Ethical Hacker Breaks Into Locks, Steals Credit Card Info to Expose Security Flaws | NBC Chicago
Inc Well | Small Business Advice for Chicago Entrepreneurs
A how-to blog for Chicago business

Ethical Hacker Breaks Into Locks, Steals Credit Card Info to Expose Security Flaws



    (Published Tuesday, Nov. 6, 2012)

    It’s the real life revenge of the nerds. A group of Chicago whiz kids who call themselves ethical hackers work for a multi-million dollar security firm called Trustwave.

    It's their job to show how easy it can be to break into places we think are secure.

    Credit cards, businesses, phone and Internet conversations. These are a few things that Matt Jakubowski, a security consultant for Spiderlabs at Trustwave, says he's able to access.

    "I can wirelessly get them [credit cards] right out of your pocket without you even knowing it," he said.

    But Jakubowski claims he is not a thief.

    "I’m a penetration tester," he said. "I go around and test things to make sure they’re secure."

    Jakubowski doesn’t seem dangerous, but he could be. He can gain access to locked doors in fewer than than two seconds and steal credit card numbers without ever touching a wallet. He said  a lot of the things people think are secure are flunking his tests.

    "A lot of companies know that these flaws exist in these locks, these doors, and these credit cards," he said. "But they’re not informing the public."

    Jakubowski said the reason is money. The cost of changing every lock and card is too high. But his boss said the cost of not making the change is even higher.

    "There certainly is an obligation," said Nicholas Percoco, the head of Spiderlabs at Trustwave. "If you’re the custodian of their data and that data is stolen while it’s in your possession your customers obviously going to be pretty upset."

    Percoco describes Matt Jakubowski as a member of an elite team of ethical hackers whose primary customers are big name banks and fortune 500 businesses that pay them to test and improve security.

    Jakubowski is a former high school geek who tinkered with video games as a kid. He says he had a passion for learning and getting into things.

    "I always enjoyed keys and so getting into locks was one of the first things I did," he explained.

    Years later, he can easily break into any door lock that uses an electronic key using a device he developed which clones electronic key cards.

    "The card just has to be within a few inches of my device and I can clone the card," he said. "Most of these electronic locks… are using old technology that’s been proven easy to duplicate wirelessly."

    And those emails you are typing at a cyber café are vulnerable too. Jakubowski has the technology that can view everything on your screen. But perhaps even more disturbing are the radio identification readers that scan a small chip embedded in credit cards.

    But Percoco said there are ways that consumers can protect themselves.

    "You can buy wallets or sleeves that you can stick the card into so that you can’t be walking down the street and have someone brush against you and steal the data off the card," said Percoco.

    Back at SpiderLabs, they are looking for security-minded folks.

    Currently, trustwave has 62 job openings. Percoco created Trustwave SpiderLabs in 2005 with just three people. There are now more than 100 ethical hackers at Trustwave SpiderLabs.

    "People are getting hacked, organizations are getting targeted, so they want to turn to us in order to test their infrastructure again people who are just as good as us," said Percoco. 

    Get More From