Combating cybercrime – The White Hat revolution

April 27, 2017
Combating cybercrime – The White Hat revolution
Andrew Staniforth
Andrew Staniforth Non-Resident Fellow - Counter Terrorism & National Security

The unrelenting pace of technological change epitomises the domain of cybercrime and cybersecurity with criminals constantly developing new and transformed attacks. These innovations in cybercrime include those within the Dark Web – the collection of websites that exist on an encrypted network that cannot be found by using traditional search engines or visited by using traditional browsers.

Cyber criminality is a phenonmenon by which criminals act with new tools and within a new environment which many governments across the world are increasingly concerned is not satifactoraily understood, nor being properly addressed. The global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion. This cybercrime cost figure may just be the tip of the iceberg. According to ‘The Global Risks Report 2016’ from the World Economic Forum, a significant portion of cybercrime is underreported and remains undetected.

Responding to all manner of cyber-related threats, many Law Enforcment Agencies (LEAs) are being forced to rapidly expand their cyber capabilities without necessarily having the expertise, technology, finance or manpower to be able to do so as effectively as they wish. To amplify their efforts a number of LEAs are now recruiting hackers to their ranks in an attempt to bridge the growing skills gap between cyber crimianls and those who are charged with safeguarding Internet users.

Hacker lexicon

The recruitment of hackers to support police and intelligence agency efforts has caused concern amongst some security professionals but hackers aren’t inherently bad — the word “hacker” does not mean “criminal” or “bad guy”, although the stereotypical view of hackers still retains many negative conatations in the security domain in the post-Snowden era. Thankfully, the rise of the ethical hacker is serving to change this perception. Geeks and tech writers often refer to the three main types of hackers: Black Hats, White Hats and Gray Hats. These terms define different groups of hackers based on their behaviour:

  • White Hats – disclose vulnerabilities to software vendors so they can be fixed;
  • Black Hats – use or sell software vulnerabilities to other criminals to conduct crimes;
  • Gray Hats – disclose or sell software vulnerabilities to governments to be used for hacks against adversaries and criminal suspects.

The rationale for the use of colours to denote each category of hacker is simple. In the early 1900s the silent cowboy Western movies were filmed in black and white and they often showed heroes wearing white hats and villains wearing black hats to symbolize the contrast in good versus evil.  The “Good Guys” wore a white hat and the “Bad Guys” wore black so the audience knew who was who. This became a stereotype and later a convention and is used to denote bad hackers as Black Hats and good ones as White Hats.

Black Hats are criminals. They use their prowess to find or develop software holes and attack methods or other malicious tools to break into machines and steal data, such as passwords, email, intellectual property, credit card numbers or bank account credentials. They also sell information about the security holes to other criminals for them to use.

Gray Hats sell or disclose their vulnerabilities not to criminals, but to governments—LEAs, intelligence agencies or militaries. The governments then use those security holes to hack into the systems of adversaries or criminal suspects. Gray Hats can be individual hackers or researchers who uncover flaws on their own, defence contractors who have hacking divisions tasked specifically with uncovering flaws for a government to use, or boutique broker firms who are in the business of finding or brokering the sale of software vulnerabilities they uncover to LEAs and intelligence agencies.

Ethicial hackers

A White Hat hacker, or ethical hacker, traditionally uses penetration testing techniques to test an organization’s IT security and to identify vulnerabilities.  IT security staff then use the results from penetration tests to remediate vulnerabilities, strengthen security and lower an organization’s risk factors. Penetration testing is never a casual undertaking. It involves lots of planning, which includes getting explicit permission from management to perform tests, and then running tests as safely as possible.  These tests often involve the very same techniques that Black Hats use to breach a network and is why White Hat hackers skills are of increasing value and currency, given that forty-eight percent of data security breaches are caused by acts of malicious intent. Ethical hackers are now being used to progress criminal invetigations as part of Digital Investigation Teams and their technical expertise to track and trace cyber criminmals is fast becoming a key component in the fight against cyber crime.

Ethical hacking has quickly become the perfect career choice for those interested in problem solving, communication and Information Techniology (IT) security.  LEAs are seeking White Hats who have a diverse skill set, whiuch includes a balance of intelligence and common sense, strong technical and organizational skills, impeccable judgement and the ability to remain cool under pressure.  At the same time, LEAs require a White Hat to think like a Black Hat hacker, with all of their nefarious goals and devious skills and behavior. Some of the top-rate White Hat hackers are actually former Black Hats who got caught, and for various reasons have decided to leave a life of crime behind and put their skills to work in a positive (and legal) way.

The professional opportunities for ethical hackers are growing in this security sector as cybersecurity budgets have doubled when compared to other information-technology budgets over the past two years.  Global spending to combat cybercrime will top $80 billion this year, with organizations increasingly focusing on detection and response providing greater opportunities for the ethical hacker in what has become a White Hat revolution.

Human factors

Cybercrime is often considered in the context of the technical capability required to commit the crime or the financial impact it has on the victim, however, despite the importance of these factors, in order to have a complete understanding of cybercrime it is also essential to take into account the reasoning, motives, actions, opportuntities and networks behind such threats: the human factors. By embedding White Hats in the operating structures of LEA  cybercrime responses, provides increased capacity and capability to counter the increasiong threat from all manner of cyber cyber criminality and to gain important insights to the mindset of the anonymous cyber criminal. The use of the ethical hacker serves to enhance LEAs understanding of the factors that bring about cyber crime, and the techniques they can be employed to reduce its impact. The use of White Hats by police forces can support investigative efforts, protect the integrity and security of police operating systems and can play a major role in protecting the ordinary web user from becoming a victim.

The White Hat revolution is part of a broader programme of action to counter the threats from cyber crime and is a welcome development as we continue to see an increase in the scale and scope of reporting on malevolent cyber activity. Moreover, the introduction of White Hats provides evidence of an increasingly creative and innovative approach by some LEAs to combat cybercrime, showing that they are taking measures which are outside of their cultural, traditional and organsational norms. It appears that LEAs are facing the uncomfortable truth that the recruitment of hackers to support police and intelligence agency efforts has now become absolutely necessary to combat contemporary cyber crime.