The very recent news exposed the reality of most cyber security experts who were paid to defend the enterprises for which they were hired (contract based or permanent). The ethical hackers were on contract to protect the credentials of any particular company. But these security researchers who were white hat turned into black hat hackers.
The news reveals that the hired employees were involved in security breaches. This seriously shocked the enterprise’s owners and directors about their data integrity over the internet. Now what are the steps to be taken to ensure that the hired security experts aren’t the real black hat hackers who are meant to breach any security firewall for their own means.
Well this is a question asked everywhere in the World. Who should be trusted, who shouldn’t be? Who could be loyal to us? They might not reveal our company’s sensitive data to the competitors.
According to the revealed information in the last year so far, there are some real case stories about stealing sensitive data by the paid security researchers who were authorized to protect the sensitive data from breach but they done it like a black hat. Oops!
“The security community is buzzing about the release of more than 400GB of corporate data from the Italian security firm Hacking Team, a revelation that’s being called the security industry’s version of the Edward Snowden leaks. Hacking Team has been previously accused of being willing to sell its services and software to anybody, even authoritarian regimes with active human rights investigations ongoing. …”
“Muneeb and Sohaib Akhter are twin 23-year-old computer whizzes who live in Springfield, Virginia. Last week they were indicted by the Department of Justice on accusations of hacking into various computer systems, stealing credit-card funds, and hatching a plan to access US government computers and sell passport and visa data.
In total, the Akhter twins racked up 12 criminal charges. …”
“The guy accused of being one of the world’s top Android phone hackers is a bright young student who’s been honing his skills as an intern at the cybersecurity firm FireEye.
On Wednesday the U.S. Justice Department announced a massive international bust of Darkode, an online black market for hackers. Among those charged with crimes was Morgan Culbertson, a 20-year-old from Pittsburgh. He’s accused of creating a nasty malware that infects Android phones, steals data and controls the device.
Culbertson is currently a sophomore at Carnegie Mellon University in Pittsburgh. He’s a two-time intern at the cybersecurity software maker FireEye where he’s been researching malware on Android smartphones, tearing apart viruses, and analyzing them. …”
“A U.S. Department of State employee was arrested at Hartsfield-Jackson Atlanta International Airport and is accused of hacking into college-age women’s accounts and stealing compromising photographs for blackmail.
Federal investigators say he used government computers at the U.S. Embassy in London to commit the crime. Investigators say Michael C. Ford is a U.S. citizen who has worked as an embassy employee in London since 2009. …”
To talk about good and bad guys, we can make them separate by saying good guys are ‘ethical hackers’ who are trained to work for the benefit of an organization and bad guys are ‘black hat’ who can just damage the enterprise’s infrastructure or business for its own means. Though there are some ‘grey hat’ who know the standards and lay between the two categories.
The USA Today published last year that its very hard for anyone to guess who are the white and black hat hackers between the two.
A further complication regarding definitions comes into play when you consider cyber security industry conferences, the very soon Black Hat USA 2016, in Las Vegas. Here’s how the website describes the conference:
Black Hat – built by and for the global InfoSec community – returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 – August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4).
The below conference was captured on Black hat 2014 in Las Vegas.
The attendee survey proclaims that it is time rethink enterprise IT security and offers potential solutions to our global online security problems. These are very helpful tools and answers for enterprises being offered at the biggest hacker event in the world.
Now it feels awesome if you are attending Black Hat 2016. You’d better prepare for the hackers all around you. There are numerous websites and tip sheets to help you not become a victim yourself. I find it interesting that so many precautions must be taken, which just proves that the norm has become “hacking back” as one answer.
So far I noted and observed in our society that people want to become a black hat hacker and want to get attention by hacking and defacing a number of vulnerable websites. That looks awkward to see if a security researcher breaks the rules and laws.