Our “Hackers around the world” series has been on a break for a while, but that doesn’t mean we have given up on searching for hackers with interesting stories.The LulzSec Peru hacker collective has been making a lot of headlines lately, so we’ve decided to ask one of their members to do an interview with us and, implicitly become the series’ “hacker from Peru.”
So, without further ado, meet Cyber-Rat.
Softpedia: Please tell us a bit about yourself and your group.
Cyber-Rat: My Group is independent, but sometimes we help “Anonymous” in Latin America in some operations.
Softpedia: What kind of hacker do you consider yourself to be?
Cyber-Rat: First I started like a White Hat, reporting to website owners, but I really don't like it so I became a Grey Hat hacker.
Softpedia: You say you're a grey hat hacker, but considering that you hack government sites, most people would say you're a black hat. Why do you see yourself as a grey hat?
Cyber-Rat: As Cyber-rat from Lulzsec Peru I am Black hat, or cracker, but I actually do good things with another nick which I’m not going to tell you for common reasons.
Softpedia: What determined you guys to pick up the LulzSec name?
Cyber-Rat: We decide to take “Lulz” because it means “Lol”, and the meaning Lulzsec Peru means laugh of Security of Peru.
Softpedia: Were you inspired by the famous LulzSec collective as well? Did you follow their work?
Cyber-Rat: No, but we’re inspired by the LulzSec name as we’re doing things just for Lulz, and we try to make a more professional work.
Softpedia: How old are you now and when did you start hacking?
Cyber-Rat: I’m 15 years old and I started hacking since 11 years old, but I started real hacking at 13 years old with Desh501. He taught me advanced intrusion and some coding techniques.
Softpedia: What triggered your interest to become a hacker?
Cyber-Rat: I wanted to enter places that common people can’t enter and never see in their lives. I really love hacking. I hack like 8 hours a days and I only leave my computer to go to the bathroom and eat something.
Softpedia: Share an interesting story with our readers about one of your hacks.
Cyber-Rat: I’m going to tell you about my hack in all Peru Domains. [.pe domain registrar]. I did everything with my friend Desh501.
First we searched in punto.pe for SQLI and LFI, but the website was a bit secure. Then we decided to look for another kind of vulnerability. So we went to http://punto.pe/whois.php and typed “Ingrese el Dominio” – “& ls –la” http://pastebin.com/nDmSAqmL
It worked and we uploaded a shell, rooted the Kernel, and dumped the database. We deleted, in a secure way, all the logs and deleted our shell.
Two weeks later we decided to leak all Peruvian domains, so we did it. And you can see the news here.
Softpedia: Have you ever had any problems with the law?
Cyber-Rat: I do things well, I have never had problems with law :).
Softpedia: Tell us a bit about the cybercrime laws from Peru.
Cyber-Rat: According to Peru law, you can go to jail 5 years if you deface a website and 10 if you modify a database.
Softpedia: Do you ever worry about getting caught?
Cyber-Rat: I don’t worry about getting busted because I hack with my friend Desh501. We even defaced the Peruvian Cyber Crime Police and have accessed all their emails.
In the emails we found emails of the FBI. We see that Peruvian cyber-crime police don’t have the abilities to bust us.
Softpedia: How did you gain access to the Peruvian Cyber Crime Police's emails?
Cyber-Rat: First, I didn’t do this alone. I did it with one of my best friends of the hacking world, Desh501.
We searched the IPs on which the web sites were hosted. We found one vulnerable to SQL Injection. Then we got an ASPX Shell because it was a Windows 2008 host.
The host was secure, but not really. We, as a Team, we have a Windows MYSQL Priv8 exploit which lets us to use executed commands with privileges.
Then, we uploaded a Metasploit reverse payload, then we upload REDUH to bypass the firewall and got the RDP login. Then it was all easy because we had complete access to all emails and web sites, including Peruvian Cyber Crime Police emails and the web host.
Then it was all easy. We deleted index.html and changed it with a deface web site. Next, we published all the emails we dumped.
Softpedia: You say Peruvian Cyber Police don't have the ability to catch you, but aren't you worried about the law enforcement of other countries? What if the Interpol starts tracking you, considering that you hacked several government websites from all over South America?
Cyber-Rat: Yeah, there is a little fear about intelligence agencies, but if you enter this game you should know the risk.
Softpedia: Which are the most important sites you hacked?
Cyber-Rat: Actually, I didn’t work alone, but I the most important site we hacked was “punto.pe.” We had access to all Peruvian banks, security companies, Google, emails accounts; in other words, all that ends with “.PE”.
Softpedia: What is your goal? What do you hope to achieve by hacking websites?
Cyber-Rat: My goal is to stop governments and people from saying that their website are secure from hackers. “Nothing is Secure at all.” I hate when people say that their website is completely secure and they changing the idea of a real hacker not only a defacer . For example, deface a web site and leak some secret documents: it’s hacking, not defacing.
Softpedia: Is there a famous hacker whose work you admire in particular?
Cyber-Rat: I admire Kevin Mitnick because he makes amazing things like hacking his ISP and tracking the police.
Softpedia: Is there anything else you want to add?
Cyber-Rat: Nothing is secure. On March 4 there will be 1 year of LulzSec Peru hacking.