The modern hacker takes on a new role

Illustration file picture.

Illustration file picture.  (REUTERS/Kacper Pempel/Files )

Perceptions of hackers have changed over the course of the last decade. While businesses once viewed hackers as dangerous threats that needed to be kept at arm’s length, today, they are highly sought after by everything from private companies to intelligence agencies.

An increasingly large number of modern business operations rely on an understanding of the risks associated with software that can easily be made vulnerable to hacking.

Beyond business, the average person needs to have a clear understanding of the hacker’s role. Cloud computing, social media, mobile technology, and the Internet of Things have each changed our daily reality -- the individual is now part of a wider global network in which he or she is always online, and ultimately, exposed to more cyber threats.

To make computing systems more resilient in the face of cyberattacks, both individuals and businesses need a deeper knowledge of hackers’ tactics, techniques, and procedures (the TTPs).

Discover vulnerabilities

One must think like a hacker in order to promptly identify computer security flaws. In order to do this, private firms and governments increasingly look to the hacking underground to not only learn hackers’ methodologies, but also to recruit young talent to help protect against potential threats.

Companies like Google and Lockheed Martin, have launched recruiting campaigns to hire the best experts on the market to could help prevent damage from cyberattacks.

In July 2014, Google announced “Project Zero,” which aims to boost Internet security. In a blog post, the tech giant said that it is hiring “the best practically-minded security researchers,” to staff its Project Zero team.

The team was described by Forbes as a “crack-squad of hackers.”

Bringing hackers into a company remains controversial, particularly when they are given access to a company’s sensitive data.

Hackers could work directly for the companies to perform vulnerability assessments and penetration tests, or they could be hired to train internal personnel. Many governments, including the U.S., China, and the U.K. collaborate with external groups of hackers in order to train their “cyber armies.”

Hiring a hacker isn’t always the preferred option for a firm. In some instances, a company might prefer to rent hacking services that are offered by specialized outfits.

In the past, hackers were viewed as individuals driven mainly by their passion -- hacking was a lifestyle, not a job. Today, those who hack are specialists in their field spurred on by financial motivation, with the exception of “hacktivists” who act to express their political and social dissent.

Many hackers -- especially in those regions where the standard of living is low -- are attracted by the profits offered by criminal organizations on the lookout for cyber specialists.

Organized crime is rapidly evolving as cybercrime assumes an increasingly important role in the criminal ecosystem.

Criminal organizations now adopt high-tech solutions that are needed to carry out their illegal activities, and ultimately monetize their efforts on a much larger scale.

Recently, Rob Wainwright, director of European police agency Europol, confirmed that the number of cybercrimes is growing rapidly. He explained that criminal ecosystem is becoming dangerously attractive for youngsters and cyber experts, telling The Independent that top computer graduates are being lured into cybercrime.

Many of these young hackers are drawn in by the lure of easy money. Criminals consider online illegal activities to be profitable and to come with little risk and anyway profitable.

Surprisingly, beyond organized crime, hackers are also a precious resource for law enforcement and intelligence agencies. Their capabilities are crucial for cyber operations and investigations. Hackers working for law enforcement have infiltrated many criminal underground communities. Eric Corley, publisher of “2600: The Hacker Quarterly,” has estimated that 25 percent of U.S. hackers work for federal authorities, secretly reporting on the activities of their peers.

One of the most famous collaborations between law enforcement and the hacking community involved Adrian Lamo, the hacker who revealed that U.S. Pfc. Bradley Manning provided secret documentation to WikiLeaks.

Former LulzSec leader Sabu (Hector Xavier Monsegur) also cooperated with the authorities, which led to the arrest of Chicago hacker Jeremy Hammond.

Skilled hackers and private sectors

The growing number of cyberattacks and the increasing demand for cyber specialists is affecting both the private and public sectors.

Following the laws of supply and demand, salaries for these professionals are growing like never before, causing a massive migration of cyber specialists from the public sector to more lucrative private industries.

While governments are devoting considerable resources to the recruitment of hackers, most cyber hacking efforts are concentrated in the private sectors. Companies are therefore are also increasing their spending on security services and the recruitment of talented hacking experts.

Despite these recruitment efforts, private industry is faced with a hacking skills shortage. It is more difficult to hire talented hackers, despite universities, government entities, and private companies promoting new initiatives to attract young people to cyber security.

A recent survey conducted by KPMG found that more than half of U.K. companies are considering hiring ex-hackers to improve their cyber security posture.

Some 53 percent of respondents confirmed they would consider hiring a hacker to bring inside information to their security teams. Just over half of the respondents (52 percent) said that they would consider hiring an expert even if they had a previous criminal record. Almost three quarters of respondents (70 percent) admitted that their organization “lacks data protection and privacy expertise,” and were doubtful about their organization’s ability to assess incoming threats.

Private industry and government organizations are conscious of the lack of the skills needed to mitigate cyber threats, which are different to those needed for conventional I.T. security support.

Over time, the hacker has assumed a strategic role as every sector is exposed to the risk of cyberattacks. Each industry recognizes that the best way to ensure more security is to bring hackers into the fold.

Pierluigi Paganini is the author of the book “The Deep Dark Web” and founder of the Security Affairs blog.