Black hat hackers violate computer security for little reason beyond maliciousness or for personal gain. Are we training them with shows like CSI:Cyber? And what level of risk management will protect our projects?
I have always liked the CSI series of shows. CSI:Crime Scene Investigation which is / was mythically based in Las Vegas - even though most of it was shot elsewhere. CSI:NY was good for awhile and CSI:Miami always gave me a chuckle with Horatio’s overacting. Now that CSI:Las Vegas is done I’ve started watching CSI:Cyber. I didn’t think I would like it, but I love it. Even in spite of the fact that it stars Lil’ Bow Wow and James Van Der Beek (from Dawson’s Creek). But it’s great.
CSI:Cyber is all about black hat hackers who have gone a step further. For those of you wondering, a black hat is a hacker who violates computer security for little reason beyond maliciousness or for personal gain. Very interesting, very intriguing stuff.
Are we training up the next generation of hackers?
So, why am I bringing this up? I can’t help but wonder as a I watch an installment where a hacker figured out how to override the thermal heat protection of a brand of printers causing it to set fires when paper went through it - and did this remotely just by infiltrating less than secure home and business Wi-Fi systems - are we just giving hackers their next challenge?
Some of this stuff is likely possible now or on the verge of being possible. There are probably some individuals out there offering rewards to the first hacker that can make something like that really possible. Sort of a hacker bounty. Is a show like this just giving black hat hackers a new weekly challenge with every episode?
It really doesn’t matter. It’s not like hackers need a new challenge.. the good ones are coming up with their own challenges every day. It’s what they do. Some play video games on their parents’ couch till they are fifty and then when their parents die they just continue to live there and keep feeding the cats.
Then there are the gamer geeks that decide to take it to the next level - a bigger challenge. Boom. A new black hat hacker is born. What do we do? These are the individuals behind the malware and virus’ we get on our computers. But can they really start fires in our printers? Maybe. They can take control of your webcams. Who would have guessed that a few years back?
Why do they do it?
Now let’s consider this from a business sense. Small business, big business.. it doesn’t matter. A small business will get a virus or malware. A big business has lots of money so a very good black hat hacker will find a weakness - in this latest episode it was a printer manufacturer who made many other electrical devices and the BH hacker eventually demanded and received a $10 million ransom from the manufacturer. Good news, the F B I took him down. But that won’t always be the case.
How does this apply to us? How does it apply to me? How does this apply to you? Well, you aren’t the infiltrator, but without proper planning and risk management, you will be the infiltrated. And even with the proper planning you still may be. We can’t ever plan enough. We can’t ever manage risk too carefully. But we can definitely plan too little. Avoid going that route.
Build risk management into your project timeline. Understand your environment… your customer’s environment. Consider the risks… and yes, especially the cyber risks even if it’s not a technical project. Any business that does business has financial information and customer data. Everything is always at risk. Consider that when you’re managing projects.