Are ex-hackers the way to keep IoT secure? – Part Two
Adrian Crawley, Radware
If you think about it, hackers are canny, writes Adrian Crawley, the regional director for Northern EMEA at Radware, in the second part of his blog.
They like a challenge and will look for ways to break something, just because they can, or because they think it will provide a new way into the company. IoT could be the perfect smoke screen for other extortion hacks.
Hackers will persevere and find a way in eventually. They don’t like to be beaten. The community also works together and shares information. That’s how consortiums of hackers will pop up and become a force to be reckoned with.
They will also actively pursue a common aim – we’ve seen it in response to terrorist attacks, and to make statements of ethics and morals against bodies like FIFA through to the Ashley Madisons of this world.
An ex-hacker will be in tune with all of this. Able to tap into the latest conversations, keep you abreast of the up to the minute developments and raise the early warning well ahead of time. They can infiltrate the dark net and discover which targets are next.
So it stands to reason then that as you design products that sit on the edge of the network they will spot the flaws. They will see how a hacking community will try and break what seems like perfectly sound security when the product launches.
They understand what makes a good target – one where the network is so good that it’s fun and challenging to try and get in, or because it’s owned by a company they want to embarrass, or because there’s huge financial gain to be made from it.
But how do you go about employing one, because let’s face it we are talking about people who tread a fine line?
That’s actually tip number one. You can be an ex-hacker, but you don’t necessarily need to be a convicted one. Though the National Crime Office is employing remorseful hackers who have served time, you don’t have to. There are plenty of people who have been hobbyist hackers, who don’t break the law and will have the skills and the morals to stay the right side of the line.
The second thing to remember is that hackers have an ego. Ex-hackers are in fact obsessive people that can hyperfocus on many issues at once and do not quit until the problem is solved. They usually spend days behind the computer regardless if they are getting paid or not. So they can be some of the most dedicated employees on your pay roll. Your defences are their defences and they do not want another hacker coming into your network and embarrassing them.
Their black book is dynamite. As we’ve explored, ex-hackers are well connected. They have become experts in operational security and maintain a number of backstopped identities. Ex-hackers can usually tell you very quickly who and why someone is attacking you. Sometimes they even have the ability to communicate with the attackers to further understand their reasoning and demands. Sound them out on the judgments they will make and how they will approach scenarios. You’ll learn how reformed they from asking simple questions.
Of course, you could look for a partner that will shoulder the risk. Security specialists know what to look for and will have done he screening for you. But which ever route you chose, one thing is clear. Fighting fire with fire works when you have the right knowledge and power on your side.