that is companies are in such a rush to put out the product to stay competitive, and there are glaring issues in this iterative product development life cycle.
You know, they always end up in the cutting room for security, and they must go back and patch things, and [you’re] left with an unsatisfactory security product. It might be a great product and do what it needs to do when it meets the deadline, but there are some massive security flaws. There might be more zero-day exploits available that developers weren’t thinking of, just for the taking for bad actors.
So, if companies were to shift their mindset to thinking about how important security is and how you can incentivize that about money. You always want to pitch this in the many meetings to these execs about money saved because if you picture it, it will cost more.
After all, we’re going to delay the project. You’re not going to get them on your side if you tell them that if we don’t do this the right way and we must fix this, it will cause a massive lawsuit to the company. Well, I think you will have their ear a bit better, and they might be more willing to slow down the timeline to ensure that you’re implementing security measures. So, I think that is how designing systems could be better.
To what extent do you think system selection impacts an organization’s cybersecurity posture?
I might have an unpopular opinion: It doesn’t impact it as much as some people might think. If you educate your workforce, implement two-factor authentication, make sure that people’s passwords are complex or salted hash, implement hardware security measures [and] site security measures, all these things, it doesn’t matter. It doesn’t matter what system you’re using; if you have the right approach, you will cut about 90% of exploitable behavior from bad actors right off the top. I’ve learned in my cybersecurity career that people are [too] lazy to create complex passwords. Also, hackers are lazy hackers who want that low-hanging fruit, as they realize you might be a challenge, especially since most are script kiddies and copy code from GitHub. They don’t know how to create this stuff and move on to the next target, so you have increased your chances of not getting hacked. You can educate everyone not to click on malicious links in your organization.It doesn’t matter what system you’re using; if you have the right approach, you will cut about 90% of exploitable behavior from bad actors right off the top.
I’m Nicola Kalderash, and I’m a Certified Ethical Hacker. Thank you for your time.
Is your IT team equipped to handle system hacking?
Build a Rewarding Career with the C|EH
Fast-Growing Job Market
1,800+ ethical hacking job openings on LinkedIn alone1
C|EHs in the U.S. earn over $82,000 per year on average2
Wide Range of Opportunities
Prepare for 20+ cybersecurity job roles with the C|EH
1 https://www.linkedin.com/jobs/search/?geoId=92000000&keywords=ethical%20hacker&location=Worldwide 2.https://www.payscale.com/research/US/Job=Certified_Ethical_Hacker_(CEH)/Salary
Views expressed in this interview are personal. The interview has been produced with the aid of a transcription service and may contain dictation, typographical, technical, and/or other errors. The facts, opinions, and language in the interview may not reflect the views of EC-Council or the interviewee’s employer, and EC-Council does not assume any responsibility or liability for the same.