Hacking with ethics

DeWayne Bartels
Corey Moodie is an ethical hacker at Pearl Technology in Peoria Heights.

Give Corey Moodie the chance and he will hack into your business computer system and savor every minute of it.

“I love it,” Moodie said.

But, in the world of hackers, Moodie wears a white hat.

Moodie recently earned the designation of “ethical hacker” and is one of two people performing this duty at Pearl Technology in Peoria Heights.

As an ethical hacker, Moodie, at the request of companies tries to hack into their system to see what security vulnerabilities exist.

“What we do would be illegal if they didn’t sign the papers to let me do it,” Moodie said.

So far, Moodie has been contracted to attempt hacking into dozens of systems.

“Our success rate is 100 percent,” Moodie said. “We gotten in one way or another. On every one of our attempts we were able to obtain sensitive information.”

Moodie said the need for ethical hackers exists because there are hackers wearing black hats working to hack computer systems constantly.

“People and BOTS — automated computer networks scanning for vulnerability — are always at work,” Moodie said. “Business needs to know if their security meets the threat.”

What hackers are after, Moodie said, is personal information and competitive research.

“The three biggest motivators for hackers is money, research and just because the opportunity is there,” Moodie said. “Some hackers do it just to prove they can do it.”

Moodie said it can be quite simple to hack into systems that have security.

“Sometimes they have the right security, but it is not governed correctly,” he said. “What’s lacking is knowing if your firewalls and other security measures are up to date. You have to audit your policies and test your applications.”

Moodie said he has hacked into a system in as little as one-and-a-half hours.

“I believe someone who is truly after your information can get it,” Moodie said.

Those who cannot get it from outside can use efforts to subvert people already in the organization.

“That is called social engineering. Then there’s phishing attacks — efforts via e-mail that look like they come from a legitimate company to trick people into giving up information,” Moodie said.

“There’s also breaking and entering. We haven’t done that yet, but we offer that service.”

The only thing limiting hackers, Moodie said, is ability and imagination.

“This is a passion for me,” Moodie said. “There are 100-plus new threats coming out every day.”

And, Moodie said it is not just the personal computer that is under threat.   

“Cell phones and MP3 players are under attack. They are, after all, small computers. Hackers are after contact lists and can set up a phone so they can hear every conversation without the owner realizing it,” Moodie said.

“I would say very few are aware of this and even fewer take any steps to secure their phones.”

Moodie said in 2008 more than 285 million successful hacking jobs were counting costing consumers and business trillions of dollars.

“If you are connected to the Internet you are vulnerable. Everyone needs a threat assessment,” Moodie said. “Today, you may not have a vulnerability, but tomorrow all bets are off. Nobody knows how vulnerable they are until their system is tested." 

The hacking environment is ever-changing, Moodie said. That, he said, is no problem for him.

“You can take the same thing and look at it 40 different ways trying to figure it out,” he said.

“Nothing is static. Doing this satisfies the ADD in me.”