Hackers are the immune system for the information age (Wired UK)


Keren Elazari


Advertisement

Advertisement

Keren Elazari is a cybersecurity industry analyst
working at Gigaom Research. She has worked with leading security
vendors, government organisations and Fortune 500 companies on
their cybersecurity strategies. Wired.co.uk caught up with her
before her talk at Wired Money on 1 July.

Hackers are often vilified by the mainstream media.
Where do you stand?


I’m fascinated by the hacker world and what to me is interesting is
not just to see the damage, destruction or threat of cyber attacks
but also the potential that hackers hold. And I see great potential
in hacker culture. I see it as this new emerging class of almost
wizards that can wield their power for good or bad. And many of
them do positive things. I see a lot of creativity, a lot of
innovation. There are a lot of hackers who are stepping up to
protecting civil liberties in many parts of the world — especially
in the past year, as we’ve witnessed with [the likes of] the
Snowden revelations. Especially in areas where regimes are clamping
down on civil liberties, we see the hackers really come up –
sometimes as the only line of defence. I like that. I have perhaps
a romantic point of view about that, but I see that hackers are
sort of fulfilling the promise that hacker culture had initially in
the 80s and 90s — that information wants to be free ethos — I see
that happening right now.

There’s also the insight they can provide into
weaknesses into systems, financial systems for
example.


Absolutely, yes. They [hackers] are like the immune system for the
new information age. That was one of my key messages when I did my
TED talk: hackers are actually needed, because they provide a very
valuable service and they do it in a way that not only complements
established security mechanisms, but really does much more than
those established mechanisms can do. Because they look at things
from so many different perspectives, they think outside the box.
They always find new uses for technology that were not thought of
before and in doing so, they make us evolve our technologies.

In a way I think they’re required and if we lived in a world
that was unhackable and had no hackers, it might be very static. It
might be a very boring world, it might be almost like a Big Brother
kind of world where there’s one specific flavour of technology and
that’s what everybody’s using and that’s that. I think hackers do
represent that force for change and evolution although that comes
with a price. I recognise that not all hackers are good and can be
motivated by easy money. And that’s what I want to talk about at
Wired Money.

Care to elaborate?

I will talk about how the cyber criminal underground in the
financial world really has displayed a great deal of innovation and
creativity in coming up with new ways to make money with malicious
software and with new business models. Things like Bitcoin-mining
malware that targets gamers because gamers use very powerful GPUs,
which are stronger than CPUs. We’re seeing these new sorts of
botnets that are specifically targeting gamers.

So what can the corporates learn from the
hackers?


These guys have boundless creativity and innovation in how to use
technology. And sometimes the innovation comes in the form of new
business models, or new distribution network, or new platforms.
Sometimes it’s in the form factor, so how the malware gets
delivered, or how it works, or the vessel it attacks. The
incentives are so great that they don’t have to respect the past
and they always move ahead to create new stuff. This is the kind of
attitude that you’d like to also have in a fast moving business in
the 21st century, right? 

But also there is a valuable lesson here. This is how the bad
guys work, so the financial industry and security industry have to
work twice as hard to stop these attacks. And that’s another place
that the good hackers can be of help. There are security
researchers — who might not be necessarily working for the big
security companies or big banks — but independent security
researchers who kind of act like Robin Hood. They have a personal
life which is to uncover these malicious schemes, they really take
a lot of time and effort to provide insight to the industry about
how this stuff works. And I think there’s a good chance for
financial organisations to realise that the hackers are not always
on the wrong side.

Another key lesson here is that this is not really something
that one organisation can do by themselves.

With that in mind, can we ever “solve”
security?


I think any self-respecting security researcher will tell you
there is no 100 percent security. Security is a process and not an
end game. It’s a continuation or a spectrum. The organisation can
try to become more secure and try to offer better, more secure,
more stable products and services to their clients. But there is
always going to be that one percent, an area of vulnerability, or a
back door — even just a creative use of an existing technology –
that leads to the bad guys getting their chance.

Again, I think an unhackable world is a very static world. So by
way of these vulnerabilities, we can also evolve the technologies
and move ahead with next generation technologies and services that
can try and solve more problems than they create.

The implications for security and risk are huge when you
start looking ahead to the augmented body…


I agree. I’m looking at that as well. I’m currently preparing a
talk and an article about hacking the human body. And that’s not
science fiction. There are people all around the world that already
have RFID chips implanted or they have another of augmented
technologies. We know that pacemakers and insulin pumps have been
proven to be susceptible to cyber attacks. This is a reality and
what this reality means is that now companies that are building
medical technologies are also private security companies.

This lesson is critical to both financial organisations and the
companies building medical technologies, but it also relates to the
companies building cars or really any other [connected] technology
out there. Cybersecurity is going to be a core element of any new
technology coming out whether it’s in the financial sector, or the
car industry, or a medical device. It’s a well known axiom in the
security industry that it’s cheaper and easier to implement
security in the design phases than it is to try and stick in on top
later on in the process. I think today companies cannot afford to
think about security as an afterthought.

How do you see AI impacting security?

On this front I have to say that I am a little more optimistic
than others. Many people see that as a point in time that the
artificial intelligence, the computers, the thinking machines are
going to become smarter and better than human beings. And the
dystopian view is that this will inevitably lead to some kind of
apocalyptic war between machines and humans. That’s something we’ve
seen in all the movies. But I think there is great promise there.
What we are doing with building greater artificial intelligence is
that we’re going to build a computer, or build some software that
can then build other software — it can design the next generation
of even better artificial intelligence, regular software, or
security software. With that we will have this incredible resource
with which we can fix all these problems which have been deemed
unsolvable — whether it is cryptographic problems or scientific
issues.

What is troubling, I think is coupling the artificial
intelligence with the autonomous platforms, like autonomous cars,
or autonomous drones, or perhaps even war making robots. And that’s
a scary scenarios. The we really come on to more ethical questions:
do we give the AI the decision of shooting a person or not. That’s
complicated.

Advertisement

Advertisement

Keren Elazari will be appearing at Wired Money, on 1 July,
2014. Tickets are on sale now: see wired.co.uk/money14
for a full speaker list and further information. Wired subscribers
receive a 10 percent discount.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

13 June 2014 | 2:41 pm – Source: wired.co.uk
———————————————————————————————————————

Leave a Reply

Your email address will not be published.