While malicious hackers continue to pose everyday threats, white hat hackers are increasingly becoming the first line of defense—and offense—for global security. From playing crucial roles in warfare to combating human trafficking, ‘friendly hackers’ are essential actors in today’s digital age.

Although a modern shift and growing trend in the Internet of Things (IoT) devices have made room for more security threats, concepts of cyber vulnerabilities and hacking have long existed.

In 2000, Joseph Mitola was part of an Institute of Electrical and Electronics Engineers delegation to China, along with 30 fellow members. “I was lucky enough to meet the founding director at the Beijing Institute of Technology,” Mitola recalled during an interview with SIGNAL Media. 

As the author of a book on software radio, Mitola noted China’s adoption of the phrase and technology concept. “When I met this lab director, I said, ‘There’s a lot of software in these radios. How do you deal with that?’”

“And he said, ‘All my students have to learn how to defend from being hacked and the best defense is a good offense, so they have to go into a website, get data and come out without being detected and without inflicting harm on the website.’”

Mitola, who at the time worked for The MITRE Corporation, was fascinated by the curriculum and continued to converse with the lab director. When asking how students receive a passing grade, the answer shocked Mitola and later his colleagues.

“Your Defense Department websites are by far the best protected,” the lab director answered. “To get an ‘A,’ my students have to get into a [Department of Defense] DOD website, get some data that isn’t available to the general public and do it all without being noticed.”

Later reporting this news to his MITRE team, Mitola’s colleague confirmed that 95% of attacks on the DOD website originated from academic institutions.

While the student hackers did not allegedly collect any data, they did learn how to protect their software radios from attacks. “The way to protect your software radio is to determine how attackers get in and then to block those pathways and methods,” Mitola stated.

“He was the first friendly attacker that I actually ran into,” Mitola said of the Chinese lab director. 

Since then, cyber threats from the People’s Republic of China have significantly grown. Salt Typhoon, for example, compromised private information from numerous U.S. companies and government agencies. 

Additionally, in September 2024, Kim Zetter reported a hacking competition by the Northwestern Polytechnical University, run by China’s People’s Liberation Army, which may have targeted real victims.

Although the U.S. does not typically publicly disclose information on its cyber offenders, recent talks from the current administration have called for more offensive operations. 

“Attackers think in a different way than defenders,” Mitola said. “Defenders are interested in protecting their data, protecting access to it.”

Concepts such as rule-based access control and role-based access control help protect such information by granting certain privileges to specific users, he explained.

“Attackers don’t think that way. Attackers think, ‘How does a system work? What can I do to make it break?’”

The Morris Worm, for example, was not intended to crash as many systems as it did, Mitola noted of the first alleged major attack on the internet.

Attackers, therefore, search for the best way to interrupt in the most unexpected way, he said. Mitola followed by speaking on how attackers can leverage stack overflows, errors that can be encountered within user-mode threads, according to Microsoft.

“A stack is supposed to be a certain size, and when the software is using the [central processing unit] CPU to do one task and it gets interrupted, the data that was in use has to go somewhere, so it gets put on a stack and then the process that’s associated with the keyboard does its thing, and then the data is taken off the stack and put back into the CPU,” he began.

“If you’re clever about what you type in, then the system will try to do something that will cause the bounds of the stack to be violated. So, a lot of times the operating system will just basically go into a mode where it presents a screen to a supervisor or a manager supposedly that says, ‘Hey, I don’t know what to do, here’s my error code.’”

A human being should then resolve that error code, Mitola said.

“But if the attacker is smart, then instead of presenting that help screen from the operating system to the user … it’s presented to the software that caused the problem. So, that software says, ‘OK, I’ll take it from here,’ and then it just can do anything it wants to in the system because it now has what’s called root privileges.”

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Source link