"Kondor", the No. 1 hacker, talks about the chaos they can cause, with the biggest risk being medical device security breaches
For at least a decade the mastermind of the "Greek Hacking Scene" under the pseudonym "Kondor" had the ability to "invade" government -and not only- pages in Greece and abroad, spreading chaos. Today the person behind the online legend is completely legitimate, he speaks and reveals himself exclusively to "Espresso".
BY GINA ARVANITIS - [01/12/2015]
Three and a half years after his arrest, the now 30-year-old hacker Theophanis Kasimis throws off the mask of anonymity, as he has crossed over to the other side and runs an information systems security company. It seems that it is beyond imagination what "cybercriminals" can do to our lives, as he himself warns that where there is wireless network there is no security! Everything can be at the disposal of hackers!
"Wi-Fi enables hackers to operate with ease. The logic of 'what gets locked gets unlocked' applies, so anything with a code can be opened and therefore there is no secure website. In wireless networks, a malicious person can, in no time at all, take the administrator's rights and use them as they see fit," says Kasimis.
For the 30-year-old, the most dangerous part is the part concerning the violation of the safety of medical devices. "It is now known that pacemakers can be targeted by hackers! It is possible to 'crack' the wireless transponder code of a device, so they can cause electric shocks! In short, they hold a person's life in their hands!" says "Condor".
Hackers and hijackers are a serious problem, as they hack into the wireless network now available on planes. There is evidence that they can very easily, via Wi-Fi, hack into the avionics system and take full control of the navigation systems! A typical case is that of an IT security researcher who, through an ethernet port located under the seats, was able to gain access to the instruments! When he tweeted the information, the pilot was ordered to land the aircraft in order to remove the hacker.
Infringement
The case of IoT (Internet of things) hacking is about hacking devices in the home. Once the homeowner has installed security systems or devices that can be controlled remotely via a wireless network, the malicious Internet user can use this control feature to their advantage. There is the example of a hacker who had obtained an image of the interior of a house through the camera used by the residents to view the babies in their room. This way he knew when they were gone, which gave him the perfect opportunity to break into the house!
Even state-of-the-art vehicles can easily be hacked. Their instruments are controlled by computers, so hackers can take control and literally drive them, even when they are on the move!
What is bitcoin
Bitcoin is an "invisible" currency, exclusively in digital form. It is not issued by any bank. The simplest way to obtain it is by exchanging currency. Each bitcoin corresponds to a specific value of another currency (today, 1 bitcoin is 350 euros). There are web applications that facilitate the creation of a "digital wallet", a kind of personal account of the intangible currency, in which the user stores the bitcoins after converting his physical money. If one wants to do the reverse process, there is the possibility of withdrawing banknotes with a special automatic withdrawal card sent to the user by companies that exchange money for bitcoins. The card is used in corresponding bitcoin ATM machines, where money is withdrawn according to the bitcoins in the digital wallet.
Russians threaten three Greek banks
For the first time, three Greek banks are confronted with a mafia-like online organization, which received threats to collapse their security systems! The Russian hackers failed to "lock down" their operations in their first attempted attack, but are demanding a ransom in digital currency to prevent their defences from being breached.
The online extortionists had given banks an ultimatum until midnight on Monday, asking them to deposit 700 bitcoins, an online currency worth around half a million euros, into a special account! The attack on the institutions raised an alarm at the National Security Service, which is investigating the case in cooperation with the Cybercrime Unit, the Bank of Greece and the three target banks. They have already taken the necessary measures to ensure that their security systems can withstand any attack. The repeated attacks by the hacker group Armada Collective were launched last Friday and Saturday on the banks' e-banking systems. For at least two hours, users of the service were unable to make transactions.
The group of Russian and Chinese cyber "pirates" started their activity in 2013, "hitting" a bank in Kiev, whose ATMs were "spitting" banknotes for 24 hours (!) to the delight of passers-by. Since then they have hit at least 30 banks in Europe, America and Japan, but without touching depositors' money. In particular, they are asking for a ransom from the banks' managements not to pulverise their security systems and unlock confidential files. The FBI and the CIA are closely involved with this organisation, and Barack Obama himself receives classified briefings on the progress of the investigations.
The online "hits" that caused a stir
Theophanis Kasimis started cyberattacks at the age of 16, when he realized that the games his peers were playing on their computers did not cover him! "I taught myself programming. I joined a related forum, where I met other 17-year-olds, we formed an informal group and tried to take over websites for our own pleasure, not for financial gain. The first "victim" was the website gayhellas.gr, where we left messages to the administrators and eventually deleted it because... we didn't like it. Slowly we developed our skills and formed the Greek Hacking Scene with strong "hits"..." he tells "Espresso".
His idol was Kevin Mitnick, known as "Condor", the cyber-hijacker who had managed in the early 1990s to steal millions of dollars worth of corporate secrets and infiltrate the US defense system! When he was arrested in 1995, the FBI asked that he be placed in solitary confinement because he could start a nuclear war... by whistling into the phone! Theophanis Kasimis adopted the pseudonym, changing the first letter ("Kondor"). "We were spying on people, we had access to cell phones, computers, e-mails, we were hitting everything that was against Greece. We were not fanatical nationalists, we just loved our country. What we did is illegal, but it was the way we chose to react, with power in our hands."
Theophanis Kasimis recalls their online attacks that caused an uproar.
Websites
"On 28 October we hacked 850 websites in Skopje. In one night we took down the website of Nikolaos Stoidis (bulgarmak.org), which stated that Thessaloniki is Bulgarian, we took down the website of the Greek Satanist community and received threats. We went into the e-mails of a well-known journalist-presenter and saw that he was making erotic appointments with young up-and-coming models! We could control what we chose. Then the arrogance came in and we got away from what we originally had in mind."
On 1 March 2012, the Electronic Crime Unit managed to identify all the members of the Scene: "I was arrested at the company where I was working in Nafplio, but nothing was found on my computer. We had been ordered by the then Minister of Justice to be arrested. I had been attributed the 'hit' that had been made in 2011 at the ministry, which I had not done. In the 320 pages of the case file there is no proof of what I did, as they could not find an electronic trace of me." Theophanis Kasimis clarifies: "The fact that I never touched money, even though I could, helped me not to speak from inside the prison today. We knew pin codes and personal customer details, but we never touched them. Where we found gaps, we let the administrators know to fix them."