In this episode for The Pivot podcast, we welcome Hakan Tanriverdi!
Hakan Tanriverdi is a reporter at the German public broadcaster, Bayerischer Rundfunk. He covers information and cybersecurity, mainly focusing on hacking groups and who they’re working for. The investigations tend to be more on the technical side and are assisted by scripts, scrapers, and databases. He is also the producer of the podcast series, Der Mann in Merkels Rechner - Jagd auf Putins Hacker (The Man In Merkel’s Computer – Hunting Down Putin’s Hackers), uncovering the German parliament hack, which went viral later.
In this episode, Hakan elaborates on how he unfolds the world of OSINT and hacking and his thoughts on how Snowden leaks and Panama Papers changed the way reporters investigate. He also touches on the production of Der Mann in Merkels Rechner – Jagd auf Putins Hacker podcast series, explaining how he came to record the podcast and the whole story of the hack.
The Pivot: Your New OSINT and Infosec Podcast 🔗︎
Brought to you by Maltego, The Pivot is your OSINT and infosec podcast that dives deep into topics pivoting from information security to the criminal underground. Through The Pivot episodes, we aim to share insightful information for beginners and seasoned investigators alike, shedding light on all things OSINT and infosec from an insider’s perspective.
Each episode features one or two of Maltego’s own Subject Matter Experts as the host and an external expert, researcher, or industry leader invited to share their projects, stories, experiences, and advice.
Where to Listen to The Pivot? 🔗︎
The Pivot podcast is available on Spotify, Apple Podcast, Google Podcast, and the Maltego YouTube channel. Each episode is 45 to 60 minutes long and is released on the 15th of every month. Stay tuned with us for more updates!
Tell us a bit about yourself and what you do! 🔗︎
Hakan: I work at public broadcasting in Germany, similar to the BBC in the UK and the NPR in the US.
I write about cybersecurity and focus mainly on stories that, in my view, are not written about extensively. Our standard time for reporting a story is up along the lines from three to six months. In the timeframe, we try to find out as much information as we can and provide a complete picture, so that people consuming our investigation have a fairly good understanding of a specific hacker group or ransomware gang, such as how their work, how they operate, and how they talk to companies.
What got you into the world of cybersecurity? 🔗︎
Hakan: There are two phases. In the first phase, I went to journalism school in Munich. Afterward, I started working at a daily newspaper called Süddeutsche Zeitung, which later published the Panama Papers. I was always interested in how the digital economy works, so I started writing about platforms and later came to learn about hacking. The Snowden leaks happened two weeks after I joined Süddeutsche Zeitung, which showed me how intelligence agencies tried to work at the time.
From that point on, I tried to find out how to hack into a system and how hacking works. I have no background in Information Science or any relevant studies, but I attended a lot of conferences to speak and meet with hackers. Along the way, two things happened. First, the German parliament was hacked in 2015. Second, I quickly realized if I wanted to write about these stories, I at least needed to have a basic understanding of how hackers penetrate systems. I thought it would be also helpful for me to understand how to write scripts and programs by speaking to people doing incident response. I basically surrounded myself with code.
Then comes the second phase. You will always have questions when learning how to write code. If you have questions, you are going to look them up, find the answers on Stack Overflow, and then get into a mindset where you appreciate the people you’re interacting with because what they do in their jobs sometimes turns out to be the same problems you encounter.
When you go and ask questions, you will be able to ask better questions, so that the conversations get lengthier, a little bit more intense, and more into the weeds. That’s how I went from the desire to writing about digital platforms to writing about digital espionage.
What’s your take on the Snowden Leaks and Panama Papers? 🔗︎
Hakan: Let’s talk about it from my end as a journalist and the two things that both the Snowden Leaks and Panama Papers changed in journalism: The perception of how to reach your target audience and how they approach such stories.
Usually, a journalist would go speak with people, obtain information, and attribute the source to the people they contact. Sometimes, however, the people interviewed only allow journalists to use the information if they are not quoted. Therefore, journalists can’t always say, “Hey, this guy who works in German intelligence told me this sort of snooping is going on.”
However, ever since the Snowden leaks and Panama Papers happened, reporters have understood that it’s good for their stories to have some form of documentation. In my case, hypothetically speaking: If I am able to add a quote to prove that an APT group hacked the German federal foreign office, the story will always have a better standing because I am not dependent on external people as the main source.
I think that the Snowden leaks, the Panama Papers, and even further back the WikiLeaks established this form of reporting. A journalist always has to do the vetting.
You participated in the investigation of the German parliament hack, which went viral later. What was it like? 🔗︎
Hakan: In this case of the parliamentary hack, a colleague of mine, Florian Flade, published a story in May 2020, addressing the arrest warrant for Dmitriy Badin. Dmitriy Badin was alleged to be one of the hackers of the German parliament hack and was also accused of having been a Russian military intelligence officer by The Federal Bureau of Investigation. I added the crucial mistake Dmitriy Badin made to the report, so the story had a clear beginning and ending. I then suggested Florian that we should do a podcast about it. We weren’t sure about whether we would succeed. Still, we decided to give it a try.
Thinking that the story will one day be forgotten, we assumed it was easier for people to talk to us. Nonetheless, from the German side, at least from the government side, nobody was willing to speak into a microphone. Despite the hurdle, we were still able to tell a story about how hackers operate and how you can catch them. The podcast turned out to be really interesting to me and did become viral.
What inspires you to learn more and do more? 🔗︎
Hakan: I think learning how to write code was the biggest turning point for me. Now I’m not in a situation where I need somebody to handhold me. Instead, they could just describe a technique hackers use. Or I could read a report or an essay about a certain binary string. Then, I can go write a so-called Yara rule, which will search in a larger database whether a file containing that key was uploaded. If it was uploaded, I can have the binary and go look for the binary myself.
This is something that I couldn’t do years ago, and I now know how to write or read basic reports and look for information. If there’s a hash included, I will be able to get the malware. It used to be that VirusTotal tells me if there is a hash. There’s no way I could get my hands on that piece of data. Being able to code myself has had a significant impact on me, and that was the most important thing I felt has changed my reporting on certain topics.
What are the three pieces of advice you would give to anyone interested in getting into the field? 🔗︎
Hakan: I think the number one would definitely be reaching out to people. Try and ask them if they could describe how the hacker operates or tell you about something more in detail. Talk with the folks and reach out to them by email. Most of the time they are very nice and will reply. You can’t do it all by yourself anyways.
Secondly, for every question you have about programming, there’s already an answer on Stack Overflow. Go look for that answer. If you have coding problems, talk to people.
Also, reread reports. There are times when you read an interesting report but couldn’t make sense of it. As you do more reporting, you tend to understand some aspects better. It might take you a year or so, but then you can circle back to the report, reread it, and you will find out different things that will help you in your reporting. Try to find a critical piece of information in the reports you read.
There’s More! Listen to Our Full Interview with Hakan! 🔗︎
If you find the snippets of the interview interesting, don’t miss the full interview!
Listen to our full interview with Hakan to learn more about:
- Hakan’s thoughts on the Snowden Leaks and his experience investigating it
- What difficulties he encounters when gathering information
- What changes the information security industry has made to shed more light on knowledge sharing
And much more!