Three Stories that Reveal Why Hackers Can Be Critical for Security
In her compelling TED Talk, Keren Elazari, cybersecurity expert and keynote speaker at our upcoming customer conference Proofpoint Protect, reveals the danger of equating the word “hacker” with “bad guy.”
Some hackers, she points out, just like to break things. And without them, our innovations in security—even our very freedom on the internet—would be at great risk. She encourages us to think of hackers as an immune system for our information age: sometimes they make us sick, but they also find hidden vulnerabilities that we may never have been able to see.
Elazari tells many stories throughout her talk that reveal why hackers can be critical to cybersecurity. Here are three we love:
1) Barnaby Jack and his valuable research on ATM hacking.
In 2010, Barnaby Jack found a way to make ATMs dispense their cash without ever withdrawing money. He could inject into the operating system of the machines, causing them to dispense currency fraudulently on the attacker's command. Jack, Elazari reminds her audience, could have used this knowledge for malicious means. Instead, he presented his findings at the Black Hat conference in 2010 and gave demonstrations of different kinds of attacks involving both physical access to the machines and completely automated remote attacks.
2) Kyle Lovett exposes a vulnerability in wireless routers.
Kyle Lovett discovered a gaping hole in the design of certain wireless routers. He learned that anyone could remotely connect to these routers and download documents from hard drives—no password needed. He reported it to the company, but they ignored his report until a group of hackers used it to get into people’s files. But instead of stealing anything, they left a note: “Your router (and your documents) can be accessed by anyone in the world with an internet connection. You need to protect yourself and learn more by reading the following news article…I hope we helped.” These hackers did break the law when accessing those files. But they also made the company fix their bug and protected customers.
3) The NSA recruits at hacker conferences
In 2012, General Keith Alexander, former NSA director and U.S. cyber commander, came to the world’s largest hacking conference, DEF CON, not to punish but to recruit. As Elazari puts it, he didn’t see 12,000 criminals in front of him that day. He saw untapped potential. “In this room right here,” he said, “is the talent our nation needs.”