When I read about hackers and cyber criminals I often think of the old TV show Get Smart. After vanquishing a villain, Agent Maxwell Smart would often recite a lament that typically went “If only he had used his genius for good and niceness instead of evil.”
If only!
One thing that I find scary about hackers is that are very willing to share knowledge that can be used for nefarious purposes. In researching how a “man in the middle attack” works I found a you tube video that provided a very easy to understand tutorial. Such attacks insert the hackers process in between a browser and a web server communicating. It’s used to capture a site visitors login credential and/or redirect the person to a phony web site where they can prey on their victim.
Recently I came across a hackers web site which provides instructions on how to trick a person into going to their phony Facebook site. The scary part of their technique is that the user will see Facebook.com on the URL line with no indication that they are anywhere else but Facebook.com. The author is quite proud of his work and is happy to share. He does put a disclaimer on the site that the information is for “Educative Purposes Only”. Uh, right.
However, there are some legitimate purposes to learning hacking techniques. The US government is training hackers to engage in the so called “cyber war”. In fact, the Air Force Academy offers a degree in “computer science-cyberwarfare” and Naval Academy has made a course in “cyber security” mandatory for Freshman.
The government is most concerned about defending against attacks threatening us, our national security and our infrastructure. In this”Cyber War” our side has an offense as well as a defense. You do not hear about it as much because it is supposed to be top secret, but Washington is not known for being able to keep secrets very well. While it has never been officially confirmed, a combination of leaks and evidence uncovered by security experts indicates that the United States has launched a series of cyber-attacks against Iran and its allies designed to hamper its nuclear program and its funding of terrorism.
In business and IT we have to be on guard to protect our IT infrastructure and data assets from being compromised, regardless of the source of the attack. Increasingly, business and other organizations are turning to cyber security experts who do penetration testing, aka pentesting.
Pentesting includes the same activities as the malicious hackers, known as Blackhat Hackers, except they are conducted by “good guys” as a service. They test networks and websites by manually simulating a hacker attack to see if there are web security holes that could compromise sensitive data. They identify critical attack paths in a network’s infrastructure and provide advice on eliminating these threats. They attempt to bypass security weaknesses to determine exactly how and where the infrastructure can be compromised.
I often hear people say that knowledge is a good thing. In this case, it depends on who has the knowledge and what they use it for, good or evil. The same knowledge that can be used to create antivirus protection and firewall protection can be used to circumvent such protection.