If there is an opposite to cyber security, what would it be? If this question game up on some early evening TV quiz show the most likely answer would be hacking!
Hacking has been around as long as computers and software have been in our lives, in fact hardware hacks were around long before then as engineers looked to subvert all manner of systems to gain greater benefit. With the world getting connected at greater and greater speeds in the last 20 years, hacking has moved to far greater prominence then the original technical subculture where it developed.
However, there are ‘good’ hackers out there, those who call themselves penetration testers, ‘white hat’ or ethical hackers. Those with all the skills and experience in IT vulnerability exploitation, but have decided to use their powers for good. If requested, and paid, they will come into an organisation and test and IT system to find where its weakest link, or links are and illustrate how they could be compromised. This type of service is on the increase as more and more companies are compelled to secure their IT infrastructure.
One would have thought that the Pentagon, over in the US, would be relatively immune from hacking and would be as secure as possible. They were in for a surprise when they started to pay ethical hackers to test its key internal systems for vulnerabilities. According to a news story from Bloomberg this team of 80 hackers found exploitable weaknesses straight away.
The hackers were asked to look at the file transfer tool used by the Pentagon to transfer some of the most important and sensitive information. Bloomberg states that the Pentagon urged hackers to try bypassing the file-transfer protections; pull data out of a network that they weren’t supposed to have accessed; and “own the box,” or take control of the system. They succeeded.
Understandably they, the Pentagon, are remaining tight lipped on exactly where the vulnerabilities are but say department cyber experts are now fixing the problems.
When a hacker is not of the ethical persuasion, they may not just focus their efforts on extracting data from corporates and individuals. Sometimes they turn on their own. The website Dark Reading this week discussed how there is an increasing civil war amongst ‘black hat’ hackers. It appears that hackers will hack hackers if they believe they can access and tap into already stolen data sources.
Alternatively, they may make their attacks more personal, to take out competitors, to settle a score, or make a stance for their cause.
It would make for an interesting modern take on the moral discussion of if stealing from a thief is ethical.
One doomsday scenario that Wired magazine reported on this week was if hackers seize control of a connected car and turn it into a weapon. They predict that in 2017 somebody will be assassinated while driving. This will be achieved as hackers seize control of the car’s critical control systems and steer it into a river, a wall or oncoming traffic.
This frightening concept has been proven possible in the past, and Wired intimate that it may have been done already and we don’t know about it – and it was likely to be the work of one of the world’s elite intelligence services. But they predict that this is the year that the technology and software code needed to do such an act will fall into the hands of black hat hackers and cyber mercenaries.
How can this be prevented? I’d suggest that all the vehicle companies who are urgently developing connected vehicles hire that team who hacked the Pentagon. It might be the best, if potentially embarrassing, decision they ever make.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.