Where Is Hacking Now? A Chat with Grugq
An interview with noted anti-forensic researcher The Grugq turns into a broad-ranging discussion about the state of hacking and cracking.
March 12, 2007 — CSO —
First things first: This wasn’t planned. We contacted The Grugq (pronounced "grug") as research for a forthcoming feature story. But the chat, as chats sometimes do, went in its own direction. Before long, we had hit on broader trends in the hacking and cracking community, the economics of the trade, and anecdotes that show how hacking is changing in some ways, and in others, staying the same as it has for a decade or more.
So much myth and conventional wisdom grows around hacking that it’s useful for security professionals to periodically take stock of what’s real and what isn’t from those who are in touch with that world.
Quickly, we should set out The Grugq’s credentials. He is a noted forensic and anti-forensic researcher. He has created anti-forensic tools to demonstrate the weakness of forensics. He has worked in information security at a large financial institution in Europe and has worked for an information security consultancy. Currently, he’s "freelancing" and doing forensics training. Despite his knowledge of what’s going on with hackers and bad guys, he claims he’s completely legit. "I don’t hack," he says flatly. But his research does keep him in touch with the community of hackers, which he says is far more nuanced and stratified than most people think.
What follows is an excerpt from an instant-message chat with Senior Editor Scott Berinato. We’ve edited for grammar and, for clarity, rearranged answers when the chat was bifurcated and two conversations were going on at once. We invite your feedback.
...The Grugq: Good anti-forensics would prevent any stories, since no one would ever get called in to do the investigation. :)
CSO: That’s the problem I’m running into researching this story.
The Grugq: "Aspire to subtlety."
CSO: Good line.
The Grugq: That was the advice I got from my mentor. It’s what got me started on anti-forensics.
CSO: Who was your mentor?
The Grugq: I can’t tell you.
CSO: Can I ask why?
The Grugq: It was at a regular job. He was my boss. Very Old-school hacker.
CSO: Oh, so he was mentoring you on the side?
The Grugq: Well, I was hired to learn how to hack so I could be an in-house red team, which was novel back then.
CSO: Before everyone had a "research lab"?
The Grugq: Oh yeah, way before then.
CSO: Any other pearls of wisdom from him?
The Grugq: That was it really. Everything else was more practical. He didn’t like theory. He always wanted to see the code.