Page 2 of 2 Previous

Continued: Firms hack away at cyberattacks

  • Article by: ERIK LACITIS , Seattle Times
  • Last update: May 14, 2013 - 11:26 PM

The latter includes those sending out phishing e-mails that look like they came from a legitimate source but are fakes trying to get your passwords and credit-card information.

Or maybe they are black hats trying to compromise a company’s website just so they can boast about it in hacker circles.

For the white hats, their unique skill at finding where a program is vulnerable and how to close the digital doors that the black hats use to penetrate a website is worth $120,000 to $130,000 a year, Thunberg said.

“Companies are being attacked by bad people, and if they want to defend themselves, they have to attract these scarce people,” he said. “There are maybe 1,000 individuals of this nature in the world. They have this unique hacker mind-set.”

Their clients aren’t exactly keen to publicize that they seek Internet security, said Thunberg, and that’s often written into their contracts with Leviathan.

Thunberg said his company’s average contract size is for around $70,000. Citing privacy, he said only that most are Fortune 1000 companies.

But one client that didn’t mind talking is a Washington-based company called Silent Circle. For $20 a month, it offers a service that encrypts voice, text and video on a user’s smartphone, tablet or computer.

Their customers, said Jon Callas, Silent Circle’s chief technical officer, include U.S. businesses “doing work in China and Eastern Europe and other places where they don’t want their phone calls tapped.”

His company, Callas said, hired Leviathan to evaluate the encrypting software for vulnerabilities and fix them.

“They helped us find problems before anybody else did,” said Callas.

At Déjà vu Security, Cecchetti said, work that they’ve done includes posing as new employees at a financial institution, given the standard access to computers. Firms routinely give computer “administrative privileges” to only a handful of individuals.

But, Cecchetti said, “within a couple of weeks, we had basically control of the entire organization and could access pretty much anything we wanted.”

Déjà vu put together “a very large report” on how to fix things, he said.

Hackers such as Davidov and Cecchetti have certain similarities. For one thing, they started tinkering with computers when they were kids, and that passion never stopped.

Cecchetti grew up in Greensburg, Pa. He helped start a computer club in high school and said that although he ran track and played soccer, “I was plenty nerdy.”


  • related content

  • Adam Cecchetti, a founder of Déjà vu Security, is one of the “white hat” hackers working on behalf of companies to fight off cyberattacks on a daily basis.9

  • Mikhail Davidov, another white hat hacker hired by companies, is recognized for both his distinctive Mohawk and his skills at fighting off hackers.

  • get related content delivered to your inbox

  • manage my email subscriptions





Connect with twitterConnect with facebookConnect with Google+Connect with PinterestConnect with PinterestConnect with RssfeedConnect with email newsletters