Ethical hacking field grows as companies fear hackers
EDMONTON – John Zabiuk disassembled his parents’ TV at age six, taught himself computer programming as a teen and, as a post-secondary student, hacked into his school’s system on a lark.
He didn’t change his school marks. He didn’t change anyone else’s. But he could have.
Eventually, he knew the jig was up.
“One day I had one of the IT people come in and say, ‘Come with us. We need to talk,'” Zabiuk recounted in an interview.
They sat him down in a room.
The head IT guy came in with a stack of programming manuals and slammed them down on the table.
“He said, ‘We don’t know how you’re doing it, but if you’re going to do it, at least read the manuals so you can show us how you’re doing it.”
Zabiuk’s career as an ethical computer hacker was born.
Zabiuk now works at that same school, the Northern Alberta Institute of Technology, where he teaches students to protect computer systems by approaching the problem from a hacker’s viewpoint.
The field is growing as private companies and governments go on the prowl for better ways to protect their bytes, he said.
It’s simple math, he suggested.
“The more and more information we have online, the more data we have that can be accessed without people knowing.”
His classroom has a skull-and-crossbones flag hanging from the ceiling to cheekily symbolize pretend piracy.
His students noodle away through a labyrinth of codes and subroutines, digging deeper and deeper to find ways in, and then creating roadblocks to stop anyone else from following.
It’s both challenging and disturbing, said Zabiuk.
The technology changes daily and the entire body of knowledge can turn over in six months.
By the time he’s patched one problem, another has appeared.
“Typically we’re about five steps behind all the time,” he said. “You don’t know necessarily what the next attack will be until it happens.”
The bugs can be as diabolical as they are debilitating, as hackers have made the field as much about psychology as cracking codes.
The easiest way to hack into a system, said Zabiuk, is to get someone to click on a virus and download it, dispatching a sub-secret command to log a computer’s keystrokes and send them back to the hacker.
Another disturbing trend, he said, is data kidnapping.
“It’s a program that once (you download it) it gets on your system, it will encrypt all your data files,” he said.
“And it will put a little message on your screen saying that all your data has been encrypted. If you want to recover it you need to send us two bitcoins — or whatever the ransom is of the day — and then they’ll send you the key to decrypt all your data.
“A lot of organizations are being hit with this. There are a number of police departments in the United States that have had no choice but to pay the ransom.”
When he isn’t teaching, Zabiuk also works to keep computers safe for the Edmonton Public Library and for Edmonton’s courts.
Walking around his classroom, he can tell which students could eventually follow in his footsteps.
They’re the ones who stay late, work through after the bell rings and try different things.
That didn’t work. Type, type, type.
Maybe this will work. Type, type, type.
“They’re the ones who are going to have a future in the field.”
Here are his tips for preventing hacking:
- Use strong passwords. A strong password contains upper and lower case letters, numbers, special characters, and is at least seven characters long.
- A good way to come up with a long password that is strong but easy to remember is to use a complete sentence. Using “This is 1st my Password” is much stronger than “P@55w0rd” and is easier to remember.
- Use a different password for every different service that you use. If you have difficulty remembering them all, use a password manager to keep track.
- Most malware is spread by email attachments or links. These links typically take you to a destination that is very different from what it says it is. For instance, the text in your email may say http://www.paypal.com but attackers can change the hyperlink behind the text to take you to their website instead.
- Malicious email often appears to come from someone you know. This happens when the computer of a person you know is compromised or hacked. The attacker uses that person’s email address and contact list to spread the malicious email.
- Never use money wire transfers when buying something online. This form of payment is often used by scammers as there is no need for identification to receive the payment. Always use a legitimate payment proxy service such as PayPal.
- Be careful when using public WiFi. It is almost trivial for attackers to eavesdrop on your browsing sessions and you will never know. There are computer programs designed to listen to all the traffic on a network looking for username and password combinations and the site they are used for.
- Keep your computer up to date with the latest patches and updates. New updates and patches are typically developed in response to flaws found in operating systems or other programs.
© 2014 The Canadian Press