A specialist in cybersecurity and a hacker herself since the age of 12, Keren Elazari has always advocated in favor of computer pirates. For her they are sources of inspiration and innovation in all areas and as such are: “the most important change agents”. In her USI 2017 talk she outlines those she considers the “super heroes” of the 21st century.
The power of hackers
Whether one fears or admires them, hackers are a powerful force in today’s world. They infiltrate political parties, leak sensitive information on the largest donors to those parties or on dubious banking transactions… In Columbia, Andreas Sepulveda was sentenced to 10 years in prison for having attempted to abort the peace process between the government and the FARCs. It is rumored that this hacker also manipulated elections in various Latin-American countries for years. But other techniques are still tolerated, such as Twitter bot armies used to support campaigns and manipulate elections (it is said that over 33% of Trump’s twitter followers are robots). Elazari confirms: “the politicians who know how to exploit the power of hackers are best positioned to mold the world to their liking. ” Some have apparently perfectly understood this: for Putin, “hackers are free people just like artists who wake up in the morning in a good mood and start painting. ”
A variety of missions for “friendly hackers”
The world is beginning to worry about hackers’ power: what if they were used to launch a nuclear war? Elazari responds to the contrary: “What if hackers could help prevent nuclear war?” A few years ago, hackers from around the world got together and created Stuxnet, a computer virus capable of disrupting the nuclear ambitions of Iran. The world realized that hacker power could go beyond software: just 15,000 lines of code can disrupt physical infrastructure such as the Iranian centrifuges for enriching uranium.
It is this romantic vision of hackers which attracted the little Elazari: modern super heroes capable of preventing ecological disasters, of tackling society’s ills, of saving the world. Some “friendly hackers” spontaneously grappled such subjects to force companies to improve their security systems. This is the case namely of Barnaby Jack, who uncovered security breaches in ATMs, before moving on to attack the security of connected medical objects (pacemakers, insulin pumps, etc.). The organization I am the Cavalry, made up of researchers and hackers, has taken on the role of identifying security weaknesses in all areas to do with public security and human lives. Because in theory, all connected objects can be controlled remotely: a car, a refrigerator, a surveillance camera, a toaster… For Elazari, “we must become the CTOs of our own bodies, cars, and even our homes”. Because even if we don’t want to, we will inexorably have more and more connected objects in our homes.
Beneficial collaboration between hackers and organizations
Such actions by these “friendly hackers” served as an electroshock for companies and organizations all over the world. As Barnaby Jack so rightly said, “You have to demonstrate a threat to spark a solution”. Thus at the last hackers’ Def Con, Tesla recompensed the security experts who had exposed possible security breaches in their cars. A yacht company also called on hackers to attempt to reroute their boats – unsurprisingly the hackers managed to modify the signal sent by the GPS and alter the course by a few degrees.
The Bug Bounty collaboration program between hackers and companies was set up a few years ago and has attracted adepts from the web majors (Mozilla, Facebook, Etsy, Mastercard…), all the way to government security services. The idea is to place a marker on your site indicating your participation in the program, and to recompense hackers who manage to highlight security weaknesses in their information systems. The Pentagon launched its own program in 2016, “Hack the Pentagon”, and received its first valid vulnerability report in under 15 minutes. In the end, over 200 vulnerabilities were identified in the space of a few weeks.
Elazari concludes her conference with some words of advice for companies:
- Stop recycling your passwords
- Share the information when you experience a security incident
- List the “ingredients” (software) you use to build your solution
- Information wants to be free, don’t try to hide it all costs
Cybersecurity is there to protect our way of life. For that, it is the talent hackers have that we all need. “Whether they’re good or bad, they force us to react, to evolve and become better.”
You may also like
- [Periscope] Our interview with Keren Elazari at the conference USI2017
- Nicolas Demassieux – The advent of a prevailing Internet