But hacking is a culture, a way of life that is hard to match ago with the business logic, true hackers don’t do this for money, money are fundamental but not all, the must for them is always to put into question their capabilities, try to consistently exceed their limits.
Fortunately industry, private business and governments have understood it and have re-evaluated the importance of hackers, these specialists were once seen as shady individuals to avoid, today they are highly sought professionals in both private business and government sectors.
Discover vulnerabilities before attackers could exploit them is essential, millions of people and devices are connected to the network, a unique opportunity for groups of cyber criminals and state sponsored hackers, who control the global network will control the world.
Hackers are professionals that spend their time trying to discover vulnerabilities to exploit in any architecture, their work has a great commercial value, the results of their effort, the exploit of vulnerabilities is a precious commodity for intelligence agencies and private companies, their knowledge in fact could open the door to richest businesses.
Every day we read about cyber attacks, every day we read of government initiatives to protect infrastructures recruiting hacker as consultants. Recently Japan's National Police Agency has started a program to promote knowledge exchange with ethical hackers on principal attack techniques adopted by cyber criminal organizations with the intent to acquire more information on such crimes.
The authorities fear the spread of malicious agents designed to remotely control victims according The Japan Times, the police desires to a gather information on the cyber threat and to plan an awareness campaign on the population to avoid an attack on large scale that could have serious consequences.
Japanese government is very attentive on the topic, defense ministry announced to set up cyber defense unit by 2013, Japan is one of the countries most affected by cyber attacks in particular by cyber espionage campaign that hit its industrial and research sectors.
Other opening signal comes from the U.S. Government, which for years has launched a recruiting campaign for hire in his masks the valuable professionals and their knowledge. Recently the U.S. government has announced the creation of the National Day of Civic Hacking, scheduled for the next 1 and 2 June, an event open to all cyber experts who want to make a contribution to improve the electronic systems of the country.
The official announcement states:
“Civic Hacking Day is an opportunity for software developers, technologists, and entrepreneurs to unleash their can-do American spirit by collaboratively harnessing publicly-released data and code to create innovative solutions for problems that affect Americans. While civic hacking communities have long worked to improve our country and the world, this summer will mark the first time local developers from across the Nation unite around the shared mission of addressing and solving challenges relevant to OUR blocks, OUR neighborhoods, OUR cities, OUR states, and OUR country.”
Similar initiatives are fundamental for US and its cyber strategy, they have dual scope, make awareness on cyber security issue and try to involve citizens in the development of solutions and promoting of ideas to protect the country and its assets from attacks coming from the cyberspace … that is an excellent example for promoting a positive hacking culture.
Many other governments are improving their cyber capabilities recruiting hackers unfortunately, in many cases, the main purpose is the offense, create new instruments to penetrate the opposing networks.
China, Russia, Iran, North Korea, Israel and the same U.S. are the countries that major investing in the creation of new cyber units composed by hackers involving them in offensive cyber operations and cyber espionage campaigns.
Another dangerous phenomenon is the born of group of cyber mercenaries, skilled hackers that work for governments, but principally for cyber criminal organizations, providing hacking services such as targeted cyber attacks or development of specifically crafted malware. Recruit hackers is not so hard, it is possible to do it on various underground forums or in the Deep Web, this professionals and related cost are very cheap in majority of cases.
The question raise a fundamental question, which are the limit of ethical hacking? When an hacker discover a vulnerability which is the correct and ethical behavior to assume?
The monetization of their researches and the incredible and uncontrolled request of hacking services has thrown the hacking world into anarchy attracting dangerous forces like the cybercrime and governments.
In this chaotic moment governments and private businesses have no choice, they must play the same game being informed on the principal cyber attacks techniques, the knowledge is necessary to preserve the assets in the cyber space. Cyber security must be at first place in government strategy as in the private company policies, the figure of the hacker must be considered essential for the evaluation of security level of any infrastructure but this is not enough in my opinion, the introduction of hacker in business context, but also in government environment must be regulated by strict rules, that is the very challenge.