The Current

How white-hat hackers are helping cities fight back against ransomware attacks

Cities and organizations are turning to ethical hackers to protect themselves against malicious attacks on their computer systems.
Two hands shaded in greeny-dark hover over a laptop keyboard, with the screen above showing vertical rows of 1s and 0s.
Most attacks happen because someone clicked on something they shouldn't have, Kevin King says. (Kacper Pempel/Reuters)

Read Story Transcript

Cities and organizations trying to stop ransomware attacks are increasingly fighting fire with fire by hiring ethical hackers.

Ransomware attacks freeze an organization's systems, which are only unlocked if the victims pay a ransom — potentially up to thousands of dollars.

Ethical or white-hat hackers know the same tricks that people behind ransomware (also known as black-hat hackers) use, but instead work to thwart further attacks.

"An ethical hacker is somebody who is able to do the same type of hacking that you would associate with the bad guys," says Kevin King, director of integrated learning at EC-Council, a cyber security organisation.

"But in our case it's the good guys doing it."

What are ransomware attacks and crypto-jacking?

"Imagine you're working in your office and you go grab a coffee, and when you come back there's a safe that has appeared in the middle of your office," says Aleksander Essex, an assistant professor and cybersecurity expert at the University of Western Ontario.

"And there's a note taped on to it that says: 'While you were gone, we took your laptop and put it in the safe.'"

"'And if you want the combination, put $10,000 in an envelope and mail it to a P.O. Box."

Crypto-jacking is when visiting a website causes your computer to download and run crypto-currency mining software, in creating profit for criminals. 

"Imagine somebody breaks into your house and makes a bunch of long-distance phonecalls," Essex says.

Last Thursday, a ransomware attack on Atlanta brought down many of the U.S. city's online services. People couldn't pay bills or traffic tickets, and city employees were only allowed to restart their computers on Tuesday.

The hackers, suspected to be a group known as SamSam, have demanded a ransom of $51,000 US. The city has so far refused to pay.

This past weekend, a separate attack shut down Baltimore's 911 emergency system for 17 hours. Canadian municipalities, including Cambridge and Pickering, Ont., have also been targeted in recent months.

Cities are taking the threat seriously — Halifax recently advertised for an ethical hacker to test the municipality's IT systems.

King, whose company offers this kind of training, says it often involves what's called "penetration testing."

The hired hackers attack a client's computer systems, identifying the weak spots and then showing the companies where the vulnerabilities are.

EC-Council trainees are taken through the steps that a black-hat hacker would take to compromise security, King says.

The training boils down to two key roles that companies need, called the red team or the blue team.

Members of the red team are attackers, tasked with finding ways through a company's firewalls. The blue team is tasked with shoring those defences up, and repelling hackers when they get through.

Hackers brought down some of the city of Atlanta's systems last week, and demanded a ransom of $51,000. (John Spink/Atlanta Journal-Constitution/AP)

Shades of grey

There are also grey-hatted hackers, King says.

These hackers "would be employed to do vulnerability testing in the daytime," he says, "but at night time — maybe do something different."

King's company has trained and certified more than 200,000 white-hats hackers across 145 countries; they make each one sign an agreement to use their powers for good.

However, strong systems can only protect you so much, he says, and users have to take responsibility.

"The most important and fastest and complicated computer system that is hackable is right between our ears … our brain," he says.

"You find that ransomware attacks are often done because the person themselves made the mistake of going to a website that had malware, and they clicked on something or opened something that they shouldn't have."

He says users need proper training to ensure they make good decisions to ensure they don't become the weak link in a cybersecurity chain.

Listen to the full conversation at the top of this page, which also includes a report from New York Times reporter Alan Blinder, on the situation in Atlanta.

This segment was produced by The Current's Jessica Linzey and Samira Mohyeddin.