8/9/11

Hacker launches volunteer program for security professionals



Renowned hacker Johnny Long drums up support for his Hackers for Charity nonprofit and announces a new InfoSec without Borders program at DefCon.
(Credit: Seth Rosenblatt/CNET)
LAS VEGAS--Johnny Long used to be known for Google hacking--finding vulnerable servers on the Internet using specific search terms. Now he's helping humanitarian groups, street kids, and police in Uganda learn how to use computers and keep malicious hackers out of their systems, as well as matching other information security professionals to charities that need help.
Long, who started the Hackers for Charity nonprofit in 2008, launched a new program at the DefCon hacker conference here this weekend that he's calling InfoSec without Borders and which is modeled after the Doctors Without Borders program.
"The volunteers are professionals in the industry now and they have a corporate responsibility" and want to help communities in need, he said. "We want to help guide that by feeding in charities that we screen."
Long's nonprofit provides free computer training to anyone who wants it, fixes computers, provides technical support to nongovernmental organizations (NGOs), and has fed thousands of families through its "food for work" program.
"We've trained street kids, the Ugandan police, government officials, Red Cross workers. We're trying to raise the level of technical ability to provide not only a service, but jobs," he said in an interview yesterday. "We have given computer training to lots of people who had absolutely no background in it. Now they have jobs and are doing things like word processing, office reception...and that kind of work is very well paid because the pool of resources there is so small."
Hackers for Charity has 30 employees and thousands of volunteers all over the world. "We've been fully embraced by the hacker community," he said, adding that the majority of the group's funding comes from hackers.
For many people, the word "hacker" conjures up images of underground criminals who break into databases and steal credit card data or the Anonymous and LulzSec groups that are really online activists described by veteran hackers as "script kiddies" who use automated tools and other less sophisticated techniques to find and exploit holes in software. But a true hacker is driven by intellectual curiosity and a challenge and has a desire to master technology and find new uses for it.
In Uganda, there's a new definition as a result of Long's work.
"The definition of 'hacker' in areas we work in Uganda has changed to 'aid worker,'" Long said. "They don't have the idea that hackers are criminals. They see us as computer wizard aid workers. That's one of the underlying things I wanted to accomplish with Hackers for Charity, to change the perception. We had been labeled as a criminal community and it's not fair."
In the 1990s, Long worked at Computer Sciences Corporation and created its Strike Force vulnerability assessment team. While there he specialized in using Google to find servers that are vulnerable to attack, sites exposing sensitive data like Social Security numbers and passwords and other things companies wouldn't want accessible via a search engine query.
After his wife went on a mission (they are both Christians) to Uganda in 2006 and shared what she had seen, Long went there and did volunteer computer repair work for an NGO whose virus-laden computer system was "a mess" and was hindering the organization's ability to keep track of contributions and be productive.
"The impact was immediate. The NGO was on the ground and up and running in two weeks, and feeding children the day we left. The last thing they said to us was 'you saved lives,'" he said. "That absolutely struck me and when I got back to the real world it was all I could think about. I wanted to use that platform to get people plugged in to that feeling of doing something positive, and to offer a positive path for hackers."
"It's hactivism by definition," Long said. "It's using technology to create social change, but it's the first example of positive hactivism I've seen."
Asked if people participating in online activism organized by the Anonymous group were hactivists, Long said: "It depends on the results of what they're doing. With Sony's site going down, you can see the immediate effect of their actions. But as to the social change, the political influence that they have, how do you measure that? A successful hactivist will be able to measure both. Personally, I have trouble seeing that impact."
Hackers for Charity is based in Jinja, which is a "stone's throw from the source of the Nile" and the second largest town in Uganda. Long's family runs a restaurant catering to Western tastes of tourists who might want a change from the typical fare of goat milk and rice. Visitors "will have a milkshake and cheeseburger and they'll drop off their laptop for a $20 repair," he said.
A lot of people are poor and turn to crime to survive. Long's family--including his three children ranging in age from nine to 15--live in a gated compound with barbed wire and an armed guard. "We have bars on every window and gates on every door," he said.
Most of the crime in Uganda is theft, he said. Computer security is practically non-existent, and that combined with the poverty is driving criminals online, according to Long, who is helping educate the Ugandan police on how to investigate everything from financial and bank fraud to credit card skimming and online scams.
"Criminals see this as a sand box to play in," he said. In addition to the work Hackers for Charity does, Long also works teaching the police about information security and connecting them to experts in the U.S. "It's basic training with the police there that can lead to training in things like forensics, he said. "We can work on cases, but we're also bringing up a generation of cyber cops in a place that has almost no infrastructure. It's unique."
Long is worried that Uganda could become another Nigeria, which is known in the online world as the birthplace of the Nigerian scam or "advance fee fraud," which features e-mails from a "barrister" who claims to be unable to access a large sum of unclaimed money without access to a bank account in a western country and offers a percentage of the money for help. By offering free computer training and other help Long hopes to help break the cycle of poverty without people having to become online thieves.
"If something doesn't change Uganda will become another Nigeria in the sense that criminals will take advantage of the technology first," he said. "We're trying to head that off as best we can."

0 التعليقات:

Post a Comment

Related Posts Plugin for WordPress, Blogger...