Sky Betting & Gaming’s team of ethical hackers are on a mission to break into their own site to keep their customer’s details secure.
Picture the scene, a dark figure sits hunched over a computer screen, fingers moving swiftly across the keyboard. With a few deftly executed commands, they can steal someone’s data, hack their accounts and cause utter chaos. But what if that dark figure wasn’t the archetypal bad guy, what if they weren’t trying to rip you off or ruin your life – what if they were actually trying to protect you?
It started with curiosity, but now it’s something much more sinister
Back in the day, the old school hacker’s M.O. was pretty simple. Curiosity motivated them to break in and look around a system they’d hacked into. Some wanted to experiment, to prove to themselves and the wider hacking community that they had the skills to disrupt a big business with serious resources.
But curiosity soon turned into opportunity and it wasn’t long before those innocent hacks became the financially-motivated cyber crime we know today. Nowadays hackers are headline news as they break into businesses to steal their money, their data and their corporate secrets.
In the last 10 years, the top 10 most-used attacks have barely changed and they’re all relatively unsophisticated. The difference is that there are more hackers out there now. All you need is a computer with an internet connection, and one hacker with even a very basic knowledge can launch hundreds of attacks a day – chances are, they’ll find a weakness somewhere.
Most of the big breaches you hear about aren’t even the result of sophisticated attacks and some can go undetected for months. It took four years for Facebook to realise 117 million of its users had had their passwords and logins stolen and sold on the black market. That’s a hell of a long time to realise you’ve been robbed.
When it comes to hacking, the best defence is a good offence
Hacking is a risk that businesses like Sky Betting & Gaming simply can’t afford to ignore, so they’ve drafted in their own team of ethical hackers. Like their evil alter-egos, they use all their cunning to break into computer systems, but they do it to find vulnerabilities and fix them before the real hackers can get in. In the past, ethical hackers were often bad guys turned good, but there’s such a demand for them now that more and more people are coming into the industry straight from uni.
You need to think like a hacker to stop one, as James Ogden, Tech Lead for Security Engineering at Sky Betting & Gaming, explained, “Hacking is a lens, a way to view the world. It helps us build systems because we’re looking at things the way the hacker might. It’s a creative, problem-solving mindset.” They monitor their systems 24/7, looking out for signatures and unusual patterns of activity associated with attacks – but they also pit their team against each other to see how their system would hold up. The blue team are on defence, it’s their job to keep the red team out as they use real hacking techniques to find a way into the system. It almost sounds like a game, but this is serious stuff – and every battle teaches them more about their opponents out in the real world.
But it’s not just the security team. Anyone can be an ethical hacker at Sky Betting & Gaming. They give all their staff extensive security training, even if their job doesn’t require it, and they’ve launched a bug bounty, so anyone in the company can hack the system, report the issue and get a bonus as a reward. It works too, as staff have helped to find and fix real-world issues to keep the bad guys out.
Think you’ve got what it takes to be an ethical hacker?
As the risk of cyber crime grows, so too does the demand for ethical hackers and security experts, so it’s quickly becoming one of the most exciting and lucrative jobs in the industry. You don’t have to be a techie to get into it, you just need a natural curiosity. “A lot of people we meet who are really good ethical hackers are people who as a child enjoyed taking things apart, seeing how they worked and putting them back together,” James told us.
Ethical hackers are by nature incredibly open – they want to share information and fix the bugs, so a lot of ethical hackers are self-taught. But if you want to go down the academic route, Leeds Beckett offers an excellent cyber-security course. And once in, you can rise through the ranks really quickly, so in a few short years, you could go from mucking around on your laptop to speaking at conferences around the world.