GRAND RAPIDS – A group of ethical hackers who want to continue doing security research to show the world where computer and network vulnerabilities lie was formed earlier this summer, so said one of the leaders of I Am The Cavalry who spoke Thursday at GRRCon, a two-day hacker conference held in downtown Grand Rapids.
Nicholas J. Percoco, a well-known security professional from Chicago, said he also formed the group to counter the negative image of black hat hackers who steal money, personal information and intellectual property as part of criminal gangs or to spy for countries. Percoco founded the group with fellow security pro Josh Corman, he said.
?We are a pro-active hacker movement,? Percoco said during an interview with MITechNews.Com Editor Mike Brennan. ?We want to preserve what we do through a demonstration of public good. We are a group of people doing security research, versus the criminal hackers doing it for profit.?
For instance, security researchers could find a problem with a medical device and tell government authorities, but that information may not be shared with the device manufacturer or the Food and Drug Administration, he said. Legislators could then over-react and criminalize security research and development. Such actions would drive the white hat hacking movement underground, and only benefit the black hat criminal element that would continue to exploit the vulnerabilities, he said.
What I Am The Cavalry (IAmTheCavalry.Org) is doing is collecting a database of vetted ethical hackers for medical devices and other products, including automobiles and connected homes, to show manufacturers the various security issues that could be exploited by the bad guys.
?For instance, a malicious hacker could shut off the heat in January on a connected home while the residents are wintering in Florida,? Percoco said. ?The hack could freeze the home?s pipes causing all sorts of physical problems. The cavalry isn?t coming to the rescue to save these homeowners.?
Percoco said ethical hackers can?t afford to sit back and let governments decide their fate. His group will become very proactive by launching public relations campaigns to share their story with the press and lobbying efforts to make legislators understand what they do.
According to the IAmTheCavalry.Org web site, the group?s mission is to insure that security research is recognized as a valid and legitimate mitigation of risks to the technology ecosystems.
The group’s vision is technical ecosystems of the world are tenuous and constantly under pressure of changes that are understood by few. Informing the public, leadership, and stakeholders of opportunities and risks is important from various stakeholders? viewpoints. So interacting and informing through various communication strategies until freedom of action is understood within the technology ecosystem is I Am The Cavalry’s goal.
To read a cyber crime thriller that chronicles the life of a hacker, click on LuLu.Com
