Almost every day in the United States, savvy, determined hackers attempt to break into computer networks and pilfer valuable information. But here's the good news: Some of them are professionals, being paid to test the safety of the same computer systems you may be using regularly.
They are "ethical hackers," computer security experts hired by companies hoping to avoid costly holes in their information networks. While the term "ethical hacker" has been in use at least since the 1980s, it has only been a job description since the mid-to-late 1990s -- and it seems to be an increasingly common one at the moment, as computer security becomes a booming business. Research firm IDC, of Framingham, Mass., estimates worldwide computer security revenues will expand from $19 billion in 2002 to $45 billion in 2007.
That means more opportunities for ethical hackers, especially at major industry players. Take Joshua Lackey, a senior ethical hacker at IBM, who is based in Tucson, Ariz., and can sum up his job in one crisp sentence: "We'll go out and break into your computers."
Like many people in the field, Lackey had a personal interest in the subject before it became his profession.
"I've always been interested in security, always had that bent of mind," says Lackey, who joined IBM in 1999, as he was finishing his Ph.D. in mathematics at the University of Oregon.
Not that there is one dominant career path for ethical hackers, though; one of Lackey's IBM colleagues is a former CIA agent.
"I think the one thing we have in common is that there is a little different approach when you're a security guy," says Lackey. "Somehow breaking things is a little more ingrained than getting things to work."
In the world of technology, breaking things, or at least attempting to do so, is also an integral part of getting them to work. Many contracts IBM inks with large clients require a security audit, involving an authorized visit to the firm by a team of hackers using agreed-upon "rules of engagement." For what Lackey calls a "premium hack," an IBM team might take two weeks to do the job.
In the last few years, the surge in use of wireless computer networks has been a particular focus for Lackey and some of his IBM colleagues. Traditional wired local area networks, of the kind probably used in your office, are essentially limited to the computers hooked up to the network. Local wireless networks revolve around access points computers can detect on their own. But since wireless network capabilities are now frequently built into computers, even machines sitting in offices may seek out access points. Lackey and his colleagues will often take access points -- which can be bought in stores -- and set up shop in the parking lot outside a client's headquarters to see how quickly they can penetrate a company's information system.
Employees who telecommute or use a laptop computer at a public wireless access point -- in an airport, coffee shop or another location -- can also put valuable company information at risk. Given the existence of an access point, skilled hackers can monitor the flow of packets of information being sent over wireless networks, and, if a computer is not using encryption technology, potentially view the actual data being sent as well.
"When you're on a wireless network," says Lackey, "you should just sort of assume that everyone around you, given the will and the technical ability, could look at your packets."