Saturday, July 26, 2014

Ethical computer hacker says field is growing, but still five steps behind

EDMONTON — John Zabiuk disassembled his parents’ TV at age six, taught himself computer programming as a teen and, as a post-secondary student, hacked into his school’s system on a lark.
He didn’t change his school marks. He didn’t change anyone else’s. But he could have.

Eventually, he knew the jig was up.
“One day I had one of the IT people come in and say, ‘Come with us. We need to talk,”’ Zabiuk recounted in an interview.
They sat him down in a room.
The head IT guy came in with a stack of programming manuals and slammed them down on the table.
“He said, ‘We don’t know how you’re doing it, but if you’re going to do it, at least read the manuals so you can show us how you’re doing it.”
Zabiuk’s career as an ethical computer hacker was born.
Zabiuk now works at that same school, the Northern Alberta Institute of Technology, where he teaches students to protect computer systems by approaching the problem from a hacker’s viewpoint.
The field is growing as private companies and governments go on the prowl for better ways to protect their bytes, he said.
It’s simple math, he suggested.
“The more and more information we have online, the more data we have that can be accessed without people knowing.”
His classroom has a skull-and-crossbones flag hanging from the ceiling to cheekily symbolize pretend piracy.
His students noodle away through a labyrinth of codes and subroutines, digging deeper and deeper to find ways in, and then creating roadblocks to stop anyone else from following.
It’s both challenging and disturbing, said Zabiuk.
The technology changes daily and the entire body of knowledge can turn over in six months.
By the time he’s patched one problem, another has appeared.
“Typically we’re about five steps behind all the time,” he said. “You don’t know necessarily what the next attack will be until it happens.”
The bugs can be as diabolical as they are debilitating, as hackers have made the field as much about psychology as cracking codes.
The easiest way to hack into a system, said Zabiuk, is to get someone to click on a virus and download it, dispatching a sub-secret command to log a computer’s keystrokes and send them back to the hacker.
Another disturbing trend, he said, is data kidnapping.
“It’s a program that once (you download it) it gets on your system, it will encrypt all your data files,” he said.
“And it will put a little message on your screen saying that all your data has been encrypted. If you want to recover it you need to send us two bitcoins — or whatever the ransom is of the day — and then they’ll send you the key to decrypt all your data.
“A lot of organizations are being hit with this. There are a number of police departments in the United States that have had no choice but to pay the ransom.”
When he isn’t teaching, Zabiuk also works to keep computers safe for the Edmonton Public Library and for Edmonton’s courts.
Walking around his classroom, he can tell which students could eventually follow in his footsteps.
They’re the ones who stay late, work through after the bell rings and try different things.
That didn’t work. Type, type, type.
Maybe this will work. Type, type, type.
“They’re the ones who are going to have a future in the field.”

More stories