Hackers for hire
where the experts come to talk

Hackers for hire

Hackers are the 21st century warriors who worry many. As everything we use becomes increasingly connected, so their opportunities to hack, divert or destroy increase. NATO Review talked to some hackers to see what motivates them – and finds out that they can actually be a force for good too.

Hackers love a challenge,

whether it’s picking locks

or cracking passwords.

They like to figure out how things

work and exploit their weaknesses.

Hackers share

this common mind-set,

but their ethics are

as diverse as in any group,

says Katie Moussouris, an ex-hacker

turned IT security professional.

As in every population, there is

a huge range of ethical stances

and persuasions in this industry.

I think it’s no different from any other.

Most people in the world

want to do the right thing

and the same goes for hackers. Most

hackers want to do the right thing.

She has had good experiences

engaging the hacker community.

She heads Microsoft’s

Security Community Outreach Team,

which asks hackers

to report vulnerabilities.

Traditionally,

ethical hackers, or white hats,

have disclosed bugs for free

and many still do so for the prestige.

But with industry and governments

seeking to beef up their defences,

ethical hackers can now have

the pick of jobs in a booming industry.

The talent pool in terms of the hacker

or security research community

is tremendous.

All governments are stepping up

their hiring in these areas,

you know, of security experts,

and essentially to get

as many qualified personnel

as is actually needed,

you have to expand the pool

and surge to this community for sure.

There’s a shortage of skilled

IT security pros around the world.

The UK has launched

a training and education initiative

in schools and universities

to address the skills gap.

The government says the gap is

hindering the war against cybercrime.

The US military has also

recently announced plans

to increase its cyber command

from 900 to 5000 personnel.

It’s not clear where these additional

cyber warriors will come from.

But the military

will have to keep an open mind

as to whom to collaborate with.

In order to have a defence, you need

a much wider group of people

with a much broader set of skills

working for you than in the old days

when we were talking

about the men from the ministry

with a set sort of identity.

That’s not the case anymore.

Jim Manico is

an IT security professional

who works

for a web security company

and the non-profit open web

application security project OWASP.

His goal is to make cyberspace

safer for everyone.

He believes the best way to do this

is through ethical disclosure.

When you find a bug in someone’s

product or operating system,

the spirit of ethical disclosure,

is to tell the vendor first in private,

give the vendor a chance to fix it

and push a patch of some kind live

and then tell the world about it. Now,

these bugs are worth a lot of money.

More and more so

these bugs are becoming a value.

So other organizations

may choose to buy these bugs

and sell them to the highest bidder

or there’s open markets for them,

depending on the severity of the bug.

I’m more a fan of ethical disclosure.

My goal is to help secure the world,

teach developers

to write more secure code.

It’s in this spirit that Evan Booth

likes to test airport security.

Like all hackers Booth loves to take

things apart and repurpose them.

He says he has built several

dangerous devices with objects

bought exclusively in airport

shops next to boarding gates.

The thought is that if a law-abiding

joker is thinking about this stuff

and is able to be successful

with the implementation,

chances are someone else is as well

and arriving at the same conclusions

and it’s best to start thinking

about how to defend them.

Booth’s findings have not been

independently verified

and his hobby is controversial,

but to ignore the warnings of a hacker

with such skill and dedication

seems more dangerous

than to enlist their help.

Hackers love a challenge,

whether it’s picking locks

or cracking passwords.

They like to figure out how things

work and exploit their weaknesses.

Hackers share

this common mind-set,

but their ethics are

as diverse as in any group,

says Katie Moussouris, an ex-hacker

turned IT security professional.

As in every population, there is

a huge range of ethical stances

and persuasions in this industry.

I think it’s no different from any other.

Most people in the world

want to do the right thing

and the same goes for hackers. Most

hackers want to do the right thing.

She has had good experiences

engaging the hacker community.

She heads Microsoft’s

Security Community Outreach Team,

which asks hackers

to report vulnerabilities.

Traditionally,

ethical hackers, or white hats,

have disclosed bugs for free

and many still do so for the prestige.

But with industry and governments

seeking to beef up their defences,

ethical hackers can now have

the pick of jobs in a booming industry.

The talent pool in terms of the hacker

or security research community

is tremendous.

All governments are stepping up

their hiring in these areas,

you know, of security experts,

and essentially to get

as many qualified personnel

as is actually needed,

you have to expand the pool

and surge to this community for sure.

There’s a shortage of skilled

IT security pros around the world.

The UK has launched

a training and education initiative

in schools and universities

to address the skills gap.

The government says the gap is

hindering the war against cybercrime.

The US military has also

recently announced plans

to increase its cyber command

from 900 to 5000 personnel.

It’s not clear where these additional

cyber warriors will come from.

But the military

will have to keep an open mind

as to whom to collaborate with.

In order to have a defence, you need

a much wider group of people

with a much broader set of skills

working for you than in the old days

when we were talking

about the men from the ministry

with a set sort of identity.

That’s not the case anymore.

Jim Manico is

an IT security professional

who works

for a web security company

and the non-profit open web

application security project OWASP.

His goal is to make cyberspace

safer for everyone.

He believes the best way to do this

is through ethical disclosure.

When you find a bug in someone’s

product or operating system,

the spirit of ethical disclosure,

is to tell the vendor first in private,

give the vendor a chance to fix it

and push a patch of some kind live

and then tell the world about it. Now,

these bugs are worth a lot of money.

More and more so

these bugs are becoming a value.

So other organizations

may choose to buy these bugs

and sell them to the highest bidder

or there’s open markets for them,

depending on the severity of the bug.

I’m more a fan of ethical disclosure.

My goal is to help secure the world,

teach developers

to write more secure code.

It’s in this spirit that Evan Booth

likes to test airport security.

Like all hackers Booth loves to take

things apart and repurpose them.

He says he has built several

dangerous devices with objects

bought exclusively in airport

shops next to boarding gates.

The thought is that if a law-abiding

joker is thinking about this stuff

and is able to be successful

with the implementation,

chances are someone else is as well

and arriving at the same conclusions

and it’s best to start thinking

about how to defend them.

Booth’s findings have not been

independently verified

and his hobby is controversial,

but to ignore the warnings of a hacker

with such skill and dedication

seems more dangerous

than to enlist their help.

quotes
Queen Elizabeth II
Newsletter
Make sure you don't miss a thing
Whatever life throws at us, our individual responses will be all the stronger
for working together and sharing the load
About NATO Review
Go to
NATO A to Z
NATO Multimedia Library
NATO Channel
Share this
Facebook
Facebook
Twitter
Twitter
Delicious
Delicious
Google Buzz
Google Buzz
diggIt
Digg It
RSS
RSS
You Tube
You Tube