Browse archive

Latest news

Aurora attackers were looking for Google's surveillance database

CISOs need to engage with the board

Wi-Fi client security weaknesses still prevalent

"NATO vacancies" phishing email also leads to malware

Find TrueCrypt and BitLocker encrypted containers and images

Sourcefire goes beyond the sandbox

The CSO perspective on healthcare security and compliance

Jailed hacker designs device to thwart ATM card skimming

U.S. Congress has questions about Google Glass and privacy

Cyber espionage campaign uses professionally-made malware

Form-grabbing rootkit sold on underground forums

Over 45% of IT pros snitch on their colleagues

Hacking charge stations for electric cars

Why hire a hacker?

by Dominique Karg - Chief Hacking Officer at AlienVault - Wednesday, 2 January 2013.

I’m not advocating the hiring of computer criminals. If you are being held to ransom by someone claiming to have control of your infrastructure, and demanding payment to prevent further damage or exposure, then you need to contact the relevant authorities.

However, if you want to prevent criminals from hijacking your systems then perhaps a hacker is exactly the person you need for the job. At AlienVault, we pride ourselves in working with hackers and having them as part of our team.

If you need a flat head screwdriver to remove a screw, would you use a cross head? Of course you wouldn’t – it wouldn’t work for one reason. Similarly, if you needed to dig a hole would you use a spoon? While you’d get the job done the time wasted could be better invested elsewhere. It’s only natural to use the tool that’s been perfectly designed for the job yet, for some reason, when it comes to securing the corporate infrastructure, many are frightened by the idea of hiring a hacker. I believe they’re missing out.

I believe you should call a spade a spade and a hacker a hacker – ethics is irrelevant. I also define a hacker as ‘someone who thinks a certain way about technology’. For that reason, if you want to make sure your systems are secure then the best way is to test their strength and that would be best done by someone ‘who thinks a certain way about technology’.

That said, not all hackers are the same so here are the skills, I believe, a hacker should display:

Out of the box

My hacker definition sums this up perfectly. Rather than looking at how something should work, a hacker will approach it from a different angle. He won’t try your ‘security doors’ to make sure they’re locked, but instead push on the wall around it to see if the bricks hold up and if the windows have glass -- does the putty hold them in place.

‘No’ isn’t in his vocabulary

Tenacity is another key skill a hacker must possess – someone who doesn’t take ‘no’ for an answer. Take a locked door – there are a number of ways of ‘opening’ it and a hacker will keep trying until he manages it. Of course the easiest way is to locate the key but, if one isn’t on hand, then can the lock be picked? Can it be drilled? What about cutting the lock out altogether? I think the phrase from a legendary film - ‘You’re only supposed to blow the bloody doors off’ perfectly encapsulates a hacker’s enthusiasm to get the job done.

Morals of an alley cat

Now, before everyone starts baying for my blood, I don’t for one minute advocate paying a criminal for his services – unless they’re rehabilitated and you’re into second chances. However, a hacker needs to think and act like a criminal or what’s the point. Criminals don’t play by the rules and being afraid to push the boundaries is why a lot of companies end up experiencing breaches.