Learn to build secure applications from the mindset of the hacker and avoid being exploited.
We all have light and dark inside of us; we all have the ability to do good or harm. Our choices and our actions determine our position in life—whether or not we’ll be able to look at ourselves in the mirror, proud of the paths we’ve traveled. And this is just with everyday decisions. The push and pull toward temptation only grows when special abilities and rare knowledge enters the picture.
Imagine how this internal struggle would feel with the whole wide world of technology security at your fingertips. Suddenly, you’re faced with the opportunity to make even more of an impact in other people’s lives. You have this sought-after, special skill only an elite group of people in the world share and can understand. You can use your technology know-how to protect people’s rights and data—or exploit them.
With this ability, the line between right and wrong shrinks and temptation runs wild. It may begin as a simple test to explore real-life security firewalls and see if you can find a way to hack through to internal systems. You tell yourself you just want to know you’re capable of achieving access or outsmarting the safeguards. But once a step is made in that direction, how do you stop? What keeps you from crossing that line not just for self evaluation, but to do wrong? Some people may rely on moral teachings and beliefs, others on religious practices. For those without a moral compass to guide them, what provides the conviction to stay on the straight and narrow toward ethical hacking, not malicious hacking?
As we learned in recent news, even “accidental heroes” walk a thin line between the two. When WannaCry kill-switch founder, MalwareTech, was arrested in Las Vegas earlier this month, the tech community was shocked. But also, not too shocked. As a 22-year-old with the skills to stop a global ransomware attack, it’s no surprise that he may have imagined using his expertise for his benefit or had been courted by the “dark side” to create technology built to inflict harm*. And he’s not alone. History shows us that many people gifted in the ability to access and deploy data have not always used their powers for good. Think back on Wikileaks, the Conficker Worm of 2008 that still isn’t exactly dormant, and even the Home Depot and Target credit card breaches in 2014 and 2013.
More recently, critics have pegged anonymous messaging apps like WhatsApp as carriers of classified information leaks from political personnel to journalists. These apps allow insider contacts to remain anonymous while still spreading news to the streets. In June, a 25-year-old federal contractor in Augusta, Ga. was arrested and charged after leaking a highly classified NSA report.
Everywhere you turn, it seems, someone is leaking information, building a new strain of ransomware, or finding a way to gather and sell consumer information for profit. As consumers we do our best to stay knowledgeable of risks and protect our accounts and data accordingly. All we can do is hope that the technology professionals we hire and trust will continue down the down the right path, and the number of ethical and good hackers will far outweigh those looking to do harm.
Let’s Walk the Line
As a businessman and an entrepreneur, I understand the importance of taking industry risks to grow my business. We all know that without financial capital, our businesses would fail—we’d lose jobs and our livelihoods. I understand the need for it, but also know that profiting from unethical endeavors is not an option. Nor are exploitative measures, such as information sharing or database sales of our members. When people sign up to be part of our community, protecting them is our utmost concern.
For some hackers, the glean of making extra money may be all too tempting. I’m not a technology guru myself, but I try to imagine how someone would feel when naturally gifted with so much knowledge and such a unique skill set that with a few clicks of a mouse and a couple lines of code, they could access people’s account information or another company’s finances. It’s a struggle I will never fully understand, but can only guess it lives at war everyday within these professionals who know how data security and safeguards work in order to build them up or break them down.
In other instances, the struggle may not stem from a desire for financial gain, but from a desire to make a difference—maybe to expose a large corporation for fraud after they did wrong, to make a political statement, to cripple big business, or to gain notoriety.
The good news is in these situations, the passion and the drive to either make a difference or make a buck can be harnessed for good.
It’s true. In times of internal struggle or crisis, technology professionals have resources they can turn to and lean on to discuss issues, ask questions, and explore ways to express themselves through this line of work. Here’s a look at some outlets to explore when hacking seems to be in your blood.
1. Make money with ethical hacking.
Groups like HackerOne, a San Francisco-based company fueled by venture funds calls itself “the first vulnerability coordination and bug bounty platform” to exist to help protect consumer data, improve levels of trust in the digital world, and explore security glitches and weaknesses in order to make suggestions for repair. Hackers belonging to this organization are rewarded for a job well done in the form of “bounty”, which offers incentives and rewards for their efforts. Through this group, individuals can flex that hacking muscle while helping consumers along the way.
HackerOne even has resources for those just getting started in the ethical hacking world, with tricks and tips to help explain why this is an important path and how it can make a difference.
2. Enhance skills and knowledge at conferences and workshops.
Many large information security conferences and companies build programming around the idea of ethical hacking. In an effort to increase the number of individuals learning how to hack to help companies and consumers, they strive to instruct and improve capabilities of hackers in order to hire and promote capable infosec individuals in the workforce.
These conferences and tradeshows are great places to learn, network with companies and individuals who share your skillset, and find work opportunities that stem from your hacking prowess.
3. Turn to online communities for support.
For ethical hackers who find themselves in a jam or questioning how to use their skills, there’s no better place to turn than an online community. Because that’s exactly what it provides—a community of like-minded individuals to whom you can vent to, explore technologies with, and discuss overarching technology themes that impact consumer safety. Members of these communities can explore thought-leadership articles and education opportunities that instruct on the differences in hacking practices.
The hope remains that at the end of the day, the purpose for doing good will win out and the fleeting promise of notoriety and power will not.
*While MalwareTech’s indictment is currently in question by experts in the tech community who’ve uncovered that the code used in the Kronos bank fraud is actually older than the date speculated to have been created by Marcus Hucthins, other experts still question if he did use his abilities for harm.