Getting inside the minds of ethical hackers

It's "a little disheartening," McLaughlin admits, but the most common mistakes made today like lazy passwords are the same mistakes Wood was pointing out to clients 20 years ago.

Wood advocates the use of passphrases instead of passwords claiming they're both easier to remember and infinitely harder to guess.

"This would, in one stroke, remove the single largest vulnerability we find as internal testers and firms won't do it," he said.

"Beyond that we need to understand that the programs we are running in 2011 are very different in quality from the programs we were running 10 years ago."

As the IT world continues to change, so too do the challenges faced. Three factors in particular have changed the nature of security dramatically in the past year.

"The first is cloud services, the second is consumerisation where staff are increasingly being allowed to use their own equipment in the corporate environment and the third is social networking," Wood said.

IT decision-makers need to look closely at their legal and security requirements before signing up to the cloud, he warned.

"For instance, if I have personal, identifiable information about citizens in Europe, the Data Protection Act will apply to me," he continued.

"If I arbitrarily choose a cloud provider on the basis of cost alone and upload that data onto their servers without identifying where those servers are located, I can immediately be in breach of data protection legislation."

This would also make it harder for ethical hackers to test data security. That said, if anyone can find a way to make it work, it's likely to be Wood.

An old head for modern times

At 58, he has spent a lifetime tinkering with computers. It is a career that found him, not the other way around. He was never an illegal hacker. He never formally studied it. His interest and abilities evolved along with computers themselves.

"I was always interested in technology, even as a small boy," he said. "I was the kind of kid who pulled something apart to find out how it worked."

A good student, Wood's world was rocked at the age of nine when his father committed suicide. He was still top of the class at his Sussex school at age 11, but by 16 he railed against authority and dropped out. Today, his long grey ponytail betrays his past as a slightly wild child of the 60s.

It's like being the combination of Sherlock Holmes and a naughty schoolboy

His first job was with a hardware firm in Horsham, working on systems for BBC radio and television. He studied electronics. He came across his first computer in 1970 working for a company called Computing Techniques, testing industrial control analogue-digital hybrid computers.

"That suited my personality enormously well because I've always preferred trying to break things to trying to make things," he said.

Over the years he worked with computers and systems for various companies even spending some of the mid-70s installing systems behind the Iron Curtain in Poland before opening his own consultancies.

He has seen computing change from a world where data was loaded one byte at a time, by switches, through to the internet age where gigabytes can be sent across the world at the click of a mouse.

Wood said he particularly loved ethical hacking because "it's like being the combination of Sherlock Holmes and a naughty schoolboy".

"You are actually making systems more secure, which in turn makes the average citizens life secure, in the long run," he said.

It's also a growth industry and one Wood encourages young people to consider.

"There's no greater thrill than being with [co-worker] Andy when he gets into a secure data centre just by using his voice, or being with Mike when he gets into the most sensitive data in a worldwide legal firm and gets it within ten minutes," he added.

"It's exciting. It's like a multi-dimensional crossword puzzle."

TOPICS