Home > Identity Theft > Hackers: If You Can’t Beat ‘Em, Hire ‘Em

Comments 0 Comments

So what’s it worth to you to prevent world-wide economic collapse, or even a major interruption of essential services, like power or water?

These are not hypothetical questions. Nor will they be caused by the Eurozone disaster, a double-dip recession, the disintegration of institutions deemed “too big to fail,” or government spending run amok.

I am talking about cybergeddon—or the endgame of cyber warfare. A concept well-worn in national security organization conference rooms and the situation rooms of nations around the globe. It is somewhat newer to the front page of The New York Times, which has recently featured several investigative reports regarding Stuxnet and Flame, two potent worms created for international espionage that got loose and went viral.

We all know the hackers are out there. That’s not going to change. The question is this, can we change the dynamic? Or more to the point, can we hire them—a whole lot of them? Simply put, how much should nations pay to build a cyber army (both civilian and military) of “white hat” hackers and talented computer security experts with the skills to out-hack or “out-code” the legions of nation state-sponsored or politically-motivated cyber terrorists sworn to destroy our way of life?

Everywhere we turn, there are reports of public and private sector breaches and compromised data. The SEC requires publicly traded companies disclose data breaches, and especially when intellectual property is stolen. Even when the forces of good arguably get it right, unintended consequences and leaks jeopardize the results.

Stuxnet is just one example. Written by American and Israeli spy agencies to sabotage Iran’s nuclear enrichment facilities, it at least partially succeeded in its mission, The New York Times revealed early this month. Unfortunately, its creators did not account for the possibility that it might escape. It did. In fact, both Stuxnet and Flame escaped. The result is scary: the bad guys have these worms and can use them.

The Stuxnet story became public in 2010 because a programming error enabled it to leap out of its confines and circumnavigate the globe via the Internet.

Two days after the recent Times article, came the report about Flame, another international spy-grade superbug. This one had compromised the Fort Knox of software companies: “Microsoft told customers that the authors of Flame—a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran—had figured out how to use Microsoft’s own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs.”

There are lessons we can draw from these stories. None of them are particularly comforting.

  1. Hacking and the creation of spying tools that are distributed online are now standard operating procedure for nations large and small. Stuxnet, Flame and the Chinese government’s widely reported collusion with practitioners of corporate espionage, prove that arsenals of powerful cyber weapons exist. This is an arms race where we cannot afford to fall behind. It is being waged in the sanctity of our homes and businesses and bank accounts. The Barbarians are not only at the gate—they are in our computers.
  2. Hackers are smart, creative and relentless. Given time and resources, they managed to partially shut down a rogue state’s nuclear centrifuges. They’ve also breached the likes of the CIA and the Department of Justice, not to mention thousands of corporations around the globe.
  3. The code that comprises the hacker arsenal is nearly impossible to control. Even under the best conditions, in a top-secret program run by arguably the world’s best spy agencies, the Stuxnet code leaked to the Internet and nearly caused President Obama to shut the entire operation down.

No one really knows how this story will play out, but the trends all seem to be heading in a pretty scary direction. One thing is clear: The Cold War concept that Mutual Assured Destruction keeps super-power missiles in their silos doesn’t apply here.

I have one recurring nightmare: What if an anti-everything organization (let’s not pick on anyone unnecessarily) managed to create a network of believable hackers and pay them well, and these hackers, the best in the world, were joined together to shut down part or all of our critical infrastructure? There would be an economic meltdown the likes of which has never been seen.

After almost a decade of increasingly sophisticated and large data breaches, hackers are sitting on a huge amount of information about you and me, literally hundreds of millions of records—our names, passwords, contacts, account numbers, and everything else needed to destroy a person’s professional and financial life. They know where we live, and they can drain bank accounts, turn off the lights and max out our credit cards with the tap of a key. And what’s to stop a consortium of like-minded anti-everythings from hitting that key?

Furthermore, some well placed sources have told me that the Department of Homeland Security struggles to recruit talented people who are US citizens and can pass the rigorous background screening required to obtain the appropriate security clearance because historically more bucks and bragging rights are on the side of institutional breaches than in public service (This 2010 study from the Center for Strategic & International Studies elaborates on these struggles). Maybe it’s time to pay so much money that loyalty is assured from non-citizen warriors.

Unlike the China, India, Pakistan, and Eastern European nations, who may at some point be aligned against our interests and where the problem is taken very seriously, according to international standardized test scores, the United States is not making the appropriate investment to encourage our kids to get into the hard sciences, math, engineering and critical thinking academic disciplines which are fundamentally essential to fight this digital war.

If we’re serious about getting the best and the brightest, we must do what it always takes to get the best of the best: educate them, nurture them and pay them top dollar. One friend told me many years ago that you can’t beat Wall Street social irresponsibility; you can only join the club. Right now, our society pays a king’s ransom to the wizards of finance and social networking, but nowhere near enough to the real engineers who are so desperately needed. And without the latter, there will be no need for the former.

Wouldn’t you agree that appropriately educating, nurturing and hiring the world’s best hackers to protect us from those with similar skill sets is at least as important to the world economy as hiring wunderkind lawyers to protect America’s corporations?

There is simply no alternative. How long could the world economic system last without the Internet? Without electricity? Let’s stop screwing around and seriously invest in top hacking talent now, so we never have to find out.

Image: mikael altemark, via Flickr

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team