TMCnet News
Respect, but no love, for hackers: Online outlaws meet their matchAug 16, 2009 (The News & Observer - McClatchy-Tribune Information Services via COMTEX) -- Ask Jeff Crume, and he'll tell you that the typical computer hacker is often nothing more than your classic loser. Crume can't hide his professional contempt for the cyber-punk who acts out his power fantasies as a way of nursing low self-esteem. Crume, who lives in Raleigh, has worked for IBM for nearly a quarter-century. He is one of the area's foremost authorities on computer security. He spends his days thinking about hackers the way cops think about organized crime, or the way public health officials think about pandemics. Though he considers many hackers to be sociopaths, Crume has a grudging respect for techno-vandals on account of the mass destruction they are capable of wreaking. Companies can be set back millions of dollars in lost business and compromised data after a hacker break-in. And Crume is ever attuned to hackers' evolving motives, which are increasingly financial. Hacking is turning into an inside job, he said, a digital consequence of economic trends that have resulted in mass layoffs, low-paid temps and outsourced labor. "This is a bigger problem than it was a few years ago because of the economic conditions we're in," Crume said. "If someone is getting paid very little, they have more motivation to steal data and sell off the information," he said. "We have more people who have been laid off, who may be angry about losing their job." Crume's success at outsmarting online outlaws has earned him one of the highest honors at IBM. At age 47, he was selected recently as a Distinguished Engineer, a title bestowed upon one-fourth of 1 percent of the company's nearly 400,000 employees worldwide. That would be 532 people companywide, including 22 at Research Triangle Park. In addition to prestige and status, the title elevates the engineers to executive rank within the company, bypassing the standard managerial career track. Still, Crume's executive suite is usually his Raleigh home office and his business suit a polo shirt and khakis. After being encouraged to apply to IBM's invitation-only elite club, it took Crume five years to prepare the 66-page application -- by documenting his contributions, filling in gaps in his career, and enlisting endorsements from executives and managers throughout the global company. Some of the things going for him were his extracurricular commitments: his publication in 2000 of "Inside Internet Security: What Hackers Don't Want You To Know," along with his network security presentations at more than 70 conferences worldwide. Professionally, he was cited for his work with top-dollar clients in about 40 countries. He traces his fascination with hacking to his high school computing lab in Lynchburg, Va., when he watched teenage classmates write programs to emulate logon screen prompts, tricking other students into disclosing their passwords. He instantly sensed the addictive power over others that his technologically brilliant friends had tapped into. As classroom hackers got illicit thrills by deciphering the secrets of computing, Crume was decoding the mindset of the hackers. "The delicate egos, secretive nature, antisocial behaviour and questionable ethics stripped away any remaining illusions," he wrote in his book. He's often back in the classroom, guest-lecturing at his alma mater, N.C. State University. His presentations are a sobering dose of reality, a blend of how hackers think and operate," said Ken Tate, director of development for N.C. State's computer science department. Tate said Crume is very convincing at showing "how really ineffective our current security technologies are in deterring those who want to steal your identity or information." Crume's book is largely a tutorial on Internet security, but it also analyzes the cyber-spectrum of hackers, from prankster, to criminal, to terrorist. Some see themselves as trespassers and thrill-seekers, while others do it for financial gain or for political aims. They range from rank amateurs to highly trained elites. Just this month, hackers succeeded in disrupting Twitter and Facebook, the online social sites, in an attempt to silence the political commentary of a 34-year-old economics professor in the former Soviet republic of Georgia. That was an example of a "distributed denial of service attack," Crume said. In this kind of attack, hackers send out a virus that implants itself in thousands of random computers. Then, the virus downloads instructions from the hacker. The hacker can remotely tell the virus to flood Twitter or another site with traffic, overloading the site and shutting it down. IBM, like many large companies, pays experts to try to hack into the company's networks to spot vulnerabilities. Many companies say they refuse to hire network security consultants who claim past hacking experience and present themselves as reformed hackers. "You don't want to hire policemen with criminal records," Crume said. In his work for IBM, Crume designs institutional security systems that control employee access to sensitive accounts, audit those accounts to track who is gaining access, and promptly cut off users when necessary. For all his wariness of hackers, Crume refuses to let his avowed enemy change his lifestyle. He has accounts on Facebook and LinkedIn, downloads music and occasionally shops on eBay. But he is not reckless. On Facebook he only "friends" people he knows personally, doesn't allow unlimited access and doesn't post personal information. He says seemingly innocuous private information -- like the name of a pet -- can provide snoopers with clues to your passwords . "There's no point in trying to hide from it all," Crume said. "Just do the best you can to protect yourself and go on living your life." [email protected] or 919-829-8932 To see more of The News & Observer, or to subscribe to the newspaper, go to http://www.newsobserver.com. Copyright (c) 2009, The News & Observer, Raleigh, N.C. Distributed by McClatchy-Tribune Information Services. For reprints, email [email protected], call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA. |