The good vs the bad hackers

The world of hackers is like the “Star Wars” universe: There is a light side and a dark side of cracking computers. McClatchy’s Bridget Carey reports that hundreds of hackers on the side of good, known as ethical hackers, gathered at the 14th Hacker Halted global conference recently to discuss strategies to thwart cyberterror. Ethical hackers understand how to hack a system in order to better protect against attacks or to know where the vulnerabilities are in a program.

“A good defense is a good offense,” said Sean Arries, a security engineer at information technology infrastructure services firm Terremark Worldwide Inc. “If you understand your opponent and you understand how the attacker is going to attack you, then it makes it a lot easier for you to defend yourself.”

Not everyone who comes to such events is a good guy. Talk to anyone at that conference and they believe at least some “black hat” hackers were among them in anonymity.

“The same techniques that you learn to protect a system are the same things people look at to break into systems,” said Howard Schmidt, president of the Information Security Forum. “You have the good guys trying to out-thwart the bad guys, and the bad guys going to learn from the good guys.”

In the world of hacker conferences, Hacker Halted is pretty tame compared with the DefCon and Black Hat conferences in Las Vegas. “That’s where you get more of the black hat subculture to learn what’s going on and extract information that maybe you should or shouldn’t be privy to,” said Ernie Campbell, a technical trainer at IT firm Solutient Corp.

Malicious hackers are usually grouped into subsets. There are the “script kiddies,” a derogatory term given to hackers who use programs to cause trouble because they don’t have the skills to write their own code.

There is also the movie stereotype of pale guys pounding down energy drinks in a basement full of computer screens as they wreak havoc. “That certainly exists, but it is a small, small subculture,” said Erik Laykin, managing director of financial advisory firm Duff & Phelps in Los Angeles and honorary chairman of the Electronic Commerce Council, which organized the conference.

The hackers that Laykin and other investigators focus on are the criminal hackers, many working outside the United States, who keep coming up with ways to steal financial information.

It is a constant job of playing catch-up for the ethical hacker who is trying to stay on top of the latest exploits. And as people become more attached to mobile devices, cell phones will be the target down the road, experts said.