« UPDATE: Find Professor Layton at CocoWalk today and win a Nintendo DS | Main | T-Mobile Sidekick users lose all data, contacts »

Ethical hackers gather in Miami to fight cyber terrorism

In case you missed it this weekend, below is my story about the Hacker Halted conference that came to Miami. WLRN-Miami Herald reporter Kenny Malone and I also learned a few things about ethical hacking for today's radio report: [Listen to mp3 here.] 

The world of hackers is kind of like the Star Wars universe: There's a light side and a dark side of cracking computers.

Hundreds of hackers on the side of good -- or ethical hackers -- gathered at the 14th Hacker Halted global conference this week, held for the first time in Miami, to talk about strategies to thwart cyber terrorists.

Ethical hackers understand how to hack a system in order to better protect against attacks, or to know where the vulnerabilities are in a program.

"A good defense is a good offense,'' said Sean Arries, a security engineer at Terremark Worldwide. "If you understand your opponent and you understand how the attacker is going to attack you, then it makes it a lot easier for you to defend yourself.''

Arries gave a cautionary presentation detailing how hackers can take advantage of a vulnerability in Windows Vista and Windows Server 2008 -- a gateway for hackers that Microsoft hasn't yet patched.

Arries did a scan of 43,000 domains and found 110 of those sites were vulnerable to that exploit.

``Now 110 is quite a lot, because that becomes a staging process for an attacker to launch against other sites and internal networks,'' he added.

Bloggers have been writing about this flaw for two weeks, so it wasn't exactly news to the audience. But while going through slides filled with programming code, he warned attendees that hackers will likely launch a worm to take advantage of this flaw any day now.

``We are in a scramble state to secure our clients and customers and secure ourselves internally before this worm shows up -- and it will be coming,'' Arries said in an interview afterward.

Not everyone who comes to events like this is a good guy, so to speak. Talk to anyone at that conference and they believe at least some ``black hat'' hackers were among them in anonymity -- or more likely, programmers who work in a morally gray area.

``The same techniques that you learn to protect a system are the same things people look at to break into systems,'' said Howard A. Schmidt, president of the Information Security Forum. ``You have the good guys trying to out-thwart the bad guys, and the bad guys going to learn from the good guys. ''

In the world of hacker conferences, Hacker Halted, which ended Friday, is pretty tame compared to the DefCon and Black Hat conferences in Las Vegas.

"That's where you get more of the black hat subculture to learn what's going on and extract information that maybe you should or shouldn't be privy to,'' said Solutient technical trainer Ernie Campbell, who flew in from Cleveland to attend.

Malicious hackers are usually grouped into subsets.

There are the "script kiddies,'' a derogatory term given to hackers who use programs to cause trouble because they don't have the skills to write their own code. There's also the typical movie stereotype of pale guys pounding down energy drinks in a basement full of computer screens as they wreak havoc.

"That certainly exists, but it is a small, small subculture,'' said Erik Laykin, managing director of Duff & Phelps in Los Angeles and honorary chairman of the Electronic Commerce Council, which organized the conference.

The hackers that Laykin and other investigators focus on are the criminal hackers -- many working out of the country -- who keep coming up with ways to steal financial information.

And while these criminals work 24/7, it's a constant job of playing catch up for the ethical hacker who is trying to stay on top of the latest exploits. And as people become more attached to mobile devices, cellphones will be the target down the road.

But it could be worse than that.

"Defibrillators that are implanted in people's chests today have electronic remote sensors so they can be reprogrammed using wireless technology. That's an early technology that's potentially susceptible to hacking,'' Laykin said.

"Now if I can hack a computer, why can't I hack somebody's defibrillator or pacemaker? Scary stuff.''

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451b26169e20120a6008cfa970c

Listed below are links to weblogs that reference Ethical hackers gather in Miami to fight cyber terrorism:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

 moving

great know not only do we need to worry about laptops were by also going to have to buy antivirus/anti spyware for pace makers?????????

Cody S.

Why would someone want to hack a defibillator? I don't see the profit in that. You got to think of hacking like defrauding someone, where is the motive? I would think 99% of hackers out there want to profit in some way from their activities. Hacking for the pure joy does not pay the bills so to speak. Of course you have you one-off or lone hacker out there trying to make a statement, but this will always exist. We can fight to significant cause of the problem by identifying the root causes and matching our efforts to resolve those issues. Simple reasoning.

buy generic viagra

Civilization is based on a clearly defined and widely accepted yet often unarticulated hierarchy. Violence done by those higher on the hierarchy to those lower is nearly always invisible, that is, unnoticed. When it is noticed, it is fully rationalized. Violence done by those lower on the hierarchy to those higher is unthinkable, and when it does occur is regarded with shock, horror, and the fetishization of the victims.

The comments to this entry are closed.

-
 
Terms of Service | Privacy Policy | Copyright | About The Miami Herald | Advertise