Q&A: Understanding the hacker psyche

An element of responsibility has to be taken because with the internet publicising something can have huge effects. There needs to be a social responsibility.

You were speaking earlier today about the low levels of encryption on social networks and Web 2.0 generally. Will such sites ever address this?

I think they have to. There's going to be pressure. I think there will be demand and I think until it happens we're going to see continual news releases and announcements around things that have happened.

The fact that the likes of Google now are providing SMS two-factor authentication on Google Apps - it is fantastic. It just shows the view the market is suddenly realising that they have to be concerned about this.

Finally people have listened to me. For the past 10 years I've been saying passwords are the weakest link, they're the biggest threat, they're the invisible threat.

You also discussed serious problems with passwords. Are they really that simple to get hold of?

They are. There are different methods and forms of attack, and different motives from checking if your boyfriend or girlfriend is having another relationship, to an employee wanting to get into the HR system to find out what his colleagues pay rise was.

There are different motives from different demographics to different individuals. Online gaming, for example, that is a business in it's own right. If I can take over your gaming account, it's your virtual life and people are trading with real money now.

Is it a problem? Yes it is a massive problem. But the thing I keep fundamentally coming back to is that the last form of defence is a password. If you have a valid username and password, it says 'yes, please come on in.'

It doesn't check that James is James, for example. It just checks that the information is correct. And that is fundamentally the problem: how do you prove James is James? The only way you can prove that is by giving him a token and a pin number that is unique to him to validate that James is James. That's two-factor authentication.

The coverage around security in 2010 has been comparatively extensive when compared with previous years. Is there now a greater realisation of the importance of security generally?

I think it touches everyone now. The internet is embraced in every way.

The fact that the Government have accepted cyber crime finally as an issue, I think yes the awareness this year has been fantastic.

The point for me is the validation. What is going to happen in 2011? How are people going to embrace it? Are service providers going to continue taking the CRYPTOcard cloud-based authentication service and not charge for it, but provide it as part of the service?

Globally we are talking with ISPs and telcos around the world who have accepted that they have to do something about it and potentially see it as a revenue opportunity, but accept that it has to become de facto.

Internet service providers are starting to see that they have to take responsibility.