On 8th June, Microsoft released a report detailing the ransomware protection features that the software company had introduced with the Windows 10 Creators Update. Alongside the report, it made the following bold claim: “No known ransomware works against Window 10 S - our latest and most hardened operating system.”
Business technology news site ZDNet saw that statement as a challenge and invited security expert Matthew Hickey, co-founder of Hacker House, to give it a go. It took him just over three hours to install ransomware on the operating system. Hickey said: “I’m honestly surprised it was this easy.”
By making Microsoft (and the rest of the internet) aware of the vulnerability in the operating system - and not exploiting it for nefarious purposes - Hickey and ZDNet have engaged in “white hat hacking.” Put simply, a white hat hacker is one of the good guys, as opposed to black hat hackers who are the bad guys. The nomenclature is said to come from the early days of the movies in which the heroes and villains in Westerns were identified by the shade of their headgear.
A white hat hacker, also known as an ethical hacker, will intentionally hack into companies’ computer systems with the aim of alerting the business to security failings that could lead to breaches or leaks. The hope is that, once the company has been made aware of the lapse, it will patch the security of its systems. Companies such as Facebook, Yahoo and Reddit have implemented “bug bounty” programmes that reward and compensate hackers for pointing out bugs related to vulnerabilities. White hat hacker Anand Prakash has identified vulnerabilities of many tech giants and detailed on his blog how he was able to hack into all Facebook accounts.
White hat hackers have been brought into the fold of corporations and other organisations, often with the title penetration tester, and this job seems to be piquing the interest of a lot of people. Back in January, job site Indeed revealed a report using data on its cybersecurity job listings from 2014 to 2016. One of its key findings was the fact that, in the US and the UK, interest in ethical hacker jobs outstrips supply. For every 100 ethical hacker job postings, there were approximately 125 clicks. However, it is impossible to tell if these clicks were made by ready and willing job hunters or people just interested in finding out the prerequisites, responsibilities and salaries.
It could be the increasingly frequent and severe data breaches and ransomware attacks that are fuelling the interest in this role. Only yesterday, NotPetya file-scrambling ransomware disrupted the systems of Ukraine’s central bank, electricity grid and government as well as organisations in the UK, US, France and Denmark. The CEO of Symantec, Michael Brown, predicts a 1.5 million shortfall in the cybersecurity workforce by 2019.
Fortunately, it looks like there is a generation of digital natives coming of age with a strong set of ethics. CyFi is a 15-year-old bug hunter who thinks her generation has, “a responsibility to help make the internet safer and better,” and has co-founded a hub for ethical hacking for kids. And there are many others like her. So, perhaps with this enthusiasm for online safety from the younger generation, the state of cybersecurity will be a little more rosy than it is a present and all our online data will be that little bit more secure.