How hackers can help in the fight against cyber crime

The FBI recently cracked a terrorist’s iPhone without Apple, but it still had outside help. And the U.S. government is teaming up with others all over to fight cybercrime.

In addition to the Defense Department recruiting the most tech-savvy Americans earlier this month, the FBI last week urged security experts and businesses to inform the agency if they’re attacked, especially by ransomware.

This malicious software encrypts data on internal computer systems, in effect holding it hostage until hackers receive a ransom in exchange for a decryption key, as The Hill noted on Tuesday. Law enforcement often tells victims to “just pay the ransom,” which helps fuel an almost $1 billion-per-year ransomware industry.

“The sectors hardest hit by ransomware include industries that rely on computer access for performing critical functions, such as healthcare and law enforcement,” Reuters stated on Monday. “Friday’s FBI alert was focused on ransomware known as MSIL/Samas.A, which the agency said seeks to encrypt data on entire networks, an alarming change because typically, ransomware has sought to encrypt data one computer at a time.”

Holding Your Banking Data for Ransom

“Financial institutions are likely the next major sector to be targeted by ransomware, if their systems have not been infected already,” according to a report by the Institute for Critical Infrastructure Technology. “Law enforcement has neither the time nor the resources to track down the culprits.”

Recent regulatory efforts, such as Basel III’s new data storage requirements for financial institutions, are decent, but they don’t change the fact that governments and businesses don’t have enough trained people dedicated to fighting cybercrime. So some organizations are crafting cutting-edge alliances.

“Outgunned and sometimes outfoxed by criminals, security companies are urgently trying to add skilled staff,” Inside Bay Area stated last week. “And [they] are cooperating -- instead of competing -- to counter attackers.”

Training Future Hackers

These security companies are teaming with universities around the world to help prepare students for the 1 million or so unfilled cybersecurity jobs worldwide, Inside Bay Area noted. A Silicon Valley firm is leading the charge to combat cyber-threats, such as theft, data piracy and ransomware, in part because about 200,000 (one-fifth) of those vacancies are in the U.S.

That may be an uphill battle, with government and media sources often portraying hackers as the bad guys, according to The Wall Street Journal last weekend. An op-ed calling hackers “a valuable asset to society and national security” also says that negative stigma discourages people from seeking careers in cybersecurity, leading to a shortage of professionals in that field.

But some organizations have already embraced outside hackers.

Bug Bounty Hunters

Uber is building its cybersecurity apparatus the same way it amassed its legion of freelance drivers, the online transportation network company announced last week. Uber will pay its hacker allies up to $10,000 ferret out malicious code, hackable bugs and the like from its apps and Web site.

“Uber ... has gone a step further than older programs run by Google, Facebook and Microsoft,” WIRED stated last week. “It’s trying out a bug bounty ‘loyalty system’ that gives hackers bonuses for repeated bug discoveries in Uber’s platform.”

Handing out “treasure maps” to your Web site’s weaknesses may seem strange. But it’s surely preferable to the horde of unknown hackers now clamoring to defeat the iPhone’s encryption, following the FBI’s success with a San Bernardino shooter’s smartphone.

And bug bounties might be your best bet.

Partners in Cybercrime Fighting

“The idea of a bug bounty is that you’re engaging the entire global community to ... find flaws so that we can fix the system and make it better for everyone,” Wickr co-founder Nico Sell told All Things Considered on Tuesday. “This is something that many technology companies do.”

In a similar spirit of collaboration, the U.S. Department of Homeland Security this month started sharing information about new digital threats with private businesses and others. The voluntary program encourages participants to share information about how they were hacked -- details they would normally keep under wraps -- in order to help others detect and defend against similar attacks.

But the U.S. Department of Justice isn’t sharing any information with Apple about how the FBI broke into an iPhone, perhaps because of the bitter legal battle that preceded the hack. So, for now, Apple seems to be on its own to figure out what happened -- and how to prevent others from doing the same.