Greetings, reader! I want to talk about my former life as a blackhat hacker because it never makes any sense. Many of my rampant hacking campaigns focused on breaking into big servers across several industries but not on seizing the networks by the throat and forcing them to their knees.
I think someone once said, “Your story is a collection of ‘almost did big things.’” This is true for me because I always knew when to pull back. I was driven to maintain control over my hacking operations and my operators. If I couldn’t guarantee control over the outcome, I didn’t like to meddle with it.
Whereas the statute of limitations for these prosecutable confessions has long since expired, and the FBI is already well aware of them, I want to share some true stories. I believe it’s important to talk about these things since readers deserve a clearer understanding of the hacking landscape, the psychology, the choices, and the consequences behind it all.
We’re living in a time when hackers and script kiddies don’t hold back because, for them, results are the ultimate euphoria. I’ve walked the line between exploration and destruction, both accidental and deliberate, just to watch the world burn.
This is about knowing when to pull back – when to let go of the joy ride rather than being controlled by thrills. I came to learn that some vulnerabilities simply do not need to be exploited just because they can be. Therefore, these are true stories that illustrate the importance of control, consequence, and restraint in hacking.
Because sometimes, crossing a line isn’t a revolutionary act or even worthy of Lulz – it’s reckless and malicious. This is coming from someone who was once controlled by chasing thrills while having a whimsical moral compass. Moreover, I started to understand my actions as a hacker after seeing some of my victims and learning how the attacks personally affected them.
After all, behind every device is a person.
Satellite hacking
In 2008, a friend and I broke into an Internet Service Provider (ISP) by exploiting weak access controls on their Remote Desktop Protocol (RDP) server. That’s just a fancy way of saying that we guessed the password since the password was the same as the username.
My job was to see if any users were online and then establish persistence. Once you logged into the machine and accessed the user desktop, the first thing you saw was Network Management Software (NMS), which the ISP used for monitoring and managing their satellite communication systems.
After taking a look at the software and learning about what it was managing, we discovered that some of the devices it listed included HN7000S and DW7000 series terminals, which are satellite modems often used in satellite broadband services.
We’re living in a time when hackers and script kiddies don’t hold back because, for them, results are the ultimate euphoria. I’ve walked the line between exploration and destruction, both accidental and deliberate, just to watch the world burn.
We realized that we could monitor Very Small Aperture Terminal (VSAT) satellite communications. VSATs communicate with satellites and operate as two-way systems, sending and receiving data to and from space. This makes them effective remote terminals, allowing users to connect to the internet or private networks via satellite.
This discovery came at a time when we were actively searching for systems to deploy our botnet on in preparation for our group’s annual holiday, celebrated on July 4th, called Devil’s Night. But as we learned more about the system, it dawned on us that this was exactly the kind of network Chinese state actors would target: a data superhighway used by businesses, government entities, and everyday users alike.
At the same time, it was clear there were too many variables that could go wrong since neither of us had experience with systems like this, so we opted for a more familiar method of spreading malware: infecting popular games and distributing them over peer-to-peer networks.
In the end, we simply decided to use the machine for file hosting to stash our warez.
Bank hacking attack party
Back in the early 2000s, many banks and financial institutions during the Windows XP era still relied on Telnet or other terminal-based protocols for managing internal systems. These often included connections to mainframes or midrange systems, with core banking operations typically accessed over the 3270 protocol.
If you’re familiar with Telnet, then you know it transmits everything in plaintext. Nothing is encrypted or protected in any way. We’re talking about financial institutions relying on a vulnerable protocol that was already considered obsolete back then, and some still rely on it today.
My friends and I were invited in on this attack party within the Security Operations Center (SOC), monitoring bank networks through Telnet. People don’t believe me when I say I’ve never been motivated by money. I’ve been offered up to a million dollars for insider trading, but money isn’t my language. Yet, here we were.
Credentials were passed around, and we started poking around, not entirely sure why we’d been invited to observe and watch the network. We were logged into an active administrator's account at a Security Operations Center (SOC), which meant they were supposed to be monitoring the network for security incidents.
The SOC was physically located inside the bank’s own data center and not remote. This means we could take the entire network based on the elevated credentials we had.
I was instructed to run tcpdump since it was installed on the host machine. How were none of us detected and booted from the server? The answer lay squarely in our ability to capture raw packets.
The simple answer? The system administrator was unaware of our presence because they were busy surfing the web and downloading a disturbing amount of adult content. This made us laugh uncontrollably. But instead of teaching them a lesson, we left the network the way we found it.
Was the money FDIC insured? Yes. Would it have impacted customers if we stole it anyway? Absolutely. Consider the system we live in: the hours of our lives handed over in economic bondage, where our time is exchanged for currency just so we can spend the rest of our lives chasing some semblance of comfort and happiness. People feed their families with those earnings. They pay time-sensitive debts.
Even from the unethical chaos of my youth, I have never been motivated by money.
Bricking 100,000 modems and breaking the internet
In 2009, a friend and I did something universally stupid in what became one of the most infamous real-world applications of permanent denial-of-service (PDoS) attacks called Phlashing. It caused over 100,000 DSL modems to brick across Brazil, rendering them inoperable.
This is an unusual term because attacks like these are extremely uncommon. In a nutshell, this attack allows an attacker to overwrite a modem’s firmware by injecting a malformed image, rendering the device useless. This wasn’t part of the plan, though. We wanted to see if we could roll out a custom firmware that could essentially turn the devices into zombies for our botnet.
You see, phlashing usually implies corrupting or bricking firmware with malicious intent. However, the same attack vector could be used to flash a completely functional but malicious firmware. This meant we could use these devices to distribute attacks.
It was an experiment.
Unlike regular DDoS attacks, which are temporary because they normally stop after a while, phlashing causes irreversible damage where the device can’t be reflashed or repaired.
In 2009, a friend and I did something universally stupid in what became one of the most infamous real-world applications of permanent denial-of-service (PDoS) attacks called Phlashing. It caused over 100,000 DSL modems to brick across Brazil, rendering them inoperable.
We automated the mass exploitation of modems on a grand scale using a Python script my friend wrote to handle every phase of the attack. There’s a lot more to this story, and we had to do a lot of research to pull it off.
The gist of it is this: We understood that the attack would corrupt the firmware and brick the devices, so we attempted to modify the existing firmware. Well, the experiment failed, resulting in widespread corruption.
Neither of us knew the device's hardware architecture, nor were we familiar with the original firmware structure. We also had no experience crafting, modifying, or writing custom firmware. We only knew we wanted to establish remote persistence on the devices.
Since we didn’t witness the fallout firsthand, we just finished the attack, thought it was cool we pulled it off in spite of the modems bricking anyway, and moved on to something else, quickly forgetting we ever did this.
Consequences never entered our minds. The thrill was over, and we forgot we ever did it because, at the end of the day, we had zero accountability as we walked away from a cyberattack that disrupted the lives of over 100,000 individuals for no apparent reason.
Unpacking the mindset of “laughing at your security”
One of the knee-jerk reactions hackers often have is this: if something can be exploited, then it should be, which is framed as a twisted matter of principle, a way to teach users and admins a lesson for having a bad security posture.
However, this way of thinking literally assumes that exploitation, by default, is a justified response to a system’s weakness or a user’s lack of understanding, as if finding a vulnerability is an open invitation to abuse it for the sake of teaching that valuable lesson.
This moral rationalization shifts the blame entirely onto the victim for being unprepared rather than accepting responsibility for the decision to harm them for it. If you were to strip it down to a black-and-white, raw truth, the lesson masquerades as a form of activism or education that says, “I’m teaching them a lesson because they deserve it.”
However, in reality, it is about ego, exerting dominance, or proving superiority and chasing thrills.
I’ve been the bad guy before. I once firmly believed that if I could break in, you deserved what was coming. But to teach a lesson implies you want someone to improve their security posture, but that’s just the lie we tell ourselves. There’s no follow-up, no constructive dialogue, no guidance, just destruction thinly veiled as justified.
Exploiting a flaw doesn’t automatically make you right – it just makes you capable.
Having the capability without restraint isn’t power.
Your email address will not be published. Required fields are markedmarked