“It really sucks to answer your door to 30 FBI agents.”
In June 2002 Tommy DeVoss (hacker alias dawgyg) was arrested by the FBI, who charged him with breaking into government and military computers. Mr DeVoss would serve two and a half years in a federal jail. He was 19 years old.
Now 33, Mr DeVoss is reflective on his crimes, which he attributes to little more than a teenager’s wandering mind, the thrill of power and a few bad choices.
However, ask anyone in the NHS if computer hacking amounts to childhood fun and you’re likely to get a different response. Earlier this year the Wannacry attack struck computers across the world, including those of the NHS, crippling systems and services, costing £180,000 in special measures and putting operations and lives at risk.
Such attacks are now part of the daily threat every organisation faces. As many as 46pc of companies suffered from a cyber attack or breach of their computer systems last year.
As we all move into a more open world, more reliant on connected technology and more susceptible to those who would exploit it, The Telegraph and Samsung Knox have created a two-part documentary series to ask who hackers are and how we can protect ourselves and those we care about.
A wake-up call
If hacking is something that many of us saw in the shadows behind the systems that run our lives, recent events have put it firmly in the spotlight.
Shafi Ahmed, a pioneering surgeon working at St Bartholomew’s Hospital, London and an early adopter of tech in health, recounts the day of the WannaCry hack: “It was emotional. There was frustration, confusion and anger. Who would do this to a hospital?”
Mr Ahmed was in the process of delivering a difficult and emotional diagnosis to a patient when he realised he couldn’t access their records. “I knew that what I needed to say would be hard for them to hear and then I couldn’t tell them what was wrong with them.”
He describes the attack on the NHS as “a wake-up call for every business owner” and a realisation that for all of the tremendous advances in technology in a sector such as healthcare, security must never be ignored.
They could be anyone
Perhaps one reason we don’t always give cyber security enough respect is its faceless protagonists, who are less brutal and substantive than bank thieves or arsonists, though no less destructive. “When I picture a hacker I see a face covered by a mask,” says Mr Ahmed. “Hackers by their nature are anonymous. They could be anyone, anywhere.”
While they remain secretive, hackers are increasingly successful. The truth is that it’s never been a better time to be a hacker. From fridges to fitness trackers, never have more devices tracked more information about us, and been ripe for exploitation.
“There’s so many more things now that you can hack – your phone has everything about you,” says Mr DeVoss. An exciting prospect for a hacker, for sure, but one that’s personally unappealing. “The stakes are a lot higher now,” he says. “If I got caught again doing it illegally, it’s life in prison.”
Mr DeVoss now wants to provide a good life for his daughter, Skylee, although he still describes hacking as “an addiction”. He has found a solution in bug bounties, where corporate entities open their systems to the stress test of an attempted hack. Those that break through and identify a weakness get the prize. Everybody wins in this mock crime: the hacker still gets their buzz, the business tightens its security and nobody has their data stolen.
Mr DeVoss recently raised his profile through a $9,000 bug bounty offered by Yahoo!. On receiving his report the company had the issue analysed and a solution planned within an hour, and had the end point taken down and the compromised Secret Keys revoked less than an hour later.
Few companies are so security-savvy, explains Mr DeVoss, but as such services of ‘‘white hat’’ hackers become more well known, he hopes that will change.
“I couldn’t quit hacking, so I had to find a way to use it to help companies protect themselves and their customers,” says Mr DeVoss. “I wanted to be part of the solution, and to make hacking a part of that.”
For Mr DeVoss, it was the realisation of having something to lose that has helped cement a newfound appreciation for life outside his hacker alias. “When I came out I knew I needed to change,” he admits. “Becoming a father was a part of that; I understood that feeling of having something to protect.”
Protection and care
Mahiben Maruthappu, a president of start-up company Cera and Forbes 30-under-30 alumnus is a proponent of technology but sanguine about the future. “Hackers affecting work and life isn’t something that’s going to happen in a few years’ time, it’s already happened,” he says. “And everybody has something they need protecting.”
Mr Maruthappu’s business is more reliant than most on cyber security. A business supporting the elderly, Cera’s care workers use mobile devices containing sensitive personal information.
“The internet is a human network, and because most people are good, it is a force for good. It’s central to my business’s mission of matching the right carer with the right person [emotional images of care being given]. But there are people who will use it to attack any organisation, big or small, if they can.”
He is an advocate for hackers such as Mr DeVoss, noting that the greatest experts in this area are unlikely to have always operated on the right side of the law. “To protect those who want to use the internet for good, you need to understand those who want to use it for harm,” he explains. “There is valuable insight and intelligence that they will have that, frankly, I won’t.”
Mr Ahmed agrees. “I have to understand what’s attacking my patients’ bodies, so I can fight it,” he says.“It’s good to know that the people designing our defences think the same way I do. They study the disease to develop the cure.”
For Mr DeVoss, there is an element of pride in working to help others, rather than exploit them. “If bug bounty hacking had existed when I was 14, I don’t think I ever would have gone to jail,” he says. “It’s my understanding of the hacker mentality that enables me to help companies protect themselves.”
It’s work that’s paying off. “If it continues to go the way it is, [my daughter] is going to have a really fun childhood,” he says, adding: “I would rather earn less and help more. Pretty much every hacker I know is the same.”