Experts Gather For Hackers' Convention
MELISSA BLOCK, host:
This is ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.
And it's time now for All Tech Considered.
(Soundbite of music)
BLOCK: They call it the Black Hat conference, a meeting held every year to talk about cyber security. These day's corporations and governments are worried -really worried because cyber attacks are growing by the day.
And as Nate Plutzik reports, the bad guys are getting smarter and more ambitious.
NATE PLUTZIK: Jeff Moss is a renowned security expert. He founded the Black Hat conferences with hopes to bring in together experts to combat the growing threat of malicious hackers.
Mr. JEFF MOSS (Security Expert; Founder, DEFCON): Well looking into the future what are the security researchers and hackers doing today? Why are they doing it today? And where is that leading?
PLUTZIK: Hacking is taking apart electronics to understand how they work. Malicious hackers can use their skills to digitally steal a person's identity or private information. Mike Bailey is a security expert at Foreground Security. He gave a presentation on hacks he found in several social media Web sites.
Mr. MIKE BAILEY (Senior Security Researcher, Foreground Security): Some of the sites that I found these kinds of things are include Twitter, Facebook, Yahoo, Gmail, PayPal, Apple, Microsoft - the list goes on and on. And, I mean, these aren't small Web sites. Frankly these people have good security teams.
PLUTZIK: Bailey says that many of these attacks are not difficult to do. For example, a software glitch he found on Facebook could allow a malicious hacker to take over your profile and pretend to be you.
Mr. BAILEY: It just required them viewing my Web page and it would compromise their Facebook account. In this case, they read out the contents of the inbox and sent them to my server. Honestly, I could do anything. I mean anything you can do with your Web browser to Facebook, I could do through you.
PLUTZIK: Moss says the problem is that often these findings are ignored by corporate or government officials who don't want to hear bad news. They ask...
Mr. MOSS: Why couldn't you've just told us about the problem? It's like, well, we did. But you didn't believe us. That's the problem with the corporate America. That's problem with the government.
PLUTZIK: Andy Freed(ph) worked as a federal agent for 26 years. He thinks law enforcement has been largely ineffective at solving the crisis.
Mr. ANDY FREED (Former Federal Agent): My analogy was always that I felt like a sheriff on a horseback trying to catch speeding Ferraris. We know what they're doing we just can't get there fast enough. So, realizing that what works well if all the criminals were in the U.S. doing things to U.S. citizens doesn't work so well, when the criminals are from Eastern Europe attacking U.S. citizens.
PLUTZIK: Jeff Moss says cyber attacks are becoming much more sophisticated.
Mr. MOSS: The bad guys now have a budget. They've got a staff. They've got a mission statement. This is a business to them. And they'll send people to schools. They'll send them to training. They treat this as a business.
PLUTZIK: Freed and others first started to attend Black Hat to meet helpful hackers who could give them insight into these increasingly complex cyber attacks.
Mr. FREED: You know, as a law enforcement officer, I wanted to meet people so that when I needed help I had somebody to reach out to. I mean, there are some hard and bad people out there we need to be targeting.
PLUTZIK: Moss hopes Black Hat conferences will provide a place for helpful hackers and security experts to get together to stop these threats. But he isn't sure that the problem will go away.
Mr. MOSS: We don't ever really kill the old problems. What happens is things are moving so quick on the Internet, things are getting updated, new things are coming out, we tend to just sort of tamp down the fire and move onto the next thing. The world is creating technologies faster than we can secure them, faster them we can even comprehend how they're going to be used.
PLUTZIK: Black Hat conferences are spreading around the world. Later this year they'll be held in Barcelona, Abu Dhabi and Las Vegas. Moss hopes the conferences will help security posses catch up with the fast moving hackers.
For NPR News, I'm Nate Plutzik.