When we meet up with Chris Wallis at TechHub London, he’s wearing a zip-up grey sweatshirt. True to stereotype, the hacker makes jokes about teaching himself to code during geeky teenage years.
‘For a long time, everyone thought that hackers were just harmless misfits sitting in their bedroom,’ says Chris. ‘That perception stayed around for a long time.’
Now, hacker culture – and the risk of cybercrime – has moved into the mainstream. Mr Robot, the Emmy award-winning series about a young computer programmer who works as a vigilante hacker, is returning this week to Amazon Prime Video for a much-anticipated third season.
The show has been widely praised by cyber security experts for its technical accuracy. Highlighting the risk that a massive hacking attack could have on the world economy, it also touches on the work of ‘ethical hackers’ – people like Chris, who break into networks in order to test or evaluate their security, rather than with malicious or criminal intent.
Having attained the UK’s most highly regarded hacking qualification, Chris is the founder of Intruder, a cloud service that identifies businesses’ cyber weaknesses before the hackers do. He’s tested FTSE 100 and sensitive UK government systems in a career spanning global consultancy firms and boutique ethical hacking agencies.
‘Modern hacking started to take off in the 1970s, when technology [was] becoming more widespread and people starting having it in their homes,’ explains Chris. ‘Then the internet came along, and everything changed. People started realising that computers weren’t being designed securely enough, and that that was a real risk.’
In the late ’90s, a Boston-based hacker collective known as L0pht (pronounced ‘loft’) testified before the U.S. Congress that they could bring down the entire internet in 30 minutes. ‘They went to the U.S. government to try and say, “people are beginning to rely on [the internet], and if people like us can take it down in half an hour, this is going to lead to catastrophe.” And Congress totally agreed. But then they did nothing. And now we’ve ended up with exactly what these guys predicted back in the ’90s,’ says Chris, referring to a global cybersecurity crisis making daily headlines.
‘Every time you look at the news you see another example of someone being hacked,’ says Chris, presciently hinting at the risk of wider-scale cybercrime.
In 2010, a virus called Stuxnet, now widely assumed to be a jointly built US-Israeli cyberweapon, began sabotaging centrifuges at the Natanz nuclear plant in Iran. It not only destroyed computers, but began taking down nuclear centrifuges, wreaking physical destruction and ruining almost a fifth of Iran’s nuclear capacity.
‘When experts started to analyse it, they realised the only people who could deliver that kind of virus was a nation state,’ says Chris. ‘It was a real breakthrough moment when the whole world realised that governments were secretly working on computer viruses.’
For now, the biggest cause of data breech is accidents. ‘Employees posting stuff online that they shouldn’t, stuff like that,’ says Chris. ‘But you have all these motivations for why someone might engage in hacking, from cyberwarfare to shutting companies down to hacktivism, espionage or terrorism – but the big one that is coming up more recently is just pure crime.
‘The most common threat to everyday people is something called “credential stuffing”,’ says Chris. ‘Most people use the same email and password on multiple sites. So hackers just log in to one site, steal the user names and passwords and try and reuse it in multiple places across the internet, which they can then monetise.’
Another popular method is for hackers to infect devices via email or trick websites in order to wrap everything in encrypted software. ‘They essentially lock up your files, run away with the key and leave your computer with a ransom note saying “if you want your files back, then you have to pay,”’ says Chris. ‘It’s scary stuff, but there are measures you can take to protect yourself.’
The first steps are to run anti-virus and have a firewall on your machine, use a password manager for unique, high-quality passwords on every site, and insist on two-factor authentication.
‘The threats are real, and they’re growing,’ says Chris. ‘Hackers recently took the whole country of Libya offline. What those L0pht guys were warning about is happening today, and it doesn’t look like it’s going away any time soon. We have to start caring about cybersecurity and taking it seriously.’
Mr. Robot Season 3 launches on Amazon Prime Video from today with new episodes every Thursday.