A shadowed, indecipherable face, shrouded by a dark-hooded sweatshirt, huddled over a keyboard. His face unseen and intentions nefarious. You know the image. It’s become a modern, digital stereotype. But that image is a misleading notion that could be dangerous for your organization.
“I’ve always tried to bring hackers into perspective,” said white hat hacker and security researcher Keren Elazari during her keynote at the IAPP Europe Data Protection Intensive in London. “Hackers are part of the immune system for the technology age.”
It may be counterintuitive to trust a hacker, she conceded, but an entire niche class of professionals is on the rise, brimming with skills that can benefit organizations across industry sectors around the world.
Yes, it was hackers who exposed millions of (mostly male) Ashley Madison users. It was also hackers who breached the emails of top Sony executives. And, yes, it looks like it was hackers who with the Panama Papers exposed the inner workings of shady shell companies of many of the world’s rich and powerful, even leading to the resignation of the prime minister of Iceland.
The takeaway? Data breaches are affecting every industry.
Fear of exposure is what drives our fear of hackers, she said, and that “reminds everyone just how fragile the illusion of privacy is.” Privacy, access, and trust, she said, “are the currencies of power. Privacy is not a god-given right. If you don’t introduce security, you won’t have privacy.”
That’s why Elazari was careful to point out that hackers aren’t just concerned with exposing secrets. Perhaps more importantly, they expose vulnerabilities, and with an emerging IPV6 world, that’s a huge deal.
The Internet of Things is changing the marketplace and bringing with it amazing innovations. Many of these new, connected devices, however, are manufactured by companies that don’t even think about cybersecurity and privacy protections because they’ve never had to before.
Connected insulin pumps, for example, have provided new benefits for patients suffering from diabetes, but, it turns out, those connected devices were vulnerable to hacks, potentially threatening the lives of those patients they’re designed to protect.
Who unearthed this life-threatening vulnerability? Yes, a hacker. More specifically, security researcher Jay Radcliffe, himself a sufferer of diabetes. All he needed was a serial number, some basic hardware, and a customized software program to demonstrate the vital device’s vulnerability.
More recently, Elazari pointed out, hackers Charlie Miller and Chris Valasek famously demonstrated how connected vehicles could be hacked into, taken over, and disabled. The vulnerability, which originally appeared in Wired, led to a massive recall from Fiat-Chrysler – the first security-related car recall of the IoT era. It's not a coincidence that both researchers now work for Uber's burgeoning artificial intelligence projects.
Elazari also pointed to beneficial tools provided by hackers. Shodan.io, for example, maps out the vast world of connected devices. Created by self-proclaimed Internet cartographer John Matherly, the site offers searches for the web, IoT devices, power plants, wind turbines, webcams, and buildings. It helps users, including organizations, detect if any of connected devices are leaking data or are exposed on the web.
Another site, HaveIBeenPwned.com, is a search engine for user names and passwords to help users identify whether their own user names and passwords have been breached and leaked online.
At the same time, intelligence organizations often use unknown vulnerabilities to exploit targets. Elarzari pointed to the NSA’s exploit of a bug in the Secure Sockets Layer protocol, better known as Heartbleed. “The NSA knew about those problems for at least two years,” she said. “They actively kept American companies vulnerable.”
On the other hand, the U.S. government has caught on to the value of hackers. The U.S. Department of Defense recently called for a “Hack the Pentagon” initiative, this first of its kind for the U.S. federal government. “I think this is fantastic,” Elazari said.
Many other companies, including Tesla and several of the major Silicon Valley tech organizations have embraced hacker culture early on, recognizing its value to the security of their products and services. But more companies need to recognize the value of hiring hackers, Elazari said, whether through bug bounty programs or by bringing them on full-time.
Cybersecurity needs are growing in the new digital marketplace, with a growing reliance on security and privacy pros. “This means our industry needs more good hackers,” she said. “They have the talent and skills we all need.”
Plus, Elazari said, hackers aren’t just living on the edges of the Internet. They have a hugely important role to play in the economy. They have become a niche class of professionals. There are even organizations that help promote this new professional class. Companies like Hacker One now work to help companies find these technical experts from around the world.
“More than 100 years ago, Louis Brandeis said there was no better disinfectant than the light of day,” Elazari said. Though transparency is often in conflict with privacy, it can be the cure for many social illnesses.
“As a hacker, I agree.”
If you want to comment on this post, you need to login.