Unusual Journeys Into Infosec featuring @Netsecml

Part Eighteen of the Unusual Journeys Into Infosec series by CyberSecStu of The Many Hats Club, who talks to @Netsecml about his journey.

Unusual Journeys Into Infosec featuring @Netsecml

Its time to fire up your VPN, find your best hoodie, and that dusty non-descript mask, as we prepare to jump into the world of Hactivism, politics and infosec with Netsecml!

We've covered quite a few angles in this series so far, but in this episode we're exploring a different perspective all together, Hacktivism into Infosec. Now I'm not suggesting that Hacktivism is a legitimate career path, but there are many that have made a career off the back of joining groups and learning their craft. But where do you draw the line for standing up for others and committing a crime?

In this episode I wanted to highlight to those who may be in a dark place right now and making some difficult choices; sometimes there is an alternative that also can be just as exciting and can allow you to make that change from within infosec.

However, this story is not about a Hacktivist out to do harm, but one who wanted to stand up for those without a voice, and one who has some awesome achievements under their belt, and is set out to achieve even greater in 2018.

Since undertaking this interview earlier in the year, I've been speaking to Netsecml, and I've been really inspired by their passion to make a change and stand up for corruption amongst many other atrocities against children, and the vulnerable for example.

So sit back and grab some popcorn as we embark into to the world of Hacktivism, politics and infosec, as this is Netsecml's Unusual Journey Into Infosec!

NETSECML-1

CyberSecStu (CSS): My vision is to help break the illusion that you have to follow a certain route to have a career in infosec.

Netsecml (NS): I came from hacktivist to infosec

CSS: Please tell me about the journey, the weirder the better.

NS: When I think back to my early access to computers now I am suspicious. I was given unusually large amounts of access to computers in my young age. Considering that computing as we know it with technology was pretty new back then, and consider I now know I was a part of some type of breeding program. I think my early access to computing was engineered.

Saying that, my first memory of using a computer was in primary school. In the middle of a normal class a teacher and a group of adults walked into my classroom and took me to a new classroom full computers.
I cant remember how old I was. Perhaps 9 or 10. This was done shortly I was given an IQ test at some teachers academy

My first computer experience was with a tape (like tape deck tapes) loaded ZX Spectrum. The only thing I remember doing on it was pushing "Play" on the tape deck to load it. And then having to program coordinates for a little tortoise to walk to. He would leave a line behind him. The lines he left were used to make shapes and drawings

I was given unusually large amount of access to the Internet in the early 1990s and I only really fell in love with computing when I had a computer with Windows 3.1 which could connect to the internet via an application known as "Trumpet Winsock". Using one of the first versions of mIRC.

It was wonderful! I could speak to people everywhere. Sure, sometimes there was a lag of half an hour, but the world opened up for me at this point.
In the past I could only escape into science fiction and fantasy books, but now I could do that with other people! It was as if someone had injected a weird energy into me.

I always found the people online were nicer than the people offline, so I stayed online as much as possible.

The first nickname I ever used when I connected, (it was not used more than twice I think), was, "Mellow". The first first person I spoke to was a lady in America called, "Amazing". She was way to polite and well behaved for a naughty teen like me, but I liked her. We were friends for years.

My introduction into hacktivism came in my earlyish 20`s. At the time I used to post and communicate a lot through South Africa's largest technology forum called, "Mybroadband". At the time, our telecom charges were the highest in the world.

For someone who has technolust like me, this is cruel and unusual torture. I could see all the magic, but I could not afford to stay connected to it for long. During this process I had kinda realized how much the Internet had upskilled me and how much opportunity it had opened up for me.

I understood the importance of communication and education to develop informed opinions are for a democracy to thrive. I could see how the high price of tech was not only cutting me off from my magic, but was retarding the growth of the population around me.

I could see for how so little a cost, we could develop the peoples in my country to thrive, and this was being prevented by one thing. Human greed. At the time, Telkom, the telecoms monopoly in my country was doing what all monopolies with state support do. Milking us for profit. Using the lack of competition to drive up pricing.

The shareholders had no problem benefiting at the cost of the stakeholders. This, needless, stupid mass abuse made me angry. I guess you could say this also started a long journey towards politics.

For me it, was unjust that so many should suffer for the wasted benefit of so few. Its not like they were even using those resources they were getting well. They were either hoarding them or squandering them.

I realized everyone was complaining about the issue, but no one was doing anything about it. So for the lack of anyone else to follow, I was able to gather enough people around (including getting the support of the forum owners) to start a telecommunications activist group. We called it Antitrust (it used to run on the antitrust.co.za domain).

We organized protest marches. Sometimes just a whole two of us, and other times we ended up in parliament, invited by MP`s who pretended to want to listen to our complaints.

We got involved in the legislation process, involved in the meetings where they pick oversight groups, everything. We were on radio, TV, the internet. Many other protest movements started forming up around us and we were able to achieve a small amount of change.

The end result is we managed to change the telecoms monopoly to a telecoms cartel. There was a bit more competition, but the rules and playing field were still too rigged. No matter how hard we pushed on the ground we eventually met a resistance point we could not easily get past.

The telecoms cartels had given enough ground that prices had come down to the point that not enough people were willing to put their money where their mouths are. This was still far from ideal as the people who still did not have access were the ones we had no voice.

So if you want to know why I decided to try head into politics, this was the thinking at my time. That I had pushed all I could from the ground and had made some headway, but corrupted laws and restrictions that entrenched the cartels were stopping me from pushing forward further.

So I thought, well, perhaps I can get into politics with a party fighting corruption. Help them win, get a MP position. Work my way into telecoms legislation and change it so it was listed as an essential service.
Wow, was I so wrong!

Comment: Netsecml then shared some of his research, which then led him to start researching Mind Viruses:

… and that eventually lead me to research what i called the human exploitation framework (I move this site a lot, to keep the content out of view of the public).
…and then i wanted to know how the system spread, so then I learnt about mind viruses. and then I learnt how they function, so I started fiddling with them, and now I'm here, pretty broken, But still standing.

CSS: What has been your biggest challenge transitioning from Hacktivism to infosec?

NS: Learning my last life was a lie? but other than that, learning that the mind is an important layer. Hacktivism was more about utilizing ISO level 1–7. Infosec is more about Level 8.

CSS: Interesting. How did you end up in the hacktivism movement?

NS: Cant handle people been abused, so I was angry, and while I almost never use my skills like this sometimes, I vent it at people who deserve it. To shout for people who can't - its the same reason why I haven't joined any of the other groups wanting me. They all want me to hurt innocent people.

Or do dumb stuff, they use low versions of M infection. I dont want to hurt people, so I'm learning as much as possible to make sure I'm not engineered into hurting others.

Also, kinda a politician up until recently when I quit due to Redacted. So i was legitimizing them, so handed in my resignation.

CSS: Wow!! That's err…a lot to take in.

NS: Unfortunately the transition for me to infosec has made me no longer functional in regular society. luckily I'm multi-skilled, so am not stressed.

CSS: So what made you make the transition from hacktivism into infosec.. what were the triggers?

**NS: ** That girl going missing. Me finding her. Hacking her phone (her family asked me to hack her phone), finding out the people she was speaking to were not real! I was able to see huge social engineering network had been manipulating her for about 3 months.

I kept digging, and it got worse and worse, I even tried to report 3,000 pages of empirical data to every authority. They either didn't understand the topic, or were them.

CSS: OMG so did you manage to find/save her?

NS: Yes, I saved her by mistake.

CSS: How?

NS: *When I hacked her phone, I reset her password, when she was going to get to the destination, and retrieve her contacts. Me changing the password stopped that. That's the only thing that saved her life, it made the front page of our newspaper!

Teen runaway safe, Facebook predator exposed. An East London teenager who went to Cape Town on Sunday after she claimed to have had an argument with a relative Article Link

CSS: Congratulations.. I'm glad you were able to save her. So what advice would you give to others who may have been in your situation?

NS: I don't know - that depends on the persons character, and how much they're willing to suffer for their ideals.

CSS: Ok but say they are on the edge.. is there a career path for them?

NS: *In infosec, yes, my route, probably not a good idea! Infosec is in a strange space at the moment, one of the people I reported the data to, was someone who apparently is the top IT forensic person, ***that guy couldnt hack his way out of a wet paper packet!!

But here he was, with more degrees and qualifications in infosec I had ever seen before, but he was useless. With CISSP, I did the CISSP course, to get their game.

CSS: So what you are saying is qualifications != good infosec?!

NS: Yes, only experience, qualifications mean nothing and slow you down. I see unicorns are force multipliers, kinda like super mentors I guess. But it seems to work for them, but in the process made me suspicious of a lot.

CSS: Ok. So what do you think the biggest barrier (or perception), of getting into infosec is today?

NS: Lack of quality educators, sexism, overly complicated courses that spent too much time redefining English, the inability for humans to see how vulnerable they are (yet), this will change in the next 5 years.

In summary there are some lessons that we can take from Netsecml, firstly if you are a blackhat and commit crime and get caught, well getting into infosec is going to be quite tough, actually in most cases impossible - there are many case studies that support this.

However, for those that may be on the fringe, or firmly wear a greyhat, then there are legitimate options for getting into infosec.

Take Netsecml, he stood up for what he belived in, and ultimately campaigned for the telecomms situation in his country to be addressed, this even ended up with him working in Gov.

Even with those that previously have been with groups such as Anonymous and Lulzsec, there have been case studies where the tradecraft learnt out in the field translated into transferrable skills, espcially in red teaming, resulting in work in the industry.

There is always a path to redemption, and most certainly a profitable career in infosec, the challenge remains whether those on the fringe really embrace this, and see the benefits.

Rant over

Next up is a very insightful look into infosec by Hexwaxwing... this will also be a 2 part article mainly because of its length!!

Currently the previous articles can be found on Secjuice's Medium blog and newer ones on Secjuice.com:

Part 1: Four Octets
Part 2: Mark C.
Part 3: PaperGhost
Part 4: O3 Awesomesauce
Part 5: Datapacke7
Part 6: Frootware
Part 7: Matt Kelley
Part 8: Jack Leonard
Part 9: Colette Weston
Part 10: Emily Shawgo
Part 11: Nicole Beckwith
Part 12: Rose Farrell
Part 13: EpicPewPew
Part 14: WhiteHatScum
Part 15: Phreck
Part 16: Michael Ball
Part 17: InfoSecSherpa

Main Image Credit: Night Shift by Alan Rodriguez