Don’t Ignore the “Paranoid” Security Guy, Part 1

by Taher Elgamal
Chief Security Officer

Michael Fitzgerald’s excellent piece for, “Organized Cybercrime Revealed,” continues to be pointed to on Twitter more than a month after its publication.

And rightly so. It’s a nice article, full of excellent details and compelling information.

But the thing that puzzles me always about an article like this is why it discusses, as news, something that is completely expected. If you put money in front of a criminal, what do you think they’re going to do with it? We’ve continued to blame criminals for criminal acts, which makes no sense: it’s what they do! When society provides opportunities for criminals to act like criminals, it’s society who is truly at fault.

If you would’ve asked anyone in the security/technical community—any reasonable CSO—at any time in the last fifteen years, “How will the profile of a hacker shift in the future?”, they would’ve told you that the smart hacker who wants to be famous by writing cute little viruses will be replaced by an actual criminal committing an actual crime, because things online aren’t secured very well. Sure, we have some controls and technologies deployed, but there has not been enough support to deploy even simple authentication technologies, and the absence of these technologies gives modern hackers gumption. The entire Web runs on passwords, and these passwords are very easy to guess. And that this is still the paradigm reflects a fundamental ignorance on the part of business people and governments. People who implement systems and run corporations—they don’t want to listen to security guys because security guys are, in their opinion, flat-out paranoid. Why would you want to listen to a paranoid guy tell you that there is a possibility that at some point in the future something bad will happen? But despite the fact that so many bad things are happening, and this “just ignore the paranoid security guy” attitude led to these bad things, we still think this way.

In the second part of this blog entry, I’ll speculate on where this is all going.

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s