In this article taken from issue two of our magazine, Jamie Woodruff shares what his day-to-day life is like as an ethical hacker
Jamie Woodruff steals secrets for a living. He is an expert at getting in where he shouldn’t. However, despite being one of the top hackers in the world, he’s never been prosecuted and isn’t likely to be.
The 24-year-old is an expert ‘ethical hacker’ working with organisations worldwide - highlighting the risks of cyber-crime and identifying the online weaknesses of their security. It makes him a hero of the digital age. Ethical hackers are also known as ‘white hats’, while criminal hackers are known as ‘black hats’.
The terms are said to relate to old Western films which saw the good guys in white and the baddies sporting black, so audiences could readily identify them. A leading authority on hacking and cyber security, Woodruff has been described as “the number one ethical hacker in Europe”.
He is much in demand by businesses and has uncovered security holes in numerous high-profile operations, including global celebrity Kim Kardashian’s website, which he hacked to reveal that it was putting her fans’ data at serious risk. He has also taken part in top level debates across the globe and at conferences on national security.
Woodruff entered the public eye when he successfully hacked one of the world’s largest social media sites as part of a competition at Bangor University where he was studying computer information systems. Today he is chief security officer at Use IT Computers, a UK-based IT company. As well as specialising in training, penetration testing and recruitment, he is also the safety advisor for the Cyber Smile Foundation, which specialises in online cyber bullying.
His career as a hacker started at a very early age. He says: “I was nine years old.” And he always wanted to be one of the good guys. “I knew that I didn’t want to hack maliciously,” he says. “I wanted to become this ethical hacker.” One of his biggest messages to businesses is centred round the human aspect of hacking. When we speak, he is dressed as a decorator, sitting in a vehicle in the car park of a company he has just successfully hacked.
“I’ve taken all their information,” he explains. Sent to test the business’ cyber security, he found his way into the office by posing as one of the workers renovating it. He wasn’t stopped and was able to do his worst as a result. He says: “I’m here working on a laptop and no-one is stopping me at all. I’ve been here 30 minutes and have all their data. I’ve even had time to eat a sandwich for lunch.”
In past operations he has successfully impersonated a pizza delivery driver, walked into a large financial institution and gained access to its server room. He says: “We spend millions on infrastructure but we completely forget the employees – they’re the weakest link inside any business. You have to train them and you must alert them of the dangers.”
Woodruff offers penetration testing and technical support to businesses which involves web application testing and vulnerability scanning. This entails reviewing a business’ website and database for any logic based errors, any un-patched updates and any entry points that could lead to a breach of a company’s web security.
This helps it to identify weaknesses within its computer systems and highlights the techniques utilised by cyber criminals to steal money and company data. The fact he and others like him are so much in demand highlights the increasing urgency businesses are placing on cyber security. It’s an on-going war against those looking to attack.
Woodruff says: “When it comes to being hacked it’s not if you get breached, it’s when. “There’s always that weakness and always that way in. It doesn’t matter if you are a large business or an SME, be prepared for that breach to happen in two to five years.”
However, there are things you can do to minimise the risk. Simple things like keeping your software up to date - when security patches come out apply them. Make sure your anti-virus and anti-malware software is running and is always up to date.
And ensure only the people who should have access to your systems have that access. People leave the business and access is not revoked, that can be a major problem. Woodruff says businesses have to be prepared and minimise the potential damage by having the right systems in place and staff trained to do the “right things” and spot the threats.
He says: “Your workers aren’t just the last line of defence, they can be the first. It is about making them aware of what to look out for. “Preparing through IT systems and staff training is the only way you will minimise the potential damage.”
Woodruff explains: “Everyone shares their life on social media. That’s wonderful for a hacker. I know where you are going to be at specific times, the coffee shop you visit; your favourite food. “You post a picture; data is in that image. Again I know your whereabouts.” He adds simply: “There’s always a way in.”