White Hats Search for Security Risks
10:07 am
Fri January 24, 2014

Riding the Cyber Range

Karsten Nohl, Security Research Labs
Karsten Nohl, Security Research Labs

After about 20 hacking cases last year, including those credit card breaches at Target and other retailers, the FBI has issued new warnings to retailers and consumers to expect more cyber attacks. 

In the new cyber security world, those who work to fight cyber crime are called 'white hats.'

In the Wild West, there were good guys and bad guys.  Hollywood often dressed the evil ones in black and the heroes – like the Lone Ranger – in white.  Today, the same can be said of cyber-space.  There are hackers out there breaking into private accounts for profit, and white hats like Karsten Nohl, searching the software for security risks.

“For the fun of doing so and sometimes with ideological intent of trying to rid the world of bad security.”
Nohl is a UVA graduate who set up a company called Security Research Labs.  They ride the cyber range looking for problems, warning companies and consumers of software flaws.  This year, for example, they discovered that about half of all cell phones contain a SIM card or chip that’s vulnerable to hackers.
“You could remotely infect those with a virus, and can track your location, perhaps read your text messages, listen in on your phone calls, things like that.”

And you – the consumer – would never know.  Nohl says many black hats live in Russia, where the government has made a conscious decision not to strictly enforce laws against cyber crime.
“ Russia is rumored to not enforce cyber  crime penalties all that much in an attempt to keep those people around as kind of cyber war mercenaries for the ultimate event that maybe some nations fight in a cyber war, while other nations like the U.S. – they have an official cyber army centered around the Pentagon.  They  claim to have some 20,000 people who could act as cyber soldiers right away.”

And China is believed to have the biggest cyber army in the world “They claim to have 200,000.”

They could, conceivably, take down power grids, paralyze water treatment plants that rely on electricity and attack other systems on which our society depends.

But such dire predictions aside, Nohl knows most Americans care little about the risk of cyber spying.
“During my PhD research here at UVA, some researchers questioned Americans on the value of their private information, and they found out that Americans are willing to give up most of their private information – not necessarily sexual preference and a few items, but most everything that’s marketable for fifty cents.”

So it’s no surprise that technology is designed not to protect our privacy but to profit from it.
“A company like Google makes 34 billion a year based on private information, and a company like Facebook is valued at 100 million.”

And he warns that Americans don’t yet realize how we can be manipulated by organizations that know a good deal about us: “What are you searching for, which links you click, which links you don’t click and what you’re posting on different websites and what are you writing in private e-mails.  Combining all that information seems to give a pretty good image of your train of thought, your fears and desires, perhaps even your dreams. People share with their computers much more than even with their best friends.”.

Still, few would be willing to pay the real cost of using an amazing service like Google, so for now, Nohl sticks to advising companies for a living and offers this free advice to consumers.  “ Choose a password that’s not easily guessed, and then change it once in a while – maybe every two months or so, so that if somebody did steal it from any one of your devices, then at least they’re locked out eventually from copying your personal information.”