Computer hacking can be a genuine career choice, says one IT expert who spends his days showing companies how easy it is to break into their "secure" networks.
Francois Marais is an information security specialist and a certified "ethical hacker". He has 10 years' experience in the IT industry, of which seven have been in data security.
He doesn't hack into networks without the owner's permission, but when asked to do so, he can be an IT manager's biggest headache.
Marais says he will frequently break the news to company owners that their internet firewalls - the digital barriers between the company's private information and the outside world - are like Swiss cheese.
He admits it can be embarrassing for IT managers when they hear their security system isn't up to the job, so he has to tread lightly.
"Very often an IT manager will know their company's electronic security measures aren't what they should be," says Marais. "It is nearly always down to budgets and the IT manager's employer not taking their staff's advice seriously.
"However, I have seen people get hammered by their boss, but our goal is to break any unwelcome news as gently as possible.
"I get tremendous satisfaction when I find holes in a network and present that information back to the client. Then I show them ways to close the gaps and seal their networks from unauthorised people. There is a lot of pleasure in doing that as well as meeting all the people involved."
And it is a constant battle keeping one step ahead of hackers, says Marais, who works for IT firm RSA.
"We all know that security software is released today and hacked tomorrow - that is the world we live in. There may be 10 developers writing a software package to protect a system - but there are thousands of people around the world competing with each other to be the first to hack it.
"For these people it is a fun challenge - a thrill. For some it is a lifestyle and for others it is their livelihood. They make their money from reverse-engineering code, cracking and stealing content such as computer programs and company secrets."
Marais says if you have a computer network linked to the internet, chances are someone has had a go at trying to break in. They could be professionals searching for people's private information - such as credit card details - or try-hards just seeing how far they can go.
Marais is known as a "white" or ethical hacker. "There are three types of hacker," he explains. "Black, grey and white."
Black hackers are the ones firms should be scared of - they make it their business to break into company networks for malicious reasons. The grey hacker is someone who does it for fun and the challenge - they might go into a system, have a look around and leave.
Then there's the shining knight of hackers - the white hacker - a person trained and certified to find weaknesses in computer networks.
Marais says the days of hacking into a company website and then pitching for business with evidence of the hack are long gone.
"That is an illegal activity," he says. "That is not the way to do ethical hacking."
Marais says without robust security measures - that are regularly audited and tested - companies risk losing data that could include anything from people's names and credit card details to commercially sensitive information.
He says some firms will lose vast amounts of money because of hackers - perhaps millions of dollars a year. But by far the biggest concern among larger firms, he says, is the loss of their reputation.
"If a company is exposed to their website being defaced and exposed to an attack on their brand then that will have a far greater effect than just a financial impact," says Marais.
He points to the recent case of a bank employee who mistakenly gave a Westpac account holder an overdraft worth millions of dollars. The account holder withdrew the cash and left the country.
"That was a case of genuine human error coupled with bad bank systems," says Marais. "That was not even a hack - but the corporation's reputation took a hit."
He says one of the top issues facing companies right now is identity fraud.
"That is an hourly activity in New Zealand. It is happening in financial institutions and anywhere where online transactions take place."
Apart from hackers trying to get people's personal information, Marais says some computer-savvy activists deface websites for political reasons - changing the words on a site to embarrass company owners.
Marais also says staff that face losing their jobs have been known to copy information about their employer to memory cards and USB drives - ready to use it in the next job. While it may not be hacking, it does highlight lax security, he says.
"People are copying information from computers and using it to position themselves in another job."
Marais has been playing with computers for as long as he can remember; he enjoys the challenge of finding out how things work and likes to see if he can beat security systems.
He says being a hacker requires a range of skills and training that include understanding how networks and security systems operate, along with the flare of an entrepreneur.
He says there are two routes into the ethical hacking industry.
You can study for a list of qualifications and become certified after five years. Or spend hours risking being arrested by hacking websites and networks to gain real-world experience - and perhaps being taken on by an ethical firm.
"We have employed black hackers to help on special projects, paying them to break into systems we have devised," says Marais. "And we are very proud to say that our website has never been hacked."
www.rsa.com
Steve Hart is a freelance journalist. Contact him at www.SteveHart.co.nz
White knight of the IT world saves money - and face
If your company has a computer network linked to the internet, chances are someone has had a go at breaking in. Photo / Chris Skelton
AdvertisementAdvertise with NZME.
