(3-Jan-2012) As criminal hackers become more sophisticated and ruthless, security-conscious companies are increasingly recruiting people to help fight a covert war.
On the front lines of the fight stand many “grey hat” hackers — security experts who have online street smarts but aren’t mixed up in the racket themselves. A small number may have dabbled in “black hat,” or underground hacking, in the past, but most just know how to communicate with the other side.
Dave Millier, CEO of Sentry Metrics, a Toronto-based security consulting firm and managed services provider, says that in the past two years his company has fielded an increased number of requests from organizations that want to find out what sensitive information of theirs may have fallen into the wrong hands. And it’s grey hats who are most likely to get the job.
“We’re being asked to not just do the traditional `do a penetration’ test or `do a vulnerability assessment and tell us about our network’ — we’re also being asked to find out information. So again, it’s the intelligence category, if you will: `find out what information there is about us out in the wild.’
“What information is circulating around in the underground network, if you will, that could potentially be reputational damage, that could be being shared by the hackers, shared by the underground community to provide backdoor access to our systems? What do they know about our systems?