‘Ethical’ hacker tries to stay a step ahead of the bad guys

/in


The internet is a tough neighborhood and Nikolas Behar is a hacker. He’s among the many who show up every year at DEFCON in Las Vegas, the hacker convention. But Niko, as everyone calls him, insists he’s on the right side of the firewall.

He considers himself an ethical hacker, and he works for groups that need protection from criminal hackers trying to break into their vaults of valued passwords and data.

“A lot of people, when they think about hackers, they think about people in hoodies,” Behar said. “But there’s a movement in the industry that’s trying to change that narrative and show that hackers aren’t necessarily bad.”

As an ethical hacker, Behar has to think like a criminal. When he works for a client, he tries to break into their system to spot vulnerabilities. One example, he was able to hack into the system of a hospital client.

“So what I was able to do was park across the street in my rental car with a special antenna. And I was able to connect to their Wi-Fi and communicate with a heart monitor on their network from across the street,” he said. “All because they didn’t configure their Wi-Fi correctly and it was leaking outside the building.”

Another time when he was working for a hedge fund, he got into their building after hours and jumped over a cubicle wall to find two unlocked computers.

“So we demonstrated that we would have been able to make a $5 million trade without anybody really noticing because there’s a cubicle that’s supposed to be secure and the wall of the cubicle doesn’t go all the way to the ceiling. And the stuff in the cubicle is not locked or encrypted.”

So, who exactly are the unethical hackers? Sometimes, they work for national governments that want to pose a security threat to the U.S. Sometimes, they’re just looking for money, and that’s why they target people like us and your personal information.

“First name. Last name. Social security. Date of birth. And then you take all that data and you can sell in bulk to the highest bidder,” said Christian Dehoyos, a cybersecurity architect who leads San Diego’s chapter of the group the Open Worldwide Application Security…

Source…