The hacking “industry” has come a long way since 1972, when Woz and Jobs would make blue boxes and sell them to folks who wanted to make free phone calls anywhere in the world.
A lot has changed in the past 40-plus years, but a lot is the same. People want to poke around and others want to stop them.
Because the Internet and personal devices have become our lifelines to the world, cybersecurity has become a major issue for governments, companies and individuals.
It’s no wonder the Black Hat Security Conference (DefCon) keeps drawing more and more computer hackers, information technologists and corporate/government specialists hell-bent on learning the latest tactics to infiltrate and protect networks, systems, devices.
There is certainly enough bad code out there to keep both sides working for years to come since most of the software and apps are built from modules of old code, perpetuating old holes and creating new ones.
Of course, sloppy users help too; and no amount of screaming is going to change bad habits.
So hacking is a big business — hell, its huge — bad and good.
On the bad side, you have people who may not even be decent code writers but are real good at making a dishonest buck. You know, people ranging from individuals to gangs with finely-tuned systems that function just like any other profit-oriented business.
Their scale of operations would blow your mind.
A recent Business Insider article cited facts painstakingly compiled by security firm Trustwave. They found a cybercriminal with average intelligence and tools/services that can be bought online (if you have the right connections) could easily clear $80K-$90K a month.
Catching and prosecuting them is tough, but not impossible.
Then there’s the grey operations run by government agencies around the globe that poke into country/company systems while trying to patch/protect their own systems.
The majority who congregated in Las Vegas recently wanted to find out where the vulnerabilities are in our now digital world and how to fix them.
Yeah, there were a lot of suits/dresses there who wanted to hire these folks for their organization to stop cyber intruders and prevent future attacks.
When you consider that 90 percent of the world’s data has been produced in the past two years; by 2020, 30 billion to 50 billion devices will be connected to the Net, and we’ll be trying to store 40K Exabytes, the Internet is kind of important.
No one can pinpoint when the Internet lost its virginity.
It could have been when Admiral Grace Hopper, who developed the first compiler back in 1944 and found a bug (actually, a dead moth) in Harvard’s Mark II computer in 1947.
Or it could have been in 1991 when hyperlink creator Tim-Berners Lee and the team at CERN (Conseil EuropÃ©en pour la Recherche NuclÃ©aire) developed the Web and people quickly figured out they could make money across the Internet and on the Web.
To get the good Black Hatters fired up, Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society, started things off by telling them they could lose the Internet or the semi-free, semi-open Internet we know today.
Granick voiced what the crowd already knew — every country’s lame government wants to control the Internet so they can guarantee their citizens security and anonymity while making it easier for them to watch what folks are doing, censor it and centralize control.
Of course, that also didn’t sit well with the hackers — but a lot of the security pros didn’t see much wrong with it.
In an ideal world, the Internet would be open, free, decentralized.
The problem is there’s always the “Yes but …”
Individuals shouldn’t be harassed, bullied. There are loosely defined social norms and courtesies that should be observed for groups and individuals. We owe it to our children to let them explore, make mistakes, learn … after all, they are our future. People have to be protected from their own stupidity and greed.
As it is, the Internet isn’t free, isn’t safe, isn’t secure; that’s what most of the Black Hatters and security pros were focused on at the event.
They were there to learn newer, better techniques to deliver that balance.
Along the way, a person has to have a little fun like hacking each other’s phone/tablet/computer/watch, tapping into ATM machines, fiddling with slots and finding their way into anything with a computer chip in it and a line of code.
With 100 sessions to attend, black hatters found that damn near everything could be hacked.
By 2020, Cisco projects, we’ll have 50 billion intelligent sensors, connections with just about anything you can imagine giving creative selling opportunities for almost everyone and more targets that need to be tested, protected.
With software holes and opportunities for holes everywhere you turn, the black hat and DefCon were also giant job fairs.
Exhibitors and headhunters were everywhere, searching for seasoned hackers to recruit.
They only validated what Burning Glass Technologies recently reported – there aren’t enough cybersoldiers to fill the open positions in the U.S. or around the globe.
The company noted that cybersecurity jobs have grown three times faster than other IT jobs and the skill sets that are needed continue to rise.
Sure, government and spook agencies preprinted offer form letters but the financial, healthcare, auto and consumer goods organizations also had their eyes out for possible recruits.
The demand/shortage also means cybersecurity jobs also offer salary premiums ($80K U.S. plus, compared to other IT jobs).
None of the headhunters looking for folks work for organizations – here or abroad – that are inherently evil (O.K., a few maybe) but it is impossible for them to deliver everything we want – a free, open Internet; free speech; online safety/security and the right to privacy.
Remember, it’s a network of networks built with new code using old code to do things people didn’t even think about a few years ago.
That’s pretty hard to destroy and rebuild from the ground up.
Andy Marken of Marken Communications in Santa Clara, Calif., writes on a host of cultural topics. Reach him at Andy@MarkenCom.com.