My name is Alberto Daniel Hill. I am the first hacker that served time in prison in Uruguay for a computer-related crime. I was prosecuted for a crime I never committed. A crime that probably never happened. Irregularities, illegalities, and verdicts based on ridiculous arguments were, and are, part of a process lacking any guarantees of fairness.

 

 

 

2016 and 2017

 

In mid-2017, I hacked the website of one of the world’s leading security organizations and immediately contacted the organization and reported the problem they had.

 

In November 2016, I found a security problem on the web site of the stock exchange of Asunción, Paraguay. When I did not find a channel to report directly to the system administrators, I reported to the Community Emergency Response Team (CERT)[1] of Uruguay so they would do their best to contact them and inform them of the problem.

 

In December 2016, I had a profoundly serious car accident in the early hours of the morning. In the afternoon, I received an SMS from my insurance company with a code to track insurance procedures online. After five minutes of accessing the site, I detected a serious problem with the security checks and could see all the insurer’s claims, including personal customer information, medical details, police information, claims photographs, etc. Within 15 minutes, I was reporting to the CERT of Uruguay.

 

Oh! And by the way, also in 2016, I informed YouTube of a weakness in its YouTube TV system.

 

 

I do not trust words,

I even question actions.

But I never doubt patterns.

 

 

I mention those things to show a pattern in my behavior. I have always made reports with the sole purpose of helping to improve the security of vulnerable sites and prevent malicious people from finding them in the same way I did, by using faults to cause some harm or illegal behavior.

 

I never requested or received anything for these reports. For ethical reasons, I believed that I should proceed in this way. I could have looked away and not taken any action after finding these problems, but I did not think it was the right thing to do. I believe in consistency when it comes to acting. People typically follow certain patterns of behavior systematically and do not change how they act in certain situations overnight.

 

Before the media gave me the title of “hacker,” I was an expert in cybersecurity, and was specializing in both cryptocurrencies and blockchain technology, and I was doing very well. I do not care whether I’m called a hacker or a cybersecurity expert. Being a hacker is not an insult—it is in fact a compliment.

 

This book tells the story that changed me forever. It was a totally unexpected turning point in my life and affected the lives of my loved ones. There is a “before” but not an “after” in my story. The word “sad” is used 22 times in this book. That might give you an idea that you are not going to read a beautiful, lovely, and magical fairy tale

 

 

 

 

This book is for anyone interested in a real story about a criminal case where everything went wrong, and where somebody wants to trigger changes to avoid those wrong things from happening again, for people from the information security community, and in particular for those working or interested in computer forensics to learn what should not be done. In my case, everything was done incorrectly without any consequences for those in charge of the investigation, as I mention in the chapter “Drug Dealers Have More Guarantees.

 

Alberto Daniel Hill – June 2020

ABOUT

[1] A computer emergency response team is a historic term for an expert group that handles computer security incidents. ‘”CERT”‘ should not be generically used as an acronym for this term as it is registered as a trademark in the United States Patent and Trademark Office, as well as other jurisdictions around the world. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT). https://en.wikipedia.org/wiki/Computer_emergency_response_team