Timothy Summers, who grew up in Elizabeth City and attended Elizabeth City State University, is focused on hackers and how they think. His new business, Summers & Co. LLC, in Silver Spring, Md., helps businesses, governments and other organizations protect their data.
Summers, 32, holds a doctorate in Management: Designing Sustainable Systems at Case Western Reserve University. He recently finished a dissertation, “How Hackers Think: A Mixed Method Study of Mental Models and Cognitive Patterns of High-Tech Wizards.”
Q. Which mental qualities make for a good hacker?
A. First, we have to talk about what a hacker is. The media would have us believe that a hacker is some 15-year-old kid in his parents’ basement doing things he’s really not supposed to do. I researched the various generations of hackers, starting all the way back with guys on college campuses sitting in a room somewhere looking at long printouts of computer code.… Hackers started as being people who were just really interested in technology. That’s still true today. At the very core sense of the word, a hacker is a person with a proclivity for technology. Bill Gates started out as a hacker as a teenager.
A skilled hacker is someone who’s very adept at problem-solving and challenges, someone with exceptional cognitive abilities. It’s also a person who gets great gratification out of tackling and controlling a complex problem, a person who finds out about a level of technology and has to dig deeper to understand much more.
Q. So you’re a “white hat” hacker – a hacker who uses his skills legally for security purposes?
A. I generally don’t like those characterizations. Most people don’t realize that all of us hackers attend the same events, whether you’re a white hat, black hat, gray hat (a person who straddles the line), whatever. I’m part of a generation of folks who learned how to hack out of curiosity.
Was there a point in my life when I could have been considered a black hat? Sure. Because every white hat has to understand what they’re protecting against in order to protect you from it.
Q. The level of obsession by hackers is such that a recent study by the software company Thycotic suggests more than half their motivation is the fun or thrill, not money. Do you agree?
A. Recently, I spoke to some guys who hacked a Swiss bank. The whole reason a person even gets an account at a Swiss bank is for anonymity and security, right? So these guys hacked into the bank, downloaded and stole the entire customer database. They then posted data for three of the customers online and told the bank, “If you don’t pay us, we’re going to put the entire database online, and good luck to your customers on the next IRS audit.”
The bank issued a public statement saying, “We don’t negotiate with criminals.” But you never heard about anything after that, and the hackers never posted the database. You know what happened? The bank paid them off. The hackers wanted 12,000 U.S. dollars. That was it.… I asked the guy, “Why did you do it?’ He said, “It was super easy. We shouldn’t have been able to take advantage of their website the way we were.” This is a bank with hundreds of millions in assets.
Q. Given the increasing amount of widely publicized computer-related security breaches, is that rare combination of computer savvy and cognitive function more in demand for cybersecurity jobs?
A. Yeah. The Rand Corporation did a research study last year called “Hackers Wanted.” There are some companies right now willing to pay as much as $400,000 for a hacker.… The problem is, most organizations believe that security is an IT issue. Most of your IT guys know nothing about security. Most of your programmers know nothing about security.
Q. Those of us not adept at computer code and/or lacking that kind of cognitive function – what can we do to protect our home and business computers?
A. Consumers really aren’t very educated about this. Where you may be able to protect yourself is to do less clicking and more reading, more thinking, being more vigilant.
I recently wrote an article on how to hack any organization by taking advantage of the weakest link, which is the human element. Ninety percent of all of the major breaches that occurred in 2014 were because a human being clicked on something they should not have.
Q. Why is it still so hard to catch a “black hat” hacker?
A. Many of them are heavily resourced as part of well-funded criminal organizations or agencies. Another thing we’ve got to face at some point is, companies are hacking other companies now.
When you hear about someone hacking the president’s calendar, that’s not one guy. That’s someone who has resources and time. Someone somewhere is putting up the resources for someone to pursue that target.
There were some guys I interviewed who talked about being able to crash airplanes – and this was before the recent conversation about wireless on planes – and turning off water, taking down a cellular network.
Q. Tell us about your efforts to educate about hacking in a positive way.
A. I went to high school and college in Elizabeth City, and my parents still live there. My hope is that I’ll eventually build my flagship office in North Carolina. My company is doing a summer technology boot camp at one of the middle schools in Elizabeth City. Our intention is to train middle school kids on how to write code.... And we want to incorporate natural curiosity and inquisitiveness into our education system, which is one of the ways we’re going to see our students excel and succeed into the next century.