Not all computer hackers play for the dark side. “Ethical hackers” James Carroll and Eric Fiske from Secure Network Technologies represent the good guys of cyber security penetration.
Carroll and Fiske are Offensive Security Certified Professionals (OSCP), or security technicians with the skillset of real, criminal hackers, hired by companies to purposefully infiltrate their business, both in person and through the internet, to highlight gaps in business security.
This practice can be beneficial to companies, as cyberattacks are reported every day in the U.S. At any time, a security breach can occur, possibly leaving millions of people at risk of having their private information and other data compromised. At the beginning of September, U.S. consumer credit reporting agency Equifax was breached, resulting in that.
It is also important for students and citizens alike to keep their information safe. Oswego State Campus Technology Services brought Fiske and Carroll to the Marano Campus Center Auditorium Tuesday evening, as part of National Cyber Security Awareness Month, to speak about their jobs and the steps everyone can take to ensure their own private data is protected by the technology devices on which they store it.
Carroll and Fiske work for the Syracuse-based Secure Network Technologies, founded in 1997. Carroll graduated from SUNY Polytechnic Institute, formerly SUNYIT, with a degree in network computer security, while Fiske completed his Bachelor of Technology at Morrisville State. Both were hired within a few years after graduation and completion of their OSCP certification training at Secure Network Technologies and have been employees ever since.
Carroll spearheaded the presentation, explaining the work they have done for local businesses and Fortune 100 companies through three services they call forensic analysis, network assessments and social engineering. These operations involve covert activity, whether it be hacking into a company’s database to steal intel, diagnosing network issues recovering lost data from real breaches or physically breaking into companies’ facilities during business hours to find holes in building security.
They went on to explain that Secure Network Technologies does not just take this data or the gaps they find in equipment security and run with it. Workers like Carroll and Fiske are hired by company executives to take the problems they find in their visits and compile them into a report, which is given back to the company. Carroll and Fiske then recommend solutions to their security gaps that will assist in making their data, people and overall well-being of the business more protected, hence the name “ethical hacker.”
Carroll and Fiske also previewed a video clip of them, from a tiny camera in a pen, walking in through the front doors of a company without even having to swipe the fake IDs they made before arrival. They demonstrated to those in attendance how easy it is for even the most basic hackers to view social media profiles and publicly available information of employees to set up their false heist by creating fake badges, finding official work attire, lettering vans to look like actual company vans, creating look-alike websites that run malicious code and sending fake or phishing emails, among other hackworthy things.
Carroll and Fiske explained that their testing and reporting methods are what sets them apart from the average IT guy. Their business does not sell software or hardware, but instead shows every possible hole in any security point, whether on the computer or in the building. Whereas other tech-testing brands only check basic areas, Secure Network Technologies goes above and beyond to find other fractures in data protection methods.
“We’re trained hackers. That’s what we do for a living,” Carroll said. “The sign on our door isn’t for a CPA firm. You see the skull and keyboards. You know what you’re getting into.”
Fiske also chimed in on what makes their work the most useful in its field.
“Our job, every day, is that we look at all those devices [companies] put in place and say, ‘how can we destroy it, how can we break it, how can we get into it,’” Fiske said. “And that’s what we’re trying to look at.”
The Secure Network Technologies hackers concluded their talk with advice for students on the steps they can take to make sure their online accounts and personal computers are protected from real hackers.
One of the most useful techniques they mentioned was setting up an extra layer of password security called two-factor authentication, or 2FA. Sophomore and computer science major Adrian Naaktgeboren was in attendance and shared how he uses 2FA in his own internet accounts.
“Two-factor authentication is something I employ,” Naaktgeboren said. “Gmail accounts are pretty prevalent. The CTS department here has been hyping on that pretty recently in the last few months with their email campaigns.”
He also knows that changing passwords is very important, as well as being aware of phishing emails and knowing not to open suspicious attachments.
“I would definitely say the password usage, trying to avoid reusing it. You get one and everything just falls like dominoes,” Naaktgeboren said. “You can hit people multiple times.”
Overall, several years in the industry have exposed Carroll and Fiske to the most complex security hacks and breaches, bringing them to their ultimate mission statement. They want to educate people about the dangers of computer threats and help prevent breaches from derailing businesses.
“We want to make sure that people are educated and aware of the security measures that are out there and can take advantage of them,” Fiske said. “There are too many bad people in this world that are trying to find a cheap thrill or make a quick buck, and they’re using anybody and everybody at their expense to get it.”
Photo: Kelsie Zacholl | The Oswegonian