The long-mysterious ethical hacker Elliot Alderson spoke to Brut about why he's always testing Indian apps for weaknesses, all the way from France.
Category
🤖
TechTranscript
00:00When you know that the personal data of millions of people are vulnerable, it's like a duty.
00:27Especially in a governmental application.
00:30I have a lot of Indian followers on Twitter and I'm trying to stay updated on the latest Indian news.
00:58All the social networks started to talk about this new application, this Twitter alternative.
01:05And everyone was asking to me, OK, can you test this application and see if something is wrong with that?
01:28It's not a big secret, but it's still personal information.
01:40Everyone is free and I don't have any issue with that.
01:43If you think this is the issue and raising is fine for you, but maybe it's not an issue for other people.
01:52And the funny thing is, when these kind of people are doing this kind of feedback, the company always fixes the issue.
02:02So if it doesn't matter for them, it matters for the company.
02:07When you know that the personal data of millions of people are vulnerable, it's like a duty.
02:28You have the duty to say something and to make them fix.
02:33My story with India started with the official Adar mobile application.
02:39This application was just a total nightmare in terms of security, so I tweeted about it.
02:58When you lost the power on your data, you don't know how your data has been exploited.
03:06Typically, with very few personal data, we can create a profile of yourself, find what you love, find all your relationships.
03:21I can target you with specific news, with specific content on the internet.
03:28I can try to sell you specific things.
03:31And your life will be totally different because I will have an automatic way to profile you and to target you.
03:51I can target you with specific news, specific content on the internet.
03:57I can try to sell you specific things.
04:01And your life will be totally different because I will have an automatic way to profile you and to target you.
04:09I can target you with specific news, specific content on the internet.
04:17I saw someone subscribe my email to a lot of newsletters.
04:22I received hundreds and hundreds of emails at the same time.
04:28This is a very small attack and it doesn't really matter.
04:32A lot of people tried to reset my password on Twitter.
04:36My bank account had been attacked once, but it was okay.
04:42Someone went to my home once also.
04:47It was a good protection to be public and to be in the press and say,
05:01okay, I'm not hiding, I have nothing to hide and I'm really here for good things and to make positive things.
05:09It's good to have a public face to the hacking world and to the hacker stereotype.
05:16A hacker is a normal person.
05:19If you want to raise awareness on one topic, you need to be public.
05:24It's super complicated to be anonymous and to say to people,
05:28okay, cybersecurity is important, blah, blah, blah.
05:31They want to have a face.
05:33I mean, this is human nature.
05:37When you have a pop-up on the website, read what you have in the pop-up.
05:45You don't have to accept everything.
05:48In general, you can deny the privacy policy pop-up and the website will work.
05:55So it's fine, decline it.
05:57It's not because a website is asking you something that you have to tell the truth.
06:03If a website is asking you your name, your address, and in reality the service doesn't need your address,
06:10you don't have to give it to them.
06:14So just write something random and it will be okay.
06:27Hacking something is trying to understand how a system is working.
06:31You want to find the limitation, abuse the system in order to find another use of the system.
06:38As an ethical hacker, you want to find this limitation, to find the ways to abuse the system
06:47and to disclose that to the owner of the system.
06:50I think my hacking journey started by trying to understand how watches were working.
06:58I was 12 years old and I received a lot of watches in newspapers or this kind of magazine.
07:06All the time I was trying to understand how this watch was working
07:13and I decided to dismantle everything.
07:20For me, being a hacker is not a computer thing at all.
07:24Hacking is really... you have another view of the world.