Alright. If you have been following the Full-disclosure mailing list, you have probably stumbled across several emails which claim that one of my GMail accounts have been compromised. That is right. It did happen but I am not that surprised since I’ve been expecting it ever since I started doing security.
Why I am not pissed? Ever since I’ve stepped in the position of a public figure with the GNUCITIZEN blog and the numerous speaking engagements and other things around those, I have never hidden any information regarding my work and personal life. I have always tried to be honest with you about the things I do and care about. As a side note: I realize it it impossible to satisfy everyone in the community, so those of you, who have some personal issues regarding the blogs I write, can simply stop following my work. The posted details are not a threat to me as they are very much outdated and irrelevant. I am quite surprised that from all the information out there, my private life is considered as the most valuable and interesting one. I would say that it is as useful as some tabloid junk. Funny enough only the name of my wife is correct :) sort off since she is now married to me.
I would also like to thank the attackers for putting me on the spotlight. As people say, every crisis is an opportunity and I will take it as such. Now is better time then ever to raise some serious questions to the information security community and our industry in general and perhaps change direction.
The problems in the Information Technology field are many and this particular case is a living proof for that. It is not a problem that my GMail inbox has been compromised. It is a problem that this can happen to anyone. Even doctors can catch viruses, right? I have never seen a network, application or website that did not surrender after persistent poking. I’ve always said that hacking is not about skill set. It is mostly about dedication, patience and a lot of motivation. These elements speak a lot about the personal characteristics of the attacker. Tackling today’s e-crime industry is a very, very hard challenge because it is not knowledge of technology that is the problem but our human nature which is easily corruptible by less controllable factors in our societies.
Here is the time to state that I am taking a full responsibility of what has happened and I am going to fully collaborate with the legal authorities regarding this matter. I was ensured that the problem can be easily resolved, since the attackers made many amateurs mistakes. I will let you know more as soon as I get an official confirmation.
In the meanwhile, I hope that everyone had as good time at Black Hat and Defcon as I had. Adrian has prepared a smoking post coming next and I will upload my updated slides soon.