It's time for another Stories From Cybersecurity piece!
Alberto Hill is a talented cybersecurity enthusiast and Infosec professional in Uruguay. In simple terms, he can be considered a white hat hacker, the reverse of black hats, the ones known to break into computers and steal money or information. However, to the general public, a hacker is a hacker. The same goes for the Uruguay authorities responsible for wrongfully putting Alberto behind bars for 8 months.
Alberto had everything going for him. But then everything went against him, thanks to his own tools of the trade, some of which were suspicious and questionable, that became damning evidence. In 2014, Alberto responsibly alerted a medical provider in Uruguay that they had a severe problem with their security after poking into it when his girlfriend requested him for her medical information. He even alerted the Uruguayan CERT.
However, years later another individual hacked into the same website, stole information and threatened to reveal sensitive medical records in exchange for bitcoin. The authorities had two suspects, an unknown and Alberto. Thanks to his equipment and some questionable items, plus an admission taken through intimidation, Alberto was put behind bars for 8 months charged not with cybercrime, but with attempted extortion. But Alberto had the honor of becoming Uruguay’s first jailed hacker. Here’s part of an interview conducted with Alberto.
How did you start in IT and how did you get to where you are in your career today?
Alberto: “I had my first computer when I was about 10 years old. A Sinclair spectrum plus with 48kb of RAM. At that moment I knew that my future was going to be related to computers. I can say that my first hack was when I was 14, I learnt some basic assembler and started playing modified games.
I managed to alter a soccer game named ‘Emilio Butragueño’ and I sent the hack to a Spanish magazine and they published it. That was really cool. Then I took some courses in basic and kept learning by myself about assembler.”
“I went to university and I have a degree as a computer engineer, but there I did not learnt anything about security or hacking, I had to learn everything on my own, reading, investigating, and my love for that along with a lot of curiosity and patience gave me lots of knowledge you could not had learnt in college.
I graduated in 2003 and all my jobs were in the field of information security, working in computer forensics, auditory, Information security consultant, etc. I got some international certifications, but again, the most I learnt was not from formal education.”
What are you most proud of in your career?
Alberto: “Well, I lived in an extreme situation that took me to prison for a computer related crime I did not commit, and that changed my life forever. After being released, my story was part of the podcast Darknet Diaries and reached about 200k people by now, and I got the support from so many people, many of them telling me that my story inspired them, so, I felt that all the pain and damage caused to me by the situation, if inspired one person, maybe was worth it. I am proud of being respected in the field and the community.”
What do you think are the biggest cybersecurity threats we are facing right now?
Alberto: “Organized crime that is structured as enterprises, with clear business models with highly skilled people making a lot of money from computer crimes are a real threat now. Another one is the governments financed hacking activities that are happening now, and the next war will not be with guns, it is happening now and it's all about zeros and ones, and virtually unlimited budgets to support that.”
What types of resources have you found most useful for learning security? (Videos, courses, blogs, qualifications)
Alberto: “All what you mention, videos, courses, blogs, certifications, but the willingness to learn, and curiosity and patience makes the difference. You must love what you do in this field or you will just be an average cybersecurity professional.”
The answer to the third question was actually based on a harrowing experience for Alberto while he was in prison, similar to him having a Hank Pym/Scott Lang moment with some businessman who recognized his talents. The man, who allegedly owned several companies wanted Alberto to hack into a bank for a certain amount of money.
Alberto said no but the fact that man was stalking him and the possibility that the crime will still be pinned on him whether he committed it or not put him under extreme anxiety that he overdosed on Xanax and almost died. Alberto’s whole prison ordeal was eventually cleared and because of Uruguay’s inept cybersecurity law enforcement, Alberto decided to share his story in Darknet Diaries, to write a book about his life and ordeal and help in crafting legislation to prevent the same thing to happen to someone else.