informa
/
2 min read
article

Herbert Thompson, Chief Security Strategist, Security Innovation

Thompson trains developers and security testers at some of the world's largest software companies, including IBM, Microsoft, and Symantec. He's also written a best-selling novel on hacking.

Herbert Thompson, Chief Security Strategist, Security Innovation -- Photograph by Jason Grow
Photograph by Jason Grow
Herbert Thompson
Chief Security Strategist, Security Innovation

Interview by Larry Greenemeier

1
Best Offense
"An underground IT economy has emerged, and they're not trading in fake Gucci bags or sunglasses. ... IT should know where its key information assets are and what sorts of stumbling blocks it can offer to people trying to do them harm."

2
Hackers' Bazaar
Web sites such as Hacker Defender sell custom rootkits that hackers can use to monitor networks and systems undetected. "The first time a CIO goes to a site such as Hacker Defender, it's a big wake-up call." They realize that even if a disgruntled employee doesn't have the skill to attack their systems, they can outsource.

3
Shadow Economy
Paying for these rootkits can leave a paper trail, but there are workarounds. One company, E-gold, offers anonymous Internet payments. "They don't trade in sovereign currency, so they avoid the scrutiny of the Secret Service."

4
Under The Radar
It's incredibly difficult to gather evidence against someone selling hacks or botnets, unless they slip up somehow. "If they're doing it from their house, they're traceable; but what about if they're doing business from kiosks or libraries?"

5
Hack Along
In his 2004 novel, "The Mezonic Agenda: Hacking The Presidency," Thompson tutors readers on how hacking is done and provides a CD that lets readers test their skills. "It was No. 9 on Amazon.com's best-seller list for a week before the last election."