The motivations of hackers are often obscure. The motivations of the handlers at the Internet Storm Center—the people who stand ready to battle the latest internet malady—are a little easier to understand. Bob spoke with Alan Paller, the Director of Research at Sans Institute, home to the Internet Storm Center. Paller says they do it to feel like they're making a difference, for personal pride...and a for leather jacket.
[MUSIC UP AND UNDER]
Our website this week is devoted to hacking and hackers, but we don't want to leave out our non-digital listeners. This concerns you too. So listen on.
Last month Hurricane Irene reminded us that nothing excites cable news like a big storm.
This thing could be anywhere as a Category 2, 100-mile-per-hour storm.
Preparations underway in Virginia ahead of the monstrous storm.
Possibly a Category 4 hurricane in the northern Bahamas...
But hurricanes aren't the only storms that sweep across our landscape. There are also destructive storms on the Internet. That's where the Internet Storm Center comes in. This elite group of übergeeks monitors their monitors 24/7 on the lookout for dangerous viruses, insidious worms and relentless bots, lest they make landfall on your computer or on somebody else's that really matters, like the bank or the Army.
Alan Paller, director of research at SANS Institute, the home of the Internet Storm Center. What is the Internet Storm Center, after all?
It's a collection of people and sensors, sensors that are watching for traffic that is unexpected, so that, when a spike happens, we pick it up and say, wow, that might be a new worm.
And the other side is a group of volunteers called handlers: full time employees of large organizations, or small organizations, who 24 hours a day are on duty to respond when somebody finds something really bad on their computer. They'll put a notice out to the 200,000 people who are part of the SANS community and they can find out within a few hours whether there's a lot of it or a little of it.
Is there any way for you to describe in plain English what a typical threat might be like and how the Storm Center reacts?
A simple example is a program that makes a file, like a music file, and when you open it the file may play the music, but in addition to the playing music it also takes over your computer, so that whenever that malicious person wants to he can use your computer to attack other computers or to send out spam or to look for data about you or your company.
We find that software and we take it apart, and then we write programs that will find it and get rid of it.
And you're doing this all of your own volition, right? Aren't there official organizations that are doing similar things just as an ordinary course of business?
What's different about the Storm Center is it responds immediately. When things go to any of those organizations, in general, unless you're paying a lot of money to them, you don't get anything back for a month or two.
When you send something into Storm Center, you'll hear something about it the next morning. Think of us as the emergency room and them as more the deeper hospital services.
If I were a Hollywood screenwriter, I would be doing a story about a group exactly like yours, infiltrated by some malign individual hell-bent on undermining the world's computers by essentially being a worm in your organization and going out from there.
A few years ago, one of our people worked undercover for the Naval Criminal Investigative Service and found that the worst of the hackers who were doing malicious things at night in the Boston area was during the daytime the chief security officer for a Boston company.
There's a risk for any organization that is trusted that they might distribute a piece of code that people think is going to just look for something, when it actually does something malicious. This is a problem, but whenever we distribute a piece of code, it gets vetted through a whole bunch of people.
Tell me, Alan, how does this movie end? Are you ever-vigilant and ever- successful? Or does something catastrophic slip through with who knows what toll?
It ends with a pair of scenes. The first one is the catastrophic attack because once something catastrophic happens, a whole lot of people who didn't think it mattered much change their mind.
And then, there's a radical shift, interestingly, that will put us out of business, for the most part.
What we have been trying to do for almost 20 is get the people who manufacture software and hardware to manufacture it with security baked in. Right now it's impossible to keep systems perfectly secure. And that's because the people who manufacture it manufacture it with a bunch of holes in it.
And the manufacturers of software do this, why?
The answer is fascinating. The colleges teach people how to write programs but don't teach them how to write them securely. The companies that hire the programmers allow them to write programs but never test them to make sure that they're writing them securely.
We can’t get the schools to start teaching this stuff until somebody says, shoot, I’m not gonna hire a programmer who can't write secure code. It would be like hiring a pilot who doesn’t know how to fly in a storm.
So now I know how your volunteers are organized. Why do they do it? If they – if they’re not getting paid, what's in it for them?
Because they want to be part of the solution, and they like the idea of doing that in an organization that has a big impact, rather than one where they're just impacting their own organization.
And for personal pride. When you’re chosen to be an Internet Storm Center handler and you wear the leather jacket that you get when you've been doing it for a year, people notice. They talk to you –
Wait, wait, wait, wait – you really get a leather jacket?
They don't get paid anything, so a leather jacket is a –
Spurs, chaps, badge, gun, what?
Just a leather jacket.
Alan, thank you very much.
[LAUGHS] You’re welcome.
Alan Paller is director of research for SANS Institute, which is the organizing body of the Internet Storm Center.
WNYC 93.9 FM and AM 820 are New York's flagship public radio
stations, broadcasting the finest programs from NPR, PRI and American Public Media, as well as a wide range of award-winning local
programming. WNYC is a division of
New York Public Radio.