News

Hacking helpers: Tech firm shares security tips in campus talk

Hunter James, Contributor

December 13, 2019

Bowe_News Header.png

This article was written by a student of ENGL 2310: Intro to Journalism, which is taught by Mike Pulley.

Imagine paying someone to hack into your company’s Internet servers to steal your most vital documents.

That’s what corporations and politicians do when they turn to FireEye, a cybersecurity company that protects clients by hacking into their services. On Wednesday, Sept. 25, Charles Carmakal and Joseph Rood of FireEye came to Clemson’s Watt Center to talk about how their work as hackers actually helps protect people.

FireEye aids corporations such as Sony Pictures Entertainment, Target and the Bank of Bangladesh by using a system called “ethical hacking.”

“In this year alone, we will work with about 800 organizations that are dealing with breaches,” Carmakal said.

The companies hire FireEye employees to hack their websites and office computers to help the companies expose and solve potential problems before hackers do. The FireEye employees who hack into the companies for their own benefit have to take on the mind of an actual hacker, analyzing details such as who works there and what they advertise about themselves on their website and social media pages.

Possibly even more common than direct hacking, such as cookie theft, is the use of social engineering to expose holes in what Rood refers to as the “external perimeter.” This exposes a lack in attentiveness by the employees of the companies being hacked by FireEye. FireEye sends the employees emails from fake websites that have miniscule differences from actual websites and companies.

“We have to churn through the network to see what all is there and identify targets of value,” Rood said.

A password and a couple of security questions later, FireEye can gain access to company information. FireEye then helps the companies teach the employees what to look for based on what they have failed to identify in the simulation.

FireEye also protects politicians from being obscured and exposed in the public eye through disinformation. Hackers try to create misconceptions about who the politicians are as people or uncover certain private details regarding their campaigns.

Carmakal and Rood were not permitted to share the names of politicians who they aided in cybersecurity during the campaigns of the 2016 presidential race, but they mentioned that it was an extremely busy year for FireEye.

The employees of FireEye work in what Carmakal refers to as a “constantly growing market,” as hackers improve in quantity and quality. Therefore, FireEye must also be constantly evolving in order to help corporations and politicians prevent crippling monetary or information theft.

Donate to The Tiger

Your donation will support the student journalists of Clemson University. Your contribution will allow us to purchase equipment and cover our annual website hosting costs.