• Contact Us
  • 833-476-2487
  • 833-4-SOCIUS

    Socius LogoSocius LogoSocius LogoSocius Logo

    • Brokerage
      • Management & Professional Liability
      • Property
      • Casualty
    • Applications
      • Crime
      • Cyber
      • EPLI
      • Errors and Omissions
      • Management Liability
      • Property and Casualty
    • Continuing Education
    • About Us
      • Meet Our Team
      • A Decade or More
      • Mission & Vision Statement
      • Testimonials
      • Philanthropy
      • Careers
    • Resources
      • Articles
      • Reference Documents
      • Socius Scoop
      • Diversity & Inclusion Newsletters
      • Press Releases
    • Make a Payment

    Hanging with the Hackers

    April 29, 2015

    By: Laura Zaroski, J.D., RPLU Socius insurance Services 

    This was my second year attending the DEF CON “Hackers” Conference held in Las Vegas. DEF CON has grown to over 20,000 attendees and just celebrated its 25th year. As always, it is cash only ($260) as no respectable hacker gives out his credit card number (please…).

    What was “hot” this year at DEF CON? The most talked about area was the Voting Machine Hacking Village where hackers were let loose on computerized voting machines purchased by DEF CON for the conference (an exemption to the Digital Millennium Copyright Act gave the hackers a temporary pass to experiment on these voting machines). The hackers quickly discovered that the machines run on ridiculously outdated software allowing quick and easy entry into every machine, successfully manipulating the software to register fake ballots and change vote totals. Besides being disturbing, what was the point of this exercise? These results were shared with the Voting Registrars’ oces making them aware of the security aws in the hope that they will be corrected before the next election. In addition to voting machines, hackers also successfully hacked into cars, kitchen appliances and a medley of other connected devices.

    Folks that hear about the conference wonder why the government does not shut it down. How can the government allow an annual conference where thousands of hackers gather to show their latest exploits? It depends on whether you look at the attendees as dangerous criminals, or gifted programmers sharing their successes. This year, Marcus Hutchins, a 23 year old British security researcher (known by his online handle – Malwaretech) was arrested by the FBI at the airport when he was leaving DEF CON. Hutchins was credited with stopping the WannaCry outbreak which likely saved thousands of companies from the Wannacry virus attack. However, the government alleges that Hutchins was involved with the creation and dissemination of the Kronos banking trojan (which attacked numerous banking institutions worldwide) and therefore, has painted him as more of a villain than hero. His fate will unfold over the next few months. So yes, attendees have been known to get in trouble at DEF CON. 

    Hackers generally ignore boundaries and don’t conform to convention. Is this bad? Or are we just looking at them the wrong way? Are hackers criminals or patriots? Should we discourage these hackers or learn from what they can exploit? Their skills could certainly be used to protect our country from cyberattacks from foreign companies and governments (as other countries clearly have their hackers attacking the U.S.). The difference between a black hat hacker and a white hat hacker is very “grey” in my opinion. But most companies and the government don’t make it easy for well-meaning hackers to productively participate in our country’s cyber security. Laws like the Computer Fraud and Abuse Act make poking around inside government systems a criminal offense (and the government is generally irritated by hackers who point out their agencies’ weaknesses). Further, many talented hackers are disqualified for government jobs due to the onerous background checks (as well as for the apparent requirement of short hair and collared shirts – something you don’t see a lot of at DEF CON). 

    It is obvious that the knowledge base at DEF CON is tremendous. These talented hackers could be enormously valuable if they are properly enlisted in the fight against black hat attacks. Some companies in the private sector have already discovered the benets of hackers. Many tech companies, such as Facebook, Apple and Microsoft now oer “bug bounty” programs, in which they oer financial rewards to hackers who find holes in their security measures. They realize that paying hackers to expose their weaknesses for a financial prize, is better than reacting to a cyber breach and the financial/public ramifications that follow. Government agencies are beginning to experiment with a similar approach, such as the Department of Defense, which offered the first-ever federal bug bounty program last year called “Hack the Pentagon”. 

    TAKEAWAY:

    Spending a weekend at Def Con is a good way to learn how all devices that are connected to the internet are vulnerable. DEF CON makes you appreciate how entrepreneurial and innovative hackers can be, as they continually push the envelope on how to use (and abuse) technology. After attending DEF CON I certainly am more cognizant of what I put on the internet, what devices I use, and how I access my own data. It also reminds me how crucial Cyber Insurance is to companies of all sizes, shapes and industries. NO ONE is immune or safe from hacking. Don’t ignore the obvious threat that hacking poses to your business and bottom line. Efforts to prevent a hack are important, but as any system can be hacked, detection and remediation are even more crucial to the survival of any business. 

    Please contact your Socius broker today to discuss cyber insurance and tailoring a well drafted cyber policy to meet your clients’ needs

    Download a PDF version 

    Share

    Socius Logo

    As your outsourced marketing department, we work closely with both admitted and specialty markets to meet your clients’ unique needs.

    • Home
    • Continuing Education
    • Employee Benefit Providers
    • Contact Us
    • Terms of Use & Privacy Policy
    Copyright © 2022 Socius Insurance All Rights Reserved.
        We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
        Do not sell my personal information.
        Cookie settingsACCEPT
        Privacy & Cookies Policy

        Privacy Overview

        This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
        Necessary
        Always Enabled
        Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
        Non-necessary
        Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
        SAVE & ACCEPT
        Customer Feedback