16 July 2018
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

749Posts 2,173,437Views 62Comments

Raoul Chiesa: UN Interregional Crime Research Inst.

25 January 2010  |  2438 views  |  0

In my quest to learn more about what makes a criminal hacker tick, I came across Mr Chiesa when he commented on a blog post I wrote “How I Wasted 4 Hours with a Criminal Hacker”. He warned me I was treading on dangerous ground due to the fact that when communicating with the blackhat, I used my real name and provided my web address. His concern was a revenge hack that would clear the hackers name amongst his hacker peers.

I’ve danced with the devil a few times in my life and don’t mind the occasional walk on the ledge. And I’ll heed his advice in the future. After a closer look, I learned he is from the United Nations, based in Italy. (Road trip anyone?). That’s a cat I want to talk to who is fighting the battle 24/7/365 against the bad guy.

What do you do?

Since 2005 I’ve worked with the United Nations Interregional Crime & Justice Research Institute (UNICRI), where I am a Senior Advisor on Cybercrime Issues & Strategic Alliances. We develop new strategies, techniques and methodologies in order to support the Member States fighting cybercrime-related issues, supporting policy-makers, end-users and States.

I’m also an entrepreneur in the Information Security arena. I run 2 vendor-neutral consulting firms, specialized in Penetration Testing, Audit & Compliances, while the second firm supplies Digital Forensics services. I’m into IS since 1997, while I began my interest in it – and the hacking’s underground – back in 1986.

Why do you do it?

Mainly it’s because of the passion. I love my job, I love what I do everyday…and this is not so common so…I’m feeling really lucky. Talking about my role at UNICRI, I decided to join them in order to support a neutral organization that is really trying to achieve important goals.

What’s your process?

Mainly building an international network of contacts; attending a huge amount of IT events all around the world, often as a speaker; trying to build an “informal communication and alert network” among LEAs, in order to simplify and speed-up the process of information exchange. We’re working on various R&D projects, that help and benefit the IT and ICT community all around the world. Our main research is HPP – Hackers Profiling Project (http://www.unicri.it/wwd/cyber_crime/hpp.php), where we’ve been able to interview more than 1200 hackers from five different continents. It’s a really huge research program, that will last five years more. It’s something never done before.

What are the “politics” with it world wide?

Politics – especially USA and EU – are driving towards issues related to privacy, Lawful Interception, copyright, etc. I’m a technical guy, with a technical background: I don’t like politics, though it’s clear to me that it’s something we need, somehow.

In my humble opinion, the common mistake when politics meet IT, is that politicians are obviously not IT people, they do not have an IT background, and often they misunderstand the logistics of IT…in this scenario, (big or small) mistakes may always happen.

What is next? What’s the future look like?

We are observing in incredible rise in cybercrime. New profiles of attackers arrived in the so-called “hacking underground”, and the hacking world – sometimes – is meeting with organized crime and State-sponsored attacks. The world is changing and, basically, the keyword is “the information”. In today’s world, “Information is the Power”, that’s the sole reason why all of this is happening.

Sum up a profile of the criminal hacker today vs. 10 years ago.

There are huge differences between hackers in the past and hackers nowadays. Hackers from the past were not “mandatory” criminals. While their actions were illegal (note: during the 80’s and the 90’s, “hacking” was not a crime in many countries of the world. I.e. in Italy it became a crime only in 1993/1994), the global approach was much more on the “challenge”, the “curiosity”, as well as “teens actions”.

21st century hacking has moved towards criminality. This leads us to Cybercrime, that is de-facto composed by many different “subsections”, where hacking is often related. I am talking about spam, carding, zero-day attacks (and all the black-market there connected), obviously Identity Theft, scams & economical fraud, that leads us to the so-called “Underground Economy”.

The on-going economical global crisis too has something to do with this: each time there’s a global crisis, criminality raises up. This is exactly what’s happening now, since 2009, and that will continue in 2010: people that basically are NOT criminals, may be forced/pushed to “accept” a crime deal, linked to cybercrime actions.

This happens because cybercrime does not involve “straight” criminal actions such as killing somebody with a knife or a gun, stealing a mobile phone from somebody’s hands, etc… It’s a not-physical crime, involving actors to think that they are not doing anything “bad”. Also, cybercriminals ALWAYS think that they will “never be busted”, since they rate themselves “much better, more skilled” than LE agents.

Last issue (of a really huge, huge picture!) is related to State Sponsored attacks. Recent attacks from China, Estonia and Georgia are showing us how much hacking techniques are involved in all of this. Governments are starting to hire hackers (USA, UK, China, Korea, Iran….) and set up Information Warfare: this will be one of the hottest keywords in the near future.

More info on our book on Hackers Profiling: http://www.amazon.com/Profiling-Hackers-Science-Criminal-Applied/dp/1420086936

Raoul Chiesa, OPSA, OPST, ISECOM International Trainer, CLUSIT, ISECOM, TSTF, OWASP Italian Chapter: Board of Directors Member Osservatorio Privacy & Sicurezza – OPSI-AIP, Comitato Esecutivo

Thank you Raoul. We appreciate your contributions.


  • Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.



  • TagsSecurityRisk & regulation

    Comments: (0)

    Comment on this story (membership required)

    Latest posts from Robert

    Are Your Employees Putting Your Company at Risk? Here’s How to Find Out!

    18 May 2018  |  6353 views  |  0 comments | recomends Recommends 0 TagsSecurity

    10 Internet Security Myths that Small Businesses Should Be Aware Of

    11 May 2018  |  1801 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Mobile Phone Numbers Are as Sensitive as Your Social Security Number

    19 April 2018  |  3573 views  |  0 comments | recomends Recommends 0 TagsSecurity

    The Term Identity Theft Protection is Often a Lie

    06 April 2018  |  7715 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Use a Password Manager Or You WILL Get Hacked

    19 March 2018  |  4137 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Robert's profile

    job title Security Analyst
    location Boston
    member since 2010
    Summary profile See full profile »
    Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

    Robert's expertise

    Member since 2009
    739 posts62 comments

    Who's commenting on Robert's posts