Can a black hat hacker make a turn for the ethical? Cisco thinks so. It recently conducted an interview with a former Anoymous hacker who goes by SparkyBlaze. Fed up with the nearly continual flooding of the Internet with people’s personal data, SparkyBlaze left the controversial group and is now hoping to move from Manchester, England to the U.S. to study computing and land a gig as an ethical hacker.
SparkyBlaze is no cyber Robin Hood, however. He defends the actions of Wikileaks and sees hacking as a demonstration of free speech. His justifications aside, he notes the perils of hacktivism, including the reality that if an individual is ever convicted for hacking or breaching computer systems, his career chances are slim. Add in the reality that for hackers in the U.S. hoping to make a turn to the government’s very lucrative cybersecurity industry, the possibility of obtaining a security clearance is also slim.
In addition to dishing on hactivism and computing, SparkyBlaze also offers sage advice for companies and individuals looking to make their data secure. He shared this specific advice for companies:
- Deploy defense-in-depth
- Use a strict information security policy
- Have regular audits of your security by an outside firm
- Use IDS or IPS
- Teach your staff about information security
- Teach your staff about social engineering
- Keep your software and hardware up to date
- Watch security sites for news on computer security and learn what the new attacks are
- Let your sysadmins go to defcon ;D
- Get good sysadmins who understand security
- Encrypt your data (something like AES-256)
- Use spam filters
- Keep an eye on what information you are letting out into the public domain
- Use good physical security. What good is all the [security] software if someone could just walk in and take [your “secure” systems]?
He also offered companies a warning about social engineering, which he sees as the biggest computer security issue today. Companies can invest all of the time, resources and personnel into security they’d like. If someone comes along and is able to convince a user to give up his or her password or critical data, it’s irrelevant.