Hackers and heroes

While the ‘hackers’ who make the news are usually associated with cybercrimes, a legion of good hackers is at work helping keep your online data safe.

Hacking is essentially breaking into things and then committing digital burglary or extortion. It’s criminal and the term tends to tar all hackers with the same brush.

Ethical hacking, on the other hand, stops at breaking in.

If it were your house, liken it to someone knowing when you come and go, testing all your locks, windows, doors, remote controls, opening your mail, etc and then politely letting you know that you need to add a new door lock because yours is faulty. Take that online to your email, social profiles, business systems and so forth, and you’ve entered the realm of ethical hackers.

In professional terms they are called ‘cybersecurity experts’ and ‘penetration testers’, but there are a growing number of people who simply do this for fun.

Ethical hackers say they do it for many reasons – from enjoying the challenge to improving their game scores, finding entertainment in laughable security mistakes through to improving their software development skills.

So, what stops an ethical hacker turning into something more sinister? Aleks Budzynowski, educator at Coder Academy says while we’re constantly hearing reports of data being stolen, ransomed, sold, or leaked, it’s less frequent to learn of more severe intrusions where attackers take control of systems for sabotage, cyberwarfare, or terrorism.

It’s easy to see why playing the superhero (rather than the villain) and helping to combat these issues rather than exploit them is a potentially lucrative career path.

The hackers

Meet David Adams, a well-spoken 19-year-old freelance developer, who is a talented saxophone musician in his spare time.

Sitting at home in Perth, listening to Chopin at full volume, Adams opens his laptop and writes code, breaking into things he’s technically not supposed to. He then considers it his job to let people know.

His hacking began in gaming and evolved from there. He says the best part was that people thought it was cool.

When Adams got his first laptop at school, there was a program called LanSchool, which allowed the teachers to look at the students’ screens from their laptop. Despite being a good student, Adams ironically didn’t like the idea that someone could spy on him, so he wrote his own program that meant they no longer could. He’s been hacking ever since.

Security tips – the good guys

The truth is, you can never be 100 per cent secure, but you can make it extremely difficult for hackers to get in. There are fairly simple measures you can put in place to better protect yourself and your business.

Human errors

• Adams suggests you look at Wikipedia’s list of common passwords and if yours is on there, change it immediately. It is claimed that if you’ve got a common password, it can take less than a second for a computer to run through all the well-known possibilities and get in. A smart method is to use a passphrase, which is any sentence you’ll remember, including numbers and special characters.

• Use different passwords. This is tough when you use multiple platforms, but it really does boost your online security.

• Check if you’ve been compromised by entering your email at https://haveibeenpwned.com/. It will tell you when and where your data was breached.

• Take a moment and check privacy settings on everything. Start with Linkedin and Facebook.

• Be cautious using public WiFi as it’s often unencrypted, which means it’s easy for hackers to see every bit of data going to and from your computer.

• Don’t store financial passwords in your browser. If you really can’t remember it, find another way – write it on a piece of paper and take a photo of it, keep it in plain text offline or use a password manager.

• Use two-factor authentication and biometrics where possible. Your accounts are a lot harder to hack when you need to use an SMS confirmation code and face ID.

• Educate and train your staff to identify common scams. You might have the best IT systems in the world, but human errors present the easiest ways to get in.

On top of human mistakes, there are technical weaknesses you can shield your business from.

• Upgrade old hardware such as routers.

• Keep software up to date, as developers will release security patches to known problems. If you don’t update it, it’s not fixed.

• Keep your operating systems up to date.

• Check for out-of-date plugins.

• Stay abreast of software issues, such as the recent issue with Zoom. Hackers can hijack your webcam without your permission, exposing an estimated 750,000 companies around the world that use it.

Hacking in Perth

If you’re keen to understand more about hacking, you can join cybersecurity competition WACTF, check out the ethical hacking community at UWA or head to the SecTalks meetup, which has 600 members.

If you talk to a hacker such as David Adams, you’ll learn that it takes a great amount of understanding, time, patience and creativity, as it’s all about finding a way of looking at a system that the people who built it didn’t.

While you can t comfort knowing that there are crusaders fighting the bad guys, if there’s one thing you take away from this – change that password.