Vice President of Information Security
with the Appalachian Institute for Digital Evidence is Bill Gardner. He is also
a computer hacker.
“A hacker is someone who takes
technology and pushes it to its boundaries, unfortunately in common usage the
term 'hacker' has become synonymous with cyber criminal. As a result people, say
the word 'hacker' and everyone loses their minds. The law enforcement guys go for
their guns and get their handcuffs out when they hear the word 'hacker,'” Gardner
said.
Gardner says there are two types of
hackers and just like in cowboy movies they wear different hat colors. White
hat hackers are the good guys and black hat hackers, are the bad guys. He said some
hackers are motivated by politics or social conscience.
“There’s different kinds of bad guys. There are criminal gangs both in Russia and China who are out stealing
intellectual property and money. Today we’re going to do a session on
hacktivists, people who are doing it mainly for political reasons. In the case
of Anonymous and Lulsec, they’re basically anarchists that don’t like government
and they don’t like big business,” Gardner said.
Those groups attack the government or
big business because they think those organizations have too much control. The
black hat hackers are countered by the white hat hackers who are hired by
companies and the government to find software vulnerabilities that the bad
hackers might try to take advantage of.
“In many cases we’re trying to find
flaws in software that can be exploited so that we can report it to the vendor
so they can release patches or some other way secure it before the bad guys get
to it. We’re basically in an arms race against cyber criminals who are out to either
steal money from people or break into corporations and run off with their
intellectual property or their trade secrets,” Gardner said.
David Kennedy is a Chief Security
officer for a Fortune 1000 company and use to work for the National Security
Agency protecting the Government’s websites. Kennedy said hacking is a growing
problem.
“Security is a really young community,
when it comes to protecting our organizations we have a really tough time
protecting against hackers because there are new attacks coming out each day
and there are new things that can penetrate our networks and can penetrate our
organizations so hacking is huge. You can steal so much money from companies
and never get detected for it,” Kennedy said.
Kennedy said some companies are coming
to terms with how to deal with the problem and others are not.
“I would say there are lot of companies
out there that do not have the adequate controls in place including the
government side of the house. It’s very difficult for companies to understand
the return on investment when you invest in security, but when a breach occurs
you lose $300, $400, $500 million. If you had spent $2 or $3 million to
protect your organizations, it’s a completely different story,” Kennedy said.
The Resident Agent in Charge of the
Charleston office of Secret Service, Ronald Layton said the number of computer
crimes is on the rise.
“Hacking and computer crime are most
probably and most certainly are the new frontier of crime in our lifetime. It
is so pervasive that we’re still determining methodologies to just get our head
around the nature and just how large the problem is,” Layton said.
Law enforcement, lawyers and forensics
experts from around the country attended the week-long conference.