Profile of an Ethical Hacker

The Importance of Encryption Software

Lackey suggests wireless network users can help prevent hackers from looking at their actual data by using layers of encryption and beefing up the security on their individual machines -- something many of them take for granted. Lackey and his IBM colleagues have stories of executives who are unaware their computers can seek wireless networks or of employees who do not even bother to change the default computer password assigned by the manufacturer.

In fact, computer security extends beyond the machine itself. Some ethical hackers, if authorized, will also try distinctly low-tech methods of obtaining the same information -- like "social engineering," the effort to see if they can obtain valuable data through contact with unwitting employees, and old-fashioned pilfering.

"One time, we were auditing this place in Canada, and we literally took these monitors off this desk and walked out the building with them, just to see if anybody would try to stop us," recalls Lackey. "And they didn't."

Still, Lackey suggests users of wireless networks should be reassured that wireless hacking can only take place within limited physical boundaries. "In one sense, [wireless] might be more secure, since the only people you're worried about are your neighbors, or people around you at the airport."

That matters, because the phenomenon of hacking has changed over the years, from a local hobby to an international business. Nowadays, teenage computer whizzes are less the issue than illegal syndicates.

"What we're finding is that it's less of the interested kid who's just sort of poking around anymore, and it's really more organized crime figures, who just want steady income, and they actually go out and hire unethical hackers to do things for them," Lackey says.

No Security Is Perfect

The recent use of "phishing," for instance, in which thieves seek bank-account verification data by sending e-mails to unsuspecting victims, is a wired phenomenon. Similarly, the installation of spyware on computers is done remotely, over wired networks. Security consultants recommend consistent upgrades of anti-virus and anti-spyware programs, as well as education about scams, to reduce vulnerability to hacking -- although the threat cannot really be eliminated for good.

Indeed, computer security experts do not promise to make any network, wired or wireless, absolutely impenetrable. "There is no 100 percent," asserts Lackey.

Instead, the best approach for most computer users is to put up barriers that deter hackers and reduce their financial incentives. In the meantime, illicit hackers, ethical hackers and security researchers will keep battling to gain the upper hand in security.

"In one sense it really is just an arms race," says Lackey. "A vulnerability is discovered, we fix it. Then something different comes out. That's just how it all works. Things break, we fix them. Everything gets a little bit better as time goes on."

  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...