Hack to the future: Corporations, military recruit ethical hackers to fend off cyberattacks
Traditionally, hackers have been known for their malicious acts, ranging from the widespread distributed denial-of-service attacks such as that perpetrated by "Mafiaboy" - a Canadian teenager named Michael Calce - in February 2000 to the systematic hacker-led slaughter of "World of Warcraft" characters in October 2012. Whether they might cause an estimated $1.7 billion in damages, as Mafiaboy reportedly did, or merely irritate online gamers, hackers have been roundly stereotyped as cyberspace troublemakers. However, increased numbers of ethical, or "white hat," hackers have taken action to combat this image in recent years, using their knowledge to help protect social media networks, government organizations and financial corporations from potential threats of "black hat" hackers.
One such "white hat" hacker might be German security consultant Hugo Teso recently made headlines, claiming that he had developed tools that could enable an Android phone to remotely hijack an airplane's control system. Teso presented his findings at the Hack in the Box security summit in Amsterdam on April 10, according to CNN, and detailed how he had spent three years developing SIMON, a coding framework that could infiltrate airline security software. Demonstrating how he could control a virtual airplane's altitude, direction and speed from PlaneSploit, an Android app he had created, the former pilot has offered to assist U.S. and European air traffic officials to prevent a malicious hacker from exploiting holes in aviation security networks. FAA officials responded by saying that Teso's hacking technique does not work on real flight equipment, as reported in CNN.
As increasing amounts of financial, medical and personal information find their way online, organizations have employed more people who work to ensure that networks are safe and secure. The Bureau of Labor Statistics (March 2012) estimates that the number of information security analysts should increase 22 percent from 2010 to 2020, in response to increased frequency and sophistication of cyberattacks. A June 2011 survey by the Ponemon Institute polled 583 U.S. companies and found that 90 percent of them had suffered some form of computer hack during the previous 12 months. Approximately 77 percent felt that these cyberattacks had become more severe or more difficult to detect in the past 12 to 18 months. Those statistics may highlight the need for analysts who can develop innovative ways to deter hackers.
Facebook and Google have enlisted hackers to help bolster their own security systems, offering cash rewards to anyone who can help discover vulnerabilities, according to CNN. Payouts have ranged from $500 to $60,000 depending on the severity of the issue discovered. Some hackers have also received full-time employment as a result of their exploits. Hacker Johnny Lee gained attention for his ability to hack into the Nintendo Wii's Wiimote controller after posting videos on YouTube. He was hired by Microsoft in May 2009, reports The Escapist. Another hacker, George "GeoHot" Hotz, was sued by Sony after he discovered the root key for the Playstation 3 and published it online. Facebook snatched him up in May 2011, according to 1UP.com.
Even the original Mafiaboy has exchanged his black hat for a white one. Today, Calce works as an Internet security consultant, helping to meet increased demand for individuals (hackers or otherwise) with technical expertise who can fend off the threat of cybercrime. A September 2010 press release by Symantec stated that 73 percent of Internet users in the U.S. had been victims of computer viruses, online credit card theft or identity theft. "We accept cybercrime because of a 'learned helplessness,' " said Joseph LaBrie, PhD, associate professor of psychology at Loyola Marymount University, in the Symantec press release. "It's like getting ripped off at a garage - if you don't know enough about cars, you don't argue with the mechanic."
The U.S. military has also enlisted the help of hackers, expanding the Defense Department's "Cyber Command" personnel from approximately 900 to 4,900, according to The Washington Post. Many military veterans have been targeted to join the ranks, being converted into hackers because they already have security clearances. "Cyber command" recruits fall into one of three categories, depending on their experience or level of expertise. "Combat mission forces" aid in the planning and execution of cyberattacks. "Cyber protection forces" bolster the Defense Department's computer networks, defending them from attacks. "National mission forces" work to protect infrastructure computer systems, including electrical grids and power plants.
"Given the malicious actors that are out there and the development of the technology, in my mind, there's little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point," William J. Lynn III, a former deputy defense secretary who helped develop the Pentagon's cybersecurity strategy, told the Washington Post. "The only question is whether we're going to take the necessary steps like this one to deflect the impact of the attack in advance or … read about the steps we should have taken in some post-attack commission report."
Going forward, as technology advances the need for ethical hackers and information security experts may only increase. Take it from Mafiaboy himself, who knows both the harmful and helpful sides of hacking. "You're going to have to set up hacker schools to train people," Calce told CNN in 2011. "Hacking can be in the positive fashion. There is a white-hat side to hacking and I think we're going to need to breed a lot of white-hat hackers right now to fight the black-hat hackers. Right now, they're winning the war."