002 Who Am I?

I am Alberto Daniel Hill, and I am the first hacker that was sent to prison in Uruguay for a computer-related crime, a crime that never happened.

I have been working in information security for more than 20 years in fields such as computer forensics, information security consulting as well as being project manager in projects implementing systems according to the ISO-IEC 27,000 norm. I am also an ethical hacker, I hold a PMP certification and I am a PLATINUM member of ISACA.

Until 2017 I kept an exceptionally low profile. I did not have any real account on social networks, I never talked about things related to hacking. I was trying to be completely unknown in the field and do my job totally keeping confidentiality of the information I had to handle. My name did not appear on google except for information about the work contracts I had with the government which were public for transparency.

I do not trust words,

I even question actions.

But I never doubt patterns.

I am not going to mention anything prior 2013, but I will tell you about my life after that year so you can visualize the patterns in the way I behave.

In 2016 I found a security problem in the stock exchange of another country in South America and I could not contact them so I contact the CERT of my country so they could be a link with them to report the problem.

In December 2016 I had a serious car accident. When i got home i got an SMS with a code where I could enter the website of the insurance company and track the status of my insurance. In a couple of minutes, I could find that I could see all the information of the systems, al the personal information of the people involved, police reports and the reports of the doctors, everything, including the pictures of the accidents. I reported that to the CERT immediately.

In 2017 I hacked one of the largest information security realizations in the world and I reported the problem they had to them.

The names of those companies and organization are irrelevant and I do not want to damage their image, so I have no intention to disclosure that information.

By the way in 2016 I reported debility in the YouTube TV service (the report is public). That is what I have been doing for years. I always reported the security problems I found because that is the way I am. I never got anything in return. Here we do not have bug bounty programs, so you do not get money or even a “thanks” for reporting those security problems. You do it just because you think it is the right thing to do.

But this story is an example of what can happen to you when you are trying to do things right.