Interview with RaT, the High Council President of SOLDIERX
Last January, I wrote an article about the SOLDIERX Hacker Database entitled Welcome to the World's Largest Public Hacker Database which was about some of HDB's hacker or security profiles, interesting resources and its significance to the OSINT (Open Source Intelligence) community. I received both criticisms and praises about my article so I decided to make another one by interviewing RaT, the High Council President of SOLDIERX, in order to clear up some misconceptions and to know more about SOLDIERX.
FREE role-guided training plans
RaT has been with SOLDIERX since its formation in 1997, when Clinton H. Weir (Kefka/Ordune/Shto) founded it as an RPG group known as "SOLDIER." RaT was then appointed as the President of the group and RPGMaster as its Vice President. More detailed information about SOLDIERX's history can be found on this link which contains the evolution of the "SOLDIER" group to "SOLDIERX," plus RaT's adventures and misadventures. He has also written an interesting Hacker Manifesto entitled 'Updated Hacker Manifesto (The Conscience of a Real Hacker)' and I think it is a very interesting read!
RaT is also known for originally cracking the Geek Squad MRI since version 4.8.1 and for coding a tool called Agent Steal, which was written as an apology to Geek Squad for cracking their MRI.
In this interview, RaT shares with us some of his exclusive stories, so sit back and relax...
What is the role of a High Council President in SOLDIERX or what do you usually do?
"My role mostly consists of guiding SOLDIERX in the direction that I think it should be going. I also spend a great deal of time assisting and brainstorming with members of the crew. When I'm not spending time with the crew, I'm generally doing some kind of work with the web server in order to improve site performance. I'm also the primary point of contact for the site, so I usually spend about 1-2 hours a day responding to emails."
As the president of SOLDIERX, what are the big challenges you usually encounter?
"The largest challenge is trying to find talented people and getting them to do work for free. While hackers are largely driven by passion, the security industry is so lucrative that it's often very difficult to get people to produce for SOLDIERX. I would say the second largest challenge is trying to keep track of everything and keep things organized. I'm looking forward to reducing my responsibilities to alleviate some of my time constraints."
The Geek Squad knows the SOLDIERX Crew for cracking their MRI. Can you share why you cracked their MRI and what are the things you discovered from Best Buy's Geek Squad?
"This has a bit of interesting history back to around 2007-2008 when Durandal was working for Geek Squad as an Agent. He shared a good deal of information that indicated that Best Buy employees were not only ripping off customers, but also harvesting interesting user data (such as nude photos). One of the most interesting stories involved a Geek Squad Agent stalking a customer using information that he found on her personal computer. If you want a good laugh, search for "soldierx" on their private forums.
"Back to the first part of the question, we cracked their MRI at Durandal's request. After he went into detail about the corruption that was going on within Best Buy and Geek Squad, we felt cracking the software and releasing it for free was the right thing to do."
Can you explain the philosophy behind the slogan 'Nobody Can Stop Information Insemination'? Do you have proposed plans and projects to promote information insemination?
"This is actually a throwback to hackers.com in the 90s (their token phrase was "Information Insemination"). I used to talk a great deal with Hyper Viper and had a great deal of respect for him and the rest of the HDC crew. With his permission, we coined the "Nobody Can Stop Information Insemination" slogan to further their ideas of sharing security information freely (even in the presence of hostile government or other oppressors).
"My plans are always based on the capabilities and information that I have at the time. The only constant is that I will continue to push for a community full of free educational resources. At the moment, I'm hoping that the HDB continues to grow and be recognized as the best open source intelligence resource for profiling various individuals in the security or hacking community."
Do you think we will have a State-segregated Internet?
"I don't personally think we will. I am of course opposed to this and hope that the security community at large continues to oppose this. In the case that we did have a State segregated Internet, I would hope that hackers would rise to the challenge and come up with innovative ways to get around restrictions and control."
I read in the SOLDIERX History that you went on a hacking spree and compromised many servers but was brought down by the feds in August 1999. What were the lessons you learned after the takedown? Did you ever regret what you did?
"I learned a great deal about covering your tracks. At that point in time in the 90s, I was using proxies but not much network encryption (such was the standard in the 90s). Long story short, I was caught because I had become a beta tester in my area for high speed Internet (most everybody was using dial-up at this point) and didn't realize that my traffic was being monitored by my ISP. Without encryption, my proxies ended up being useless as the ISP sent my information over to the FBI and I was arrested shortly after.
"Another lesson I learned with this is that the justice system doesn't really do much to help people. Aside from the hacking, I was a fairly decent kid. I ended up being sent to a facility with a bunch of gang bangers who I ended up teaching credit card fraud to in order to get their respect. I could probably write a book on this topic, but what I'm getting at is that you come out much more criminal than you were when you went in.
"I regretted the hacking during my punishment for sure. I was very scared that it would negatively affect me later on in life, but luckily it didn't due to me being a minor. Hacking is a tough one because in many cases it's hard for you to see where you hurt anybody. In my case, I was mostly just gathering files from various places (such as DISA) to build my ego. I did end up doing one web defacement and I see that as being very immature or lame. I definitely regret the web defacement, as I think you're definitely causing damage at the point that you tamper with things."
The SOLDIERX HDB is the largest public hacker database in the net; what made SOLDIERX initiate such a project?
"I've been involved in hacking or security for a very long time. As a result, I've known a number of individuals and groups throughout the years. I became upset when some of the newer hackers didn't know who some of the older hackers were. I decided that a database of hackers would be a great way to preserve the history. It's also a nice way to look somebody up if they give you their name or handle and you want to know their reputation. It took a lot of scouting and coaxing to get people to help me with building it. Luckily, we were able to get a few key people (such as our current curator) and became the largest public hacker database within our first year of hard work."
The SOLDIERX HDB has been highly acclaimed and, at the same time, badly criticized by some information security professionals, whitehats, and blackhat hackers - what can you say about these critics?
"Honestly, most of the critics have been prima-donnas like Christopher Thompson (aka Space Rogue) who are for some reason upset that the HDB article on them doesn't coincide with their own over inflated sense of self importance. If you look at these critics, you will find evidence that most (if not all) have very large egos. In the case of Christopher, I've seen cases where he has bashed a document for putting the limelight on a member of l0pht that wasn't him.
"All reasons aside, my only real issue with the critics is that they refuse to offer constructive criticism. They'll say the HDB is inaccurate - but refuse to give any concrete examples. We really strive for accuracy, so we're always looking to improve the HDB. We can't fix mistakes if we don't know about them. As I've said before, we don't have a monetary budget or a network of snitches like the FBI does. We're doing the best we can with the resources we have.
"For anybody reading this, we are always looking for more help on the HDB. If you see something that is wrong or missing - please contact our HDB curator (scryptz0@soldierx.com)."
Would you like to share more of your stories about SOLDIERX or some explanations perhaps on some of the misconceptions about your community?
"It's always tricky to figure out what can be shared without attracting the wrong kind of attention. As far as misconceptions go, I would say the only one I would like to clear up is why we do what we do. We do not do it for money, we do not do it for fame or attention, we do it because we are driven to do it. We love hacking, building, teaching, etc. SOLDIERX is a project of passion. Anything that contradicts that is a misconception.
"Now, I'll tell a very, very short story. One of my favorites was when some key members of SOLDIERX crashed an iDefense party by bringing Stephen Watt (going by Unix Terrorist at the time) and a few other members of pr0j3kt m4yh3m to the event. Without giving out any identifying information, this was able to happen because one of the members of SX was invited to the iDefense party with the ability to bring guests. By the end of the night, our group of miscreants were behind the bar (at the private suite party following the main party) selling iDefense their own alcohol back to them. There were other awesome things that took place there, such as an all-access card to the Hard Rock getting swiped and cisc0ninja trying to fight club with UT. I'll let you figure out the rest of the details in order to protect the guilty ;-)"
FREE role-guided training plans
In this Series
- Interview with RaT, the High Council President of SOLDIERX
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
