The Grugq advised would-be hackers not to talk to the media. (AFP)
The Grugq, who is pale, balding, boyishly pudgy and was dressed in a black golf shirt and a zip-up black jersey, looked like he had just woken up. In fact, he was addressing a gathering of some of the biggest geeks in the country who had come to hear him speak about Opsec, Comsec, LulzSec, ACIDBITCHEZ, penetration, passive penetration, covert manipulation, adaptive denial and other high-tech computer security sorts of things – like the importance of hiding under a blanket while typing your password. He sprinkled his presentation with helpful suggestions on how not to have things go "tits up" or how not to "get fucked".
The Grugq also advised would-be hackers (at whom his discussion, subtitled "lessons in counterintelligence from history's underworld", seemed to be aimed) not to talk to the media.
The online brochure of the eighth annual ITWeb Security Summit, held at the Sandton Convention Centre this week, didn't include his photo or even give him a title.
But the Grugq broke his own code last year when he spoke to Forbes, who revealed that he's originally South African, is based in Bangkok, and arranges six-figure (US dollar) deals between government agencies and hackers for, the magazine wrote, "hacking techniques that take advantage of secret vulnerabilities in software", taking a 15% cut.
The Grugq was one of the speakers.
The others seemed to be more interested in telling you how to protect yourself from computer security threats like The Grugq.
Commercial espionage
It is a $100-billion industry. That's if you believe the estimates of the event's keynote speaker, Misha Glenny, the investigative journalist whose book DarkMarket: How Hackers became the New Mafia recently came out. Glenny, whose PowerPoint was much more impressive than The Grugq's, churned out the main computer security threats – crime, commercial espionage and spying and warfare – to dramatic James Bond-style music with flaming words like "cyber malfeasance" burning on the screen.
Glenny, who is a former BBC journalist and wrote McMafia, on organised crime, in 2009, said the first thing he learned from the hackers he interviewed was to read Sun Tzu's The Art of War, the thrust of which was to understand that you must "know your opponent and learn from him".
What we can learn from the mostly white, mostly male, largely pale and collared-shirt-without-ties-wearing gathering, is that they like coffee. A lot. The queue snaked around the Mimecast booth – where conference goers waited patiently for their free cappuccinos, lattes and espressos, or for a chance to stand inside their "air vac" machine and gather a bunch of red tickets which flew around them and put them in line to win docking stations, something called virtual recording glasses, or a Nespresso machine.
Just across from the booth, was Jacques van Heerden, chief executive officer of Global Technology Security Provider. His drone, which looked like a tiny alien aircraft, proved popular with conference goers. Van Heerden – who is also a master instructor who teaches ethical hacking – said he brought the drone, along with other security-compromising gadgets to show potential clients just how vulnerable they are.
It seems that little, easy-to-obtain devices with nice names like Pineapple, Raspberry Pi and Rubber Ducky can help a hacker take over your entire computer system.
"I say I have god powers," said Van Heerden without blinking. "If I hack into your network I control your network. I've got the keys to your kingdom."
This means penetration and, if it happens, things will surely go tits up.