By Art Holliday
ST. LOUIS (KSDK) - Dave Chronister is a computer hacker. Does that mean his information is safe?
"Not 100 percent. That's where paranoia really comes in. I wipe my machine, reformat my machine every other week," Chronister said, pointing at his laptop computer.
Even the hacker fears hackers. Chronister runs Parameter Security. He's what's known as an ethical hacker. That means he's a good guy trying to keep up with the computer bad guys, malicious security crackers.
In the computer security community, there's controversy about the term "hacker." Computer security experts refer to themselves as white hats or ethical hackers. Computer criminals are called black hats or crackers. They're the ones maliciously cracking the computer systems of banks and businesses and putting our personal data at risk.
"It's like cops and robbers or a nuclear arms race," said Chronister.
As a computer forensic investigator, Chronister and the hackers he employs, help law enforcement and work with global businesses to improve their computer security from the crackers who mean us harm. The news headlines about hacking and security breaches seem non-stop, but they're a business opportunity for Chronister.
"We always hear about these big corporate breaches but what we never hear about are the breaches of personal systems and those are getting hit all the time." Chronister says international computer criminals target our personal computers just as much as Twitter or Bank of America.
"I had a customer, had a company in Illinois. He freaked out calling me last Memorial Day. He goes 'I just got called by the FBI saying I'm part of an international cyber attack.' I get in there, he had connections from Russia, Ukraine, China. They weren't using any of his data. They were using his computer as a proxy, using him to attack."
Chronister says control what you have control over: install the latest anti-virus software and change your password strategy.
"Make passwords 15 characters or more. Use a pass phrase. That is, use a sentence instead of typing a small word. It's really easy to crack these passwords. Don't the use the password in more than one place. A lot of the hacks we see is from what we call "password re-use." A hacker finds a password in one area and because that password is used in another area of a corporation for an end user, they're able to go through it. There's a lot of times that we'll do instant response forensics to determine what system was breached, especially with on-line banking transactions, and nine out of 10 times it's actually the customer's system that had been breached and that's where the information came from."
Is this the new normal, where we can never expect our personal information to be safe? If global corporations can't stop computer crime, is there hope for the rest of us? The answer probably isn't what you want to hear.
"There's nothing you can do to stop it," said Chronister. "We just need to be able to mitigate it, from a corporate standpoint and from a personal standpoint."
Chronister agrees with those who wonder whether the some of the computer crime we see is practice for something more sinister, cyber terrorism. Chronister says he believes a cyber 9/11 is inevitable in the near future, and he believes utilities and airlines could be primary targets.
"People aren't prepared for three weeks without groceries, without gas. I have colleagues that state, planes going down, being able to take a plane down using technology," he said.