CTR Home Internal  Relations and Communications Home About CTR Publication Schedule CTR Archives

March 29, 2001 Hackers help create better systems, say panelists






by Sylvain Comeau

The internet is like a virtual wild west, a wide open and expanding frontier — but like any free for all, bandits and troublemakers of all kinds pose a constant security threat. Internet experts discussed the battle against hackers at an SCPA panel on February 28.

“The internet evolved naturally, and was created as a new frontier without rules,” said David Souaid, director of business development at Surefire Commerce, a company which processes credit card transactions on the internet.

“One of our biggest problems is fraud — we see more and more people trying to hack into our database, writing their own software to break our encryption of credit card numbers and then charge purchases to us.”

Louis-Eric Simard, of the internet security firm Freedom Factory Inc., said that hackers are not all crooks, or even always a pain in the virtual rear.

“My job is to prevent hackers from breaking into our clients’ systems. It is very interesting work because it means that I deal with some very smart people with interesting ideas on how to make our lives miserable.”

“Ironically, they actually help us create a better system for the future.”

Hackers — or crackers, a term that Simard and his peers favor — see breaching security as an intellectual exercise rather than a money maker.

“For the most part, they don’t want to destroy businesses or be malicious. They just want to break in for the same reason that you want to win a game of chess: it is an intellectual exercise, something exciting to do on a Friday night.”

“There are two types of hackers, what we call black hats and the white hats. Black hats want to break in and create havoc so they can boast to their friends: I killed e-Bay, I killed Microsoft, look how big I am.

“White hats break in but then tell us exactly how they did it, exactly where our systems are vulnerable. Sometimes they actually work with us in plugging the leaks.”

Hackers have sometimes been vilifed in the press for their ability to wreak havoc on large chunks of cyber space, and some, like Montreal’s own Mafiaboy, have been jailed, Simard says that all the expensive and time consuming efforts to track them down could backfire badly.

“It is very dangerous to stop hackers through regulation because they are helping us build better systems,” Simard said.

He added that a flawed security system is actually worse than none at all.

“You are better off having no security than a mediocre security system. A weak system will give you a false sense of security, leaving you vulnerable to hackers, and they will have busted in before you know it. If you have no security, you’ll be acutely aware of it and you’ll at least be constantly vigilant of any breaches of your database.”

Ultimately, Simard predicts that the constant cat-and-mouse game between hackers and security experts will be won by the computer establishment.

As every flaw in computer security gets breached, then sealed, presenting a blueprint for increasingly airtight systems, breaking in will begin to prove too daunting for all but the best and most dedicated computer geeks.

“What man makes, man can break. But over time, hacking will become too difficult for most; it will demand a very high level of expertise. At that point, hopefully, industry will hire the remaining few who can still do it.”

The bottom line, Simard says, is that “more people are working on internet security than are trying to break in.”