My name is Pablo Sole, and I’m VP of Research at Avast Mobile Enterprise.
Think of me as the Chief Hacker.
I'm writing this because today we are launching Avast’s App Triage Program, a service in which my team will take apart mobile apps to identify security flaws. In many ways, the launch of this service feels like I’ve come full circle since the days of my youth in Cordoba, Argentina. It was there that I started hacking when I was 10 years old.
I wrote my first virus at 12, and now, some 20 years later, you might think I’d feel a little bit sheepish about my past. But in fact, I am quite proud of those experiences — I still think of myself as a hacker at heart.
A Hacker at Heart
I would have been considered a Black Hat hacker back in the day, but you have to remember that was long before the real Black Hats transformed hacking from a low-grade nuisance to serious criminal enterprise. I had been interested in computers since I was 6, and was driven by curiosity to discover how to push computing and network limits. It was also exciting, to meet likeminded people and, most of all, to learn.
Of course, there was that time I infected my school with my first virus. It contained a payload designed to crash all of our school computers at exactly the time my class was scheduled to use the computer lab. We got a recess instead, just as I’d hoped.
Mostly, I relished my time at the keyboard. I remember the day I discovered the phone number of a dial-up bulletin board (the internet was still a relatively small, and unfortunately unreachable, network). The board contained a collection of viruses and magazines about hacking. This was a huge revelation. It propelled my “career” forward.
As I sharpened my skills, I sometimes joined organized teams to penetrate fortified organizations. It was incredible knowing we could beat some of the best security teams on the planet. We’d access their networks, read their files, and, basically, become their shadow ITs — just to prove that we could.
But even at such a young age, I knew I shouldn't use any of the materials I had access to. I understood that doing so would make it real — it would break the barrier of virtual and real life.
Of course, I knew hackers who didn’t draw that line, particularly when it came to the easy money of stolen credit cards. I listened to them brag about all the free stuff they could get with other people’s money. Theorizing about setting up elaborate proxy networks and employing “mules” to deliver stolen merchandise.
It wasn’t about the money for me. Hacking was – and still is – about learning. I saw how others lost sight of this once the money started rolling in. I truly believe I wouldn’t know half the things I’ve learned over the years, and certainly wouldn’t be where I am now, if I’d gone for the money.
I Would Have Stopped Exploring
After years of hacking for fun, I parlayed my computer skills into real work. I got my first job as an IT administrator for an accounting firm when I was 16. A year later I built an internet service provider from scratch with my brother for a small, rural municipality close to my city. And when I was 23, I landed my first security gig writing exploits and performing penetration tests on clients’ systems, a role that fulfilled my hacker need to explore and learn.
I’ve been in the security business for 10 years, at least professionally, and my career has opened up opportunities and taken me to places I could scarcely have imagined as a young boy in Argentina. And it pains me that the term “hacking” has these days taken on sinister connotations — at least as far as the general public is concerned.
The Wrong Question
Someone recently asked me if and how I’d ever try to explain my hacking experiences to my now-7-year-old son.
This was the wrong question as far as I was concerned.
I would not only tell my son everything, I’d encourage him to pursue the same path if interested. After all, the hacker spirit is one of curiosity. I’d tell him to study hard and read everything he could get his hands on, from washing machine manuals to computer texts. I’d encourage him to reach out to other likeminded hackers, explore the digital landscape and improve his skills.
Most of all, I’d caution him strongly about the dark side of hacking. There are plenty of shadowy players on the darknet who pay good money for exploits, but hacking for financial gain – even if it’s just a few dollars – is a slippery slope from which there may be no return.
Let's Get Hacking
So for this new program, App Triage, we offer to expose your app to a team of hackers that will make an earnest effort to learn about, dig into, and take apart your app. The difference is that this time you get dibs on the report.
Let us explore your app before another hacker does (rest assured, somebody will).