Introduction
My father never quite understood what I did for a living.
Not because he lacked intelligence — he was extremely sharp.
But
because what I do belongs to a world that for most
people is invisible. A world that lives inside screens, in
cables, in servers, in the digital infrastructure everyone uses and almost
no one truly sees.
Over the years I tried to explain it in many ways. In the
end I stopped using technical jargon and started telling stories.
Like the one about the programmer.
The programmer is the person who, when his mother says “go
to the supermarket and buy a kilo of bread. Oh, and if there is fresh
milk, get two,” comes home proud with two kilos of bread.
Not out of distraction, not out of stupidity, but out of pure logic. The
condition was true: there was fresh milk. The instruction was clear: get two.
That the bread was already in the cart was a detail outside
the algorithm. The programmer executed the code perfectly.
My father always smiled at that story. Then he would ask:
“So what are you?”
I am a hacker.
And the difference between a programmer and a hacker — the real,
deep difference you do not learn from books — an electric
fly swatter taught me.
You know those tennis-racket gadgets with the electrified mesh that
zap mosquitoes in one click?
Well, put one in a hacker’s hand.
Give him a minute to study it. Watch what happens.
He presses the button. And puts his finger on the mesh.
Not out of masochism.
Not out of stupidity. Out of that
visceral, almost physical urge to understand what really happens
when that button is pressed. To feel it, literally on his
skin.
Not to settle for knowing it hurts but wanting to know
how much it hurts, how it hurts, why it hurts.
That urge is hacking. Long before code, long before
computers — it is a mindset toward the world. A curiosity
that does not stop at the surface. I have always had it. Long before I
knew there was a name for it.
My first computer was a Commodore VIC-20. Forty
years ago, when computers were not yet everyday objects, when having one
at home was rare. Then came the ZX Spectrum. Then the Amiga. Then PCs
with five-and-a-quarter-inch floppy disks.
I did not just play — I took things apart. I did not just use them — I tried to
understand. What happens if I change this parameter? What happens if I
load this code differently? What happens if I press this
button I am not supposed to press?
The answer to the question what happens if has been the thread
of forty years of career.
In those forty years I did things I would never have imagined. I analysed malware that paralysed hospitals. I mediated ransomware sitting between a devastated company and the criminals demanding ransom. I testified as technical consultant to prosecutors in criminal trials. I showed Dark Web markets to a committee room in the Italian Chamber of Deputies. I took a hundred phone calls a day from companies and individuals who had lost their data to CryptoLocker when I was the only person in Italy who could decrypt it. I founded SosHacking to give a structured answer to the question that reached me every day: “I have a problem — who do I call?” I built and lead the Italian Privacy Academy because privacy is not bureaucratic box-ticking — it is a fundamental right.
I am an Accredia 11697-certified DPO. I am a court-appointed technical consultant in
criminal and civil proceedings involving cybercrime. I have
spoken at conferences and round tables across Italy.
I say this not to boast but because this book is the distillate
of all of that. It is not theory — it is direct experience.
I wrote this book for a simple reason. Years ago, early in
my career, I went to a small craft business that had suffered a
cyberattack. The owner looked at me and said something I have
never forgotten:
“Why had no one explained how it worked?
We would have done things differently.”
This book is the answer I wish I could have given him then, with
a few years’ delay. But with the hope that it reaches someone else in time.
Enjoy the read.
Alessandro Papini
Chair, Italian Privacy Academy — Founder, SosHacking.it
Technical consultant | Accredia-certified DPO | alessandro@nwkcloud.com