In a 17th-floor corner office in north Toronto, a group of computer nerds is feverishly attacking Corporate Canada -- and getting paid for its efforts.
"If you have a system on-line, you will be a target. You are either a target of choice or a target of opportunity," said Simon Tang, manager of Deloitte & Touche LLP's Internet security team. The executive oversees a buzzing computer lab of 10 so-called "ethical hackers," a team of experts that probes the computer systems of corporate clients, searching for vulnerabilities and weaknesses.
With an array of computer hardware and software at their disposal, ethical hackers attempt to duplicate an actual hacker attack. First, a company's Internet presence is probed for weaknesses; if successful, the network is breached. Access is escalated, first as a user and then as an administrator. In a "capture the flag" exercise, the ethical hacker attempts to take control of the network and retrieve as much data as possible.
Deloitte & Touche reports that more than 95 per cent of its hacking attempts are successful. The Toronto lab team regularly gains access to payroll records, employee directories, purchasing accounts and patient information.
In one exercise, the lab was given three weeks to crack a client's computer system. It took two days. "If we can do it, chances are other people can do it, too," Mr. Tang said.
News source: Toronto - The Globe and Mail