Getting inside the minds of ethical hackers

Dan Hatch gets to know some ethical hackers, learning what makes them tick and how they can help businesses by attacking them.

With their head in on the block, any IT manager would be quick to point out that no system can be 100 per cent secure. Whilst Wood accepts this, he argues they can be "adequately secure" and businesses should be proactive, rather than reactive.

"What most firms struggle with is protecting information or data in proportion to its value or sensitivity," he said. The idea is to protect the most important data with stronger controls and use less protection on less sensitive data, to avoid unnecessarily slowing down essential day-to-day business.

If IT security adds barriers, staff will find ways to work around it, and that's where problems set in.

Security is meant to help a business make money, not get in the way. The best way to ensure this is to keep your house in order.

Wood advocates regular independent analysis to help identify the most important issues. But he also recommends writing and strictly implementing a wide-ranging security policy.

"Best practice is always going to go out the window at some point," he said. "While it sounds reactive to have a series of reviews that you take action upon, it secures a business better than most other solutions."

Getting 'em when they're young

Mike McLaughlin is a young hacker on Wood's team. He loves his work.

"The average day would involve going on site, all over the country somewhere, hooking myself up to their network and seeing what secrets I can steal," he explains.

"To go in, plug in your laptop and own everything within 10 minutes isn't unheard of at all. Nine times out of 10 we get into their system at some kind of level. When you go somewhere and they say you won't be able to do it' and then you do it, that's where you get the thrill."

McLaughlin's background isn't IT. He studied chemistry for a bit. Dropped out. He worked in bars in Spain. His interest in hacking was piqued when Wood offered him an apprenticeship. He studied for a year before joining the team.

"When I tell people what I do they all think it's like top secret CIA agents, all undercover there's a certain aura around it," he said.

"People seem to associate what we do with what they read in news stories but a lot of what we do is not really that difficult the papers just make it out to be like some sort of mystical Ninja force. It is a bit cool I guess."

McLaughlin and Wood use the same methods as genuine hackers. They launch attacks across the internet, break into a network masquerading as an employee with system access, gain access through third parties like data centres and can recreate insider attacks.

When I tell people what I do they all think it's like top secret CIA agents, all undercover there's a certain aura around it.

"There's a set route but we deviate off it," McLaughlin said. "A lot of the time you've got to be creative with what you've been given. So you've got a set list of tasks and each task can be completed by five or six methods but then if you can think of another method you stick that in."

But once the fun and games are over, and the pretense of the malicous hacker is dropped, the job is all about providing feedback to the client.

"We try and be as open and honest with them as we can and tell them what we did, how we did it, why we did it, and what they can do to remediate it," McLaughlin said. "Some people do get a bit funny about it but we do try our best to be seen as a help rather than embarrass people."

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
What’s next for the education sector?
Whitepaper

What’s next for the education sector?

14 May 2021
Irish Health Service hit by ransomware attack
ransomware

Irish Health Service hit by ransomware attack

14 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021