Guccifer spoke in London tonight!
Here is the full story on
Forbes online
The excerpted text is as follows (to save a click):
"Hello everyone. This is Guccifer 2.0. I’m sure you know me because my name is in the conference program list. As I see it, this is the place to
discuss cyber security and cyber threats. And may be to propose some solutions.
Let’s figure out who poses the real threat to begin with. Cyber security firms are quick to blame hackers for their activity. Yeah, they cause a lot
of troubles for business and politics.
But, who poses a real cyber threat? What do you think? Is it Guccifer? Or Snowden? Or Assange? Or Lazar?
No.
It seems obvious. It’s plain as day you would say. But still my answer is no.
Large IT companies pose a real cyber threat nowadays. You may perfectly know some of them or may not. But their responsibility for the future of our
world is growing from day to day. And I will explain to you why.
So. What’s wrong with large IT companies?
First. On their way to a global progress and big money they are collecting users’ personal data, which is the same as spying on people, because many
of us don’t even realise they track us online and collect our info. Companies store these data making it vulnerable for leaks.
Second. They create conditions that make people store their info in cloud services. It seems convenient but it’s extremely vulnerable because it’s
thousand times easier to steal the data from the cloud than from a personal cell phone for instance.
The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development
cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of
bugs and holes.
Fourth. It’s well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication
systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level.
They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn’t mean
they will produce better software. That means they will get even more money in return.
Fifth. This is censorship. For example Twitter censors unwelcome users. I can judge it by myself here. You can see how Guccifer 2 hashtag unnaturally
abruptly stops trending. It seems impossible that all Twitter users just stop twitting about Guccifer 2 leaks, in a moment. That’s why people
started Guccifer 3, 4, 5 hashtags to avoid censorship. People also told me their twits were not shown in the Twitter live wall unlike to their
account’s wall.
So, the cyber aggressiveness is progressing nowadays. The number of cyber attacks is steadily growing. What’s the reason? What’s wrong with the
cyber defense?
Well. they take wrong measures. They search for cyber criminals, sentence them. But two more hackers appear instead of one convicted. The real problem
is inside. This is just the same as in offline world. This is not enough to prosecute criminals. It requires preventive measures, to fight criminality
by elimination of the possibility of crime.
So, what’s the right question we should ask about cyber crime?
Who hacked a system?
Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me?
How I hacked the DNC???
Now you know this is a wrong question. Who made it possible, that I hacked into the DNC? This is the question. And I suppose, you already know the
answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach.
Their software is full of holes. And you knew about it even before I came on stage.
You may remember Josh Uretsky, the national data director for Sander’s presidential campaign. He was fired in December, 2015 after improperly
accessing proprietary data in the DNC system. As it was agreed, he was intentionally searching for voter information belonging to other campaigns.
However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN’s raw software which had holes
and errors in the code. And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on
its server which they have plenty of. #! Yeah?
This scheme shows how NGP VAN is incorporated in the DNC infrastructure. It’s for detailed examination, if you are interested. And here are a couple
of NGP VAN’s documents from their network. If you r interested in their internal documents, you can have them via the link on the screen. The
password is usual. It’s also on the screen. You may also ask the conference producers for them later.
So, as you see there’s no need to breach into separate users accounts or separate systems. You just need to hack their tech company. This is the
feature.
Big IT companies lead us to a disaster. In their pursuit for money they release raw software, so their clients are highly vulnerable. It became usual
to blame everything on hackers while IT companies just pretend they are working hard to patch bugs and to plug holes. And they even ask for more and
more money to correct their own mistakes.
As a result they pose a threat to the critical infrastructure elements and the national security as a whole. Total computerization along with
inadequate software development may cause a lot of troubles. That’s why it’s better to use paper sometimes.
We should start now to prevent electronic apocalypse and rise of the machines in the future. Or else it would be too late. As the financial
corporations are ruling the world now so the IT companies will rule it in the near future.
What should we do?
You would tell me I could report a bug to the company as it’s commonly done. What do you think they would answer me? Thanks? Or this is not crucial?
Or maybe they would even give me some money. Yeah. But what could it change?
Nothing. Yeah. Really. Nothing at all.
We need to shake the situation, to make our voices sound. Yeah, I know if they find me I’m doomed to live like Assange, Snowden, Manning or Lazar.
In exile or in prison.
But it’s worth it for they are the heroes, heroes of new era.
Thanks for ur attention
See you online!"
--------------------------------------------------
(almost like a "Kevin Mitnik Manifesto"!