Why do we need hackers today?

In the last decade the role of hacker is deeply changed, these strange characters were once kept away from government affairs, but the scenario is reversed, there has been an unprecedented technological evolution and principal countries have discovered a new way of making war, a new way of spying.

Today the hacker is the most important player for governments and cyber warfare but not only, private companies and industry of crime consider him as the repository of knowledge that has become crucial, the mastery of new technology.

Today is very common read about zero-day vulnerability, a concept unknown to many professional some years ago, we are all aware of the potential risks related to the exploit of this kind of “bugs” in large

An essential element of a «cyber weapon» is the exploit of an unknown vulnerability. Known as zero day vulnerability, it is a factor that influences its efficiency and makes it possible to target specific applications or infrastructures. Governments and private business have suddenly discovered the importance of discovering bugs in the most common applications, creating a new market for the new precious commodity.

Hacker’s skill is essential to develop a cyber weapon, it’s fundamental for governments to approach what is considered the fifth domain, the cyber space, these professional could help military to protect of critical infrastructures but could also be engaged to penetrate foreign networks in complex and hidden cyber operations.

China, Russia, Iran, North Korea, Israel and U.S. are the countries that major investing in the creation of new cyber units composed by hackers involving them in offensive cyber operations and cyber espionage campaign.

In many cases the governments have public announced the recruiting of skilled hackers,  NSA chief General Keith B. Alexander during last edition of Defcon Hacker Conference, asked to the hacker community for help U.S. securing cyberspace.

If the figure of hacker is changed what can be said on its way to operate? Differently from the past also hacking has been influenced by consolidated procedures of analysis, hacking has become in many cases a profession for the exercise of which requires the right tools.

The hacker now has a multitude of tools and application to stress and test systems to be studied, there are established methods essentially based on shared experiences with colleagues. Forums, events and web allow rapid circulation of information that facilitates very much the work of these professionals who once worked mostly in solitary and in total anonymity.

General Keith Alexander, director of the National Security Agency told a Washington forum that the today hacking practices is increasingly focused  to cause severe economic damage.

According the official hackers are stepping up the intensity of their attacks, moving from “disruption” to “destruction” of targets.

“We are seeing the threat grow from exploitation to disruption to destruction,” he declared at the Woodrow Wilson Center.

The attacks of groups of hackers could represent a serious menace for economic texture of a country but could also devastate critical infrastructures such as power grid operators —

“all of that is in the realm of the possible.” the General said.

The last wave of attacks against oil sector and banking have raised the possibility to block the operating of targeted systems, these types of destructive offensive can wipe out data with dramatic consequences that once again alert on the opportunity to establish the proper response to the incidents.

On the topic Alexander said.

“It could overwrite the ability of a system to turn on,” “Think about a company that loses all the data on its system… If you wipe out the data, you wipe out the ability of the system to operate.”

According to U.S. official one of the first action to do to improve the collaboration between private sector and governments, the cooperation must be explicitly regulated in an efficient cyber strategy to respond to incoming cyber threats.

Is desirable that the definition of a common strategy to respond to cyber attacks shared by primary actors of every sector.

U.S. Government is aware of the capabilities of groups of hackers and it afraid a cyber 9/11, cybercriminals and cyber terrorists could soon create serious damage and the country must be prepared.

The discussion is raised during the same days in which is circulated the news regarding the attack against one of the principal Office of The White House despite according official fonts revealed that no classified systems were breached and there was no indication any data breach.

In a similar context once again the figure of the hacker assume a strategic role especially for private sector and with particular reference to Small Business on which the economy of giants is based. A proper cyber strategy must consider also measures to defend these vulnerable organizations and the sharing knowledge on basic hacking techniques could prevent disastrous consequences.

How many Sys Admins know about the protection against SQL injection attacks? How many developers know exactly how an hacker could exploit the lack of validation inside their code?

Reading reports of continued attacks such as those at universities all over the world we believe that too few really know how hackers try to circumvent systems of companies and organizations …

If we cannot beat them then let them friends!

Pierluigi Paganini