Hashim Shafiq a Young Hacker and Security Researcher of Pakistan. He is 19 years old and student of BSCS. He is the administrator of Muslim Cyber Sh3llz, it’s an underground hacking group. He is also known as “Sil3nt Hack3r”. Hashim is the author of “Breaching the Security”. I am so much thankful to him for this interview; he exposed many secrets of hacking. I hope this interview will be helpful for you.
Q: How did you join the field of Hacking? Who helped in learning hacking?
Ans: I am interested in different type of creative activities from my childhood and also interested in computer science. But at that time I just play games on computer. When I was in 9th class I selected computer science as major subject and then came to know that there is a field in computer science which is very interesting and creative and that field is called Hacking. I started hacking from 9th grade. I am telling you 100% true that no one help you in this field. Same happened with me. When I asked someone to help then they said we don’t know anything about hacking. I read books about hacking and watch tutorials on YouTube and learn from there. I think Google is the best teacher. No one helped me in this field. I am totally dependent on myself and the stage where I am is the result of my hard work in hacking.
Q: In how many Cyber Attacks you are involved? Why you decided to leave Blackhat Hacking and joining Whitehat Hackers?
Ans: Our group Muslim Cyber Sh3ll’z is involved in many high class cyber attacks and defacing many high class websites. When Muslim Cyber Sh3ll’z came into being, we were at 50th position on mirror-ma. But today our position is 17th in just only 1 year. We hacked many high class sites which are as follows:
1: Nepal Reliance hacked
3:White-hat security forum hacked (hacking the hacker 🙂 biggest achievement)
4: Bangladesh IFIC Bank website hacked
5: Nepal Law Commission Website hacked
6: Department of National Park and wildlife, Nepal website hacked
7: Ram gram Municipality Nepal website hacked
8: Ministry of Chittagong Hill Tract Affairs website hacked
9: Bangladesh National Commission for UNESCO website hacked
10: BPSC Departmental Examination Bangladesh website hacked
11: Bangladesh Cabinet Division website hacked
12: PIMPRI CHINCHWAD MUNICIPAL cooperation India website hacked
13: National E-Content repository hacked and MCS made access to Bangladesh A2I Program
14: Bangladesh News 24 website hacked
I think BLACK Hat hacking is totally time wasting and also very dangerous because as you know there are very strict rule in every country against cyber crime. So it may be possible that you invite trouble for yourself. As a white hat hacker you are eligible to break into the system without any risk of being caught by the local police or agencies. I could also make enough money if I find vulnerabilities. But Black hat hacking is also must to start a career as a professional white hat hacker. Most of the world’s best white hat hackers were black hat in early days of their life. So the importance of Black hat and white hat are linked with each other.
Q: How can a Hacker hack other’s Email? How a victim can protect himself?
Ans: Hmm… This is very common question in our society everyone wants to hack each other’s email addresses. But personally I think that the difficult job is to hack an email but not impossible. E-mail hacking is done in many ways but the most common is phishing attack and also social engineering. In phishing attack we create a clone of the website by copying the source code of the email site and create a fake site page by hosting these source codes on a free hosting server and then send the link to our victim and force him to open the URL and enter his/her username and password. When he enters the password and username and clicks on login button all information, the victim enters send to your account on free hosting server and booms. The second method is called social engineering. It does not depend on computer and any other tool, rather totally depends on human, both victim and the hacker. Every person in his life becomes fool at many stages of his life. In social engineering you have to make people fool by asking him to send his/her account details because our server data loss due to some reason and we are collecting the data from our customers. In this case you give your data to the hacker and he hack into your account. Many large security breaches of the world are done using these techniques. A hacker wrote a book on social engineering with the name “SOCIAL ENGINEERING-THE ART OF HUMAN DECEPTION”. He writes on the front cover of the book
“If you think you are the person who can’t be fool, then you are the person I would like to meet.”
Now you can feel the power of the social engineering. There are many other methods of hacking email accounts. We can protect our e-mail account from hackers by taking some precautions. We must use the mobile security code feature. If your friend knows your username and password still he cannot hack you account because when he logins, a security code is sent to your mobile and it must be entered to access the account. Do not click on the link which is sent from unknown source. Always check the link before opening it. Also do not make your password too short that it can be easily brute force. Also use the combination of both uppercase and lowercase letters and also use numbers and special characters to make your password a little bit complex. Do not use common words. These are few precautions that will help you in protecting your account.
Q: Suggest some methods to protect facebook account from hacking? What kind of facebook applications are used to hack facebook accout?
Ans: Some precautions to secure your facebook account are as follows
1: Do not click on any shorten link from unknown sources.
2: Enable HTTPS from your facebook control panel.
3: Enable login notification
4: Use trusted friend features of facebook
5: Enable login approval and add your mobile number for security code
6: If your mobile is Android then use APP Generator to receive your code and main feature of this app is that your security code change after 30 seconds.
Now come to second part of the question, believe me that there is no single software that hack a facebook account by just entering username. I want to tell the young generation that do not pay single rupees to such websites and such person which ask you that we hack facebook account, because no software can hack facebook account. If you search on Google you will find a lot of links, those are fake software. These are not software but just a malicious file or botnet through which the attacker is able to hack into your computer. So keep in mind that not a single software can hack the facebook password. There are some methods through which facebook account first compromised but now the facebook security teams patched facebook. Now there are very less chances to hack facebook accounts. I explained all the methods of facebook hacking in my book. Anyone interested in this topic can learn from there.
Q: What is most difficult task in Hacking and what is the easiest?
Ans: Hmm it is very difficult question. I think it totally depends on the hacker, its nature and the field in which he is interesting. As this question is directly towards me so I am interesting in Web Application hacking and reverse engineering. So I think reverse engineering is very difficult (totally my opinion) because you have to worked with binaries, assembly language, registers and CPU. I found web application pretesting quite interesting and upgrowing field. But now days I am doing reverse engineering to overcome difficulties I face in reverse engineering. In reverse engineering we reverse the software, means we make cracks and use the software without paying the cost of the software. As you know many software are paid and we have to pay to company before using the software. So we made cracks and use software freely. In web application we scan websites for different vulnerabilities like XSS, SQL Injection, LFI, RFI, command injection, and much more. If we found any of the above mentioned vulnerability on the website, we make ready ourselves for hacking it.
Q: Did you develop any software/tool related with hacking or you used any readymade tools?
Q: What are the weak points in a WiFi connection? How can we protect it from hacking?
Ans: Wi-Fi Hacking is also a very popular field of hacking and it is growing fast. The interesting thing in this field is that we cannot see our target. Because Wi-Fi signals are in the air and no one can see it. But it is now become easy to hack a wifi password. There are many methods to hack a wifi. Any hacker can sniff your wifi router for incoming and outgoing traffic and then by using this data can guess your key. There are many brilliant tool created by expert hacker for wifi hacking which can guess the key in just a few minutes. And also many people use default password and did not change even the SSID (unique identifier of your wifi) and any technical sound person know that if he did not change his SSID then also he did not change his password so this router is on default password. If a hacker connects to your network then he will easily penetrate into your network and cause a big damage. You can secure your wifi connection by changing the default SSID and default password. Make your password more complex and lengthy for any software or person to guess it. Not use common words. Use combination of letters, numbers and special characters. Hide your SSID for being broadcast. Many new routers have the ability to detect the computers connected to your network. Some tools also perform the same job for you. If you find some other computer connected to your network immediately change your password and SSID and restart the router.
Q: How a computer network is hacked?
Ans: I mention some methods in the previous question of how your network hacked. But here I mention other methods. The most common one is that a hacker create a malicious file and attach with a game file and send this file to you and ask you that you must play this game. When you double click the game, normally game runs but in the background the malicious program starts it’s working. The malicious program creates a backdoor and the hacker now easily hacked into your network. If you do not update your antivirus and also not installed OS update then your system is also vulnerable to some serious threats and if a hacker, while scanning a network find your OS vulnerable then he executes exploits and get access to your system and your network booms. You can save your computer by using latest antivirus software and updating regularly your antivirus. Also update your OS regularly because it patch your vulnerable files and make your system secure. Also do not install third party software because many of them contain malicious files. Before installing any software please scan it with latest antivirus and then install it. Turn off file and printing sharing in windows. Use lengthy and complex passwords. Update your software’s regularly because hackers try to find out bugs in most commonly using software’s.
Q: How many other groups of Hackers are active in Pakistan? How many members your group consist? How a new hacker can join a group?
Ans: Hacking passion is increasing day by day. Young generation is addicted in hacking. The reason for this craze is that all learning material is easily available on the internet you just have to Google for it. By using readymade tool, any technically sound person can break into your network or deface your site. There are many groups in PAKISTAN like madleets, Xploiters, Pakistan Cyber Army, The Hackers Army and much more. Here you must remember one thing that the above mentioned groups are defacers means they only hack websites. I did not mention any group for 1st or 2nd. I just want to see my group on the top that is the reasons we hack and hack. Our group Muslim Cyber Sh3ll’z consist of nearly 10 people. They all are from different countries including PAKISTAN, INDIA, BANGLADESH and SAUDIA-ARABIA. We intake new hackers by giving them some challenges. Challenges include to deface 30 sites with the name MCS and then email the mirrors of sites to us. Then we check and give some more challenges like SQLI. If a hacker passes all the challenges then we all welcome him to our group. Hackers from all the countries and from all the religions are welcome here.
Q: What is your future planning?
Ans: In future I want to become a professional hacker. I have a dream to work at big companies like FACEBOOK and MICROSOFT. I am now in University and doing Software Engineering. I did not mention the name of the university due to some risk. I also have plan to do CEH (Cerfified Ethical Hacker Course) from E-COUNCIL during my Engineering. I also wrote a book on hacking “Breaching the Security”. You can download it from my blog (http://geekstechnologypark.blogspot.com).
I will also write new books for beginners. I want to do PHD in Information Security. Pray for me that ALLAH will help me in my plans.
At the end I would like to quote one thing:
“Enjoy life by doing all the wrong things but in the right way”