When the WannaCrypt ransomware infected users across the world a week ago, researchers were still figuring out a way to crack it. Aside from a Windows patch to prevent users from contracting the malware, there was no known way to help those already infected by the malicious software.
Then, along came MalwareTech, a British security researcher who managed to accidentally halt the malware¡¯s progress across the world. In a Reddit AMA (Ask Me Anything) yesterday, he attempted to field questions on a few security practices, his opinions n the event, and future plans. Here are some of the highlights, as posted.
1) How did you get started in this world?
I got started through programming and [developed] an interest in the inner workings of malware. To get started in reverse engineering I'd recommend learning assembly and reading some books / blog posts from known reverse engineers (most of what i learned comes from just reading random blog posts and some trial and error).
2) What are some good resources or ways to learn about cyber security?
For cyber security in general I'd honestly say Twitter. Find out who the major players are in the part of the security industry you're interested in and follow em. You will learn so much just by reading all the writeups others tweet (you can use Google, but [with] Twitter you will always know when and where something new is happening). Look through the list of people I follow on Twitter and pick out the ones you think are best.
3) Any advice for someone looking to avoid being doxxed? Asking for a friend. [Doxxing is when the real life identity and/or address and contact details of an online persona are revealed against their wishes]
Simply put; If you want to be truly never found you can't share any personal stuff about you online, you need total separation of your real life and online identity (including avoiding any use of your real name and address for online services, including billing). Honestly it's not fun and not worth it unless you've actually got something to hide. Initially I lost out on many job offers because I wasn't comfortable publicly linking my online identity to my real one.
4) How did you get into ethical hacking and security and what books did you use?
Technically I'm not an ethical hacker but a malware researcher (I consider ethical hacking to be more the pentester route). I got into it through programming and a fascination with how malware works.
Books I'd recommend to get started: Practical Reverse Engineering. You should also look into python books (python is great for automating tasks) and Assembly (you'll need x86_64 for reversing on Windows/Linux and a form of ARM or MIPS for "embedded" devices).
As others have pointed out, practical reverse engineering won't help if you're a general beginner not a beginner reverse engineer. If you're not coming from a programming background then knowing ASM is a must and C is always helpful. You should be able to engineer software before trying to reverse engineer it
5) What have you learned from malware about programming that general programmers would do well to learn from?
Generally how not to code. Most malware developers seem to have learned programming from writing malware, so they fall for all the gotchas and make some absolutely horrible mistakes
6) Third-party Windows anti-virus software causes more harm than good, claims ex-Mozilla engineer Robert O'Callahan ¡ª do you agree? If not, what would you recommend for non-technical Windows users?
Some AVs cause problems, most do things they really shouldn't (code injection into browsers), but the free version of Windows Defender (not the enterprise one, which is crazy good) is pretty much the equivalent of trying to bail out a sinking ship with a colander. Personally I'd recommend one of the better rated third party AVs, unless you're actually worried about governments / criminal APT groups writing zero-days [previously undiscovered vulnerabilities in a software] to exploit your AV.
7) Windows XP has been blamed for leaving NHS [UK National Health Service] computers vulnerable to WannaCry. Is the simple answer correct, that if they were running more modern OSs (eg Win 7 or Win 10) then they would have been unaffected?
According to multiple analysts I've spoken to, the malware actually fails on XP (haven't had time to check myself yet), so that would suggest unpatched newer systems were to blame.
8) I'm sure it's been a whirlwind of publicity and lack of privacy since you assisted with the WCRY takedown. Despite the hassles, what is the best thing that you've taken away from this experience?
I've always wanted to do educational videos and possibly conference talks, but until i got dragged out into the spotlight I wasn't confident enough to make the leap from being anonymous. Now that my identity has become public, I feel more confident to give it a go as it's a much smaller jump to make.
9) What has been the oddest corporate offering you've been given. I spotted the free t-shirts and pizzas, anything else ?
I think free pizzas was probably the weirdest, though I did get offered my own radio show which was interesting.
10) Aren't you afraid that the WannaCry hackers will want retribution?
Nah, you quickly learn not to worry about things you can't control or you worry all the time.
11) If you could go back in time, would you register the domain again?
Yes. I think in hindsight knowing the damage caused by this malware would make me more likely to do it, even knowing the personal consequences.