Internet users exposed, expert says
Darren Bernhardt, The StarPhoenix
Published: Tuesday, July 29, 2008
Justin Seitz will make you feel scared, vulnerable and invaded. It's his job.
The Saskatoon-based computer genius is a security researcher or, in more familiar terms, a hacker. He gets inside the brain of a system, rewires it, makes it crash and steals its information. In little time at all, he could destroy someone's life.
And there's not much you can do about it. If you're online, you're at risk. It's as simple as that.
Justin Seitz, a security researcher, uses his knowledge for good
Richard Marjan, The StarPhoenix
The global embrace of the Internet and the capability to turn everything digital -- pictures, text and vital information -- has resulted in an ease of doing business and communicating. But it has also created a world that is capable of being exploited by the most malevolent of people.
"The bad guys are lurking in everybody's network. You're between six and 20 milliseconds from every creep and criminal on the Internet," Seitz said.
"When people ask me what the safest computer to buy is, I tell them one that you don't plug in. That's the current state of computer security for the average business and home user."
In the pre-Internet days of the 1980s, the only way for someone to affect your computer would be to install an infected floppy disc.
"The stakes are much higher today," said Seitz. "It would blow your mind if you knew what people could do to you."
Hackers have managed to break into the systems of electricity companies or betting houses and demand money to keep the system from being shut down.
In March 2007, the U.S. Department of Homeland Security conducted a test that proved a cyber attack could cause municipal power generators to self-destruct.
In 2000, a disgruntled former employee of an Australian computer company hacked into a sewage control system and flooded parks, rivers and a hotel with a million gallons of raw sewage. And in 2003, a computer virus disabled a safety monitoring system at an inactive Ohio nuclear plant for nearly five hours.
"So if you weren't afraid before, you should be now," said Seitz, who fortunately uses his powers for good.
He makes a living thinking like a criminal hacker, worming into the network. If he can expose a system's weakness, the holes can be patched.
Even the anti-virus programs that offer supposed security are susceptible. A file can be created that, when scanned by the virus detector, gets pulled into the system and takes it all down. Then the door is open, like a cracked safe, for raiding.
Seitz got into the hacking world while testing software to find the "weird bugs," or conditions that made it crash. Then one of the bugs bit and he was hooked. He researched and read voraciously. For kicks, he analyzed common software products for problems, which he would bring to the attention of the developers.
One discovery was a severe flaw in a business networking site. When the company refused to acknowledge the problem, Seitz and a partner posted the exploit code. It was their way of forcing the company to make a fix to protect thousands of vulnerable users.
The discovery was published in industry magazines and was listed for a week as the most critically dangerous bug on the Internet. Seitz followed that up a few months later by winning an international hacking competition.
The contest was sponsored by Immunity Inc., a Miami-based company considered to be the pre-eminent developer of attack-focused software. It also provides training to all kinds of clients, including major corporations and government agencies.
"If you get hired by them, you are set. You can live wherever you want and do the work from home," said Seitz, adding Immunity's employees, which span North and South America, "are the hand-picked, best hackers in the world."
Seitz's stellar showing in the contest made him one of them. Shortly after, he was recruited by Immunity and has been with the company since January. He is the lone Canadian member of the elite team.
"I'm humbled by those people. I'm definitely the dumb guy on the team," he said. "These are some of the scariest people I've met in my life, in terms of what they can do."
Being on that team is akin to a Prairie kid watching his hockey heroes on TV, and then one day playing on the same line, Seitz said. "I still feel giddy working with these guys."
That's a modest statement for the lead developer of Immunity's flagship product, Canvas. The software program is the first to conduct exploitation tests automatically on a system, which makes it ideal for non-programmers.
Seitz, who is writing a type of hacker handbook to be published in the fall, also analyzes the behaviour of viruses through reverse engineering. He deciphers the garbled data that invades a computer to determine its intent: To steal information or passwords, monitor keyboard strokes or access a specific website.
His career may seem far from his original goal of being a doctor, but they are related. Both involve viruses that cause severe illnesses and can involve emergency transplants of hardware.
"There is a great deal of forensic science to it," said Seitz, who admits there is a temptation to use his abilities for unsavoury pursuits.
"There are times when someone cuts me off in traffic and I just think, 'Oh, buddy, if you only knew,' " he added with a chuckle. "But I know if I went to the dark side, I would get busted the same way we bust people."
http://www.canada.com/saskatoonstarphoenix/news/story.html?id=245399a8-9d27-4e15-ae59-a9d6b0708002&p=1
Darren Bernhardt, The StarPhoenix
Published: Tuesday, July 29, 2008
Justin Seitz will make you feel scared, vulnerable and invaded. It's his job.
The Saskatoon-based computer genius is a security researcher or, in more familiar terms, a hacker. He gets inside the brain of a system, rewires it, makes it crash and steals its information. In little time at all, he could destroy someone's life.
And there's not much you can do about it. If you're online, you're at risk. It's as simple as that.
Justin Seitz, a security researcher, uses his knowledge for good
Richard Marjan, The StarPhoenix
The global embrace of the Internet and the capability to turn everything digital -- pictures, text and vital information -- has resulted in an ease of doing business and communicating. But it has also created a world that is capable of being exploited by the most malevolent of people.
"The bad guys are lurking in everybody's network. You're between six and 20 milliseconds from every creep and criminal on the Internet," Seitz said.
"When people ask me what the safest computer to buy is, I tell them one that you don't plug in. That's the current state of computer security for the average business and home user."
In the pre-Internet days of the 1980s, the only way for someone to affect your computer would be to install an infected floppy disc.
"The stakes are much higher today," said Seitz. "It would blow your mind if you knew what people could do to you."
Hackers have managed to break into the systems of electricity companies or betting houses and demand money to keep the system from being shut down.
In March 2007, the U.S. Department of Homeland Security conducted a test that proved a cyber attack could cause municipal power generators to self-destruct.
In 2000, a disgruntled former employee of an Australian computer company hacked into a sewage control system and flooded parks, rivers and a hotel with a million gallons of raw sewage. And in 2003, a computer virus disabled a safety monitoring system at an inactive Ohio nuclear plant for nearly five hours.
"So if you weren't afraid before, you should be now," said Seitz, who fortunately uses his powers for good.
He makes a living thinking like a criminal hacker, worming into the network. If he can expose a system's weakness, the holes can be patched.
Even the anti-virus programs that offer supposed security are susceptible. A file can be created that, when scanned by the virus detector, gets pulled into the system and takes it all down. Then the door is open, like a cracked safe, for raiding.
Seitz got into the hacking world while testing software to find the "weird bugs," or conditions that made it crash. Then one of the bugs bit and he was hooked. He researched and read voraciously. For kicks, he analyzed common software products for problems, which he would bring to the attention of the developers.
One discovery was a severe flaw in a business networking site. When the company refused to acknowledge the problem, Seitz and a partner posted the exploit code. It was their way of forcing the company to make a fix to protect thousands of vulnerable users.
The discovery was published in industry magazines and was listed for a week as the most critically dangerous bug on the Internet. Seitz followed that up a few months later by winning an international hacking competition.
The contest was sponsored by Immunity Inc., a Miami-based company considered to be the pre-eminent developer of attack-focused software. It also provides training to all kinds of clients, including major corporations and government agencies.
"If you get hired by them, you are set. You can live wherever you want and do the work from home," said Seitz, adding Immunity's employees, which span North and South America, "are the hand-picked, best hackers in the world."
Seitz's stellar showing in the contest made him one of them. Shortly after, he was recruited by Immunity and has been with the company since January. He is the lone Canadian member of the elite team.
"I'm humbled by those people. I'm definitely the dumb guy on the team," he said. "These are some of the scariest people I've met in my life, in terms of what they can do."
Being on that team is akin to a Prairie kid watching his hockey heroes on TV, and then one day playing on the same line, Seitz said. "I still feel giddy working with these guys."
That's a modest statement for the lead developer of Immunity's flagship product, Canvas. The software program is the first to conduct exploitation tests automatically on a system, which makes it ideal for non-programmers.
Seitz, who is writing a type of hacker handbook to be published in the fall, also analyzes the behaviour of viruses through reverse engineering. He deciphers the garbled data that invades a computer to determine its intent: To steal information or passwords, monitor keyboard strokes or access a specific website.
His career may seem far from his original goal of being a doctor, but they are related. Both involve viruses that cause severe illnesses and can involve emergency transplants of hardware.
"There is a great deal of forensic science to it," said Seitz, who admits there is a temptation to use his abilities for unsavoury pursuits.
"There are times when someone cuts me off in traffic and I just think, 'Oh, buddy, if you only knew,' " he added with a chuckle. "But I know if I went to the dark side, I would get busted the same way we bust people."
http://www.canada.com/saskatoonstarphoenix/news/story.html?id=245399a8-9d27-4e15-ae59-a9d6b0708002&p=1
No comments:
Post a Comment