Good Hackers Are Losing the Internet War to Bad Hackers, Experts Say

Hacking
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. Pawel Kopczynski/Reuters

Amid the CES festivities, with new smart gadgets hailing the arrival of the “Internet of Things,” cybersecurity experts spoke gloom and doom in an upper-floor room at the Venetian hotel in Las Vegas.

In a panel titled “Hacking for the Better Good” on Wednesday, cybersecurity experts and a representative from the Department of Justice spoke about the dangers of black market hackers seeking to collect personal and company data.

Michael Stawasz, deputy chief for the computer crime division at the Department of Justice, predicted that ransom demands will become the next big cybercrime if and when home appliances become smart. For example, if one has a smart fridge (like the ones Samsung and LG displayed at CES), a hacker may try to break into the fridge’s operating system, mess with the temperatures and allow the food to spoil unless a small ransom is paid.

“When the fridge starts to defrost, you will start calculating the price of the meat inside and would want to pay to stop,” Stawasz says. “It's very difficult for [the government] to stop that pain because the cost is so small.”

Another concern is that many of these smart home gadgets may not have the most robust security, as they are created by cash-strapped startups. While large-scale companies like Apple may better protect consumer data, information shared between one smart home gadget and another can be vulnerable.

But large corporations, too, have poor records of defense, and a new industry has begun to rise to deal with it.

With mass-scale hacks at Sony, Ashley Madison and VTech compromising swaths of data in recent years, the “white hat hackers” industry—hired hackers who hack company servers to find and plug up any holes before the bad hackers—has been seeing fast growth.

Panelists who work for these white hat hacker companies painted a mixed picture of the war between the self-labeled good versus evil hackers on the Internet.

On one hand, they said they believed they have a defensive advantage because the white hat hackers “answer to a higher calling” of protecting companies’ data within the law, according to White Ops CEO Michael Tiffany. But Tiffany also said he believed the good guys were losing the war at the moment, thanks to ill-intentioned hackers teaming up in the dark web forums.

Tiffany explains that this “allows people to become reputable vendors of crime while not giving up their identities. To succeed as a hacker before, you needed crime skills and usually they could not create really great codes. Now they can trade and we get specialization. Now there is a professional class of cybercriminals, and that has led to this hyper-explosion.”

But both Stawasz and Tiffany assured the crowd that the white hat hackers have been working effectively—and have seen success uncovering and prosecuting cybercriminals. Law enforcement agencies like the FBI have successfully targeted forums like the drug-trafficking dark web bazaar Silk Road because that’s where the black hat hackers meet and plan.

But it’s an uphill climb for white hat hackers, the panel says. The financial numbers say enough, according to information security specialist Lance James. “It takes $25 to take down the Internet and millions to protect it,” James says.