Recently, a video was published by Inc. that shows TrustedSec founder David Kennedy, a white-hat hacker leader, talking about how his company makes a living breaking into other companies to show how their security vulnerabilities can be exploited, so the vulnerabilities can be fixed.
According to the description of their video, “TrustedSec founder David Kennedy has built a successful company around white hat hacking. His team is hired to test companies’ security weakness — by figuring out how to break into them.”
The video starts with what appears to be a man from the company showing how a room with computers or something along those lines can be broken into, and how security features could be disabled or rendered ineffective from merely exploiting a crack in the door. That’s just the intro: watch it here.
David Kennedy may be a “white hat hacker,” but he’s supporting whoever seems to give him money, including the state and its narratives. It’s a business, not the kind of hacking that is for a cause.
Continuing from the video, an excerpt from the program “Grey Area,” you can see several mainstream media clips promoting the man and his company. Then, one sentence at the end of that sequence of news clips should stand out to any person: he used to work with the NSA.
There it is: that’s why this guy is connected, respected in the mainstream media, and why he gets the plug here to promote his company. He was with the NSA, which no doubt means he’s still cooperative as can be with the surveillance state, whatever you want to call it. Just make no mistake, this is not a white hat hacker who works for the benefit of the common people, this is an ex-state employee turned businessman.
So the clip continues with two people from the company including Kennedy, breaching the security of Ink Magazine in Manhattan, not the most tightly secured business for certain but one with a normal amount of security, as a stunt for the show.
In the video, they show off several tools and things that kind of give off the vibe of a cop who visits your high school and tries to promote the police by showing you guns and badges and all that.
Before this, the company was plugged by headlines about how they “Swiped 70,000 Records from Healthcare.gov in Four Minutes,” as a Gizmodo headline reads.
The headlines sort of misleadingly read “hackers” did this, and as you’d expect, the article was just about how they could hack into a company to show it’s weaknesses. However, the founder of the company had to get the article updated, to add that they didn’t actually accomplish what it claimed. According to him, in a statement to update the articles:
“There’s been a few stories running around in the media around accessing 70,000 records on the healthcare.gov website. Just to note on this, we never accessed 70,000 records nor is it directly on the healthcare.gov website (a sub-site for the infrastructure). The number 70,000 was a number that was tested for as an example through utilizing Google’s advanced search functionality as well as normally browsing the website.
No dumping of data, malicious intent, hacking, or even viewing of the information was done. We do not support the statements from the news organizations. From a previous blog post, the information shown in the python script was sanitized and not used through Google scraping (urllib2 python module). We’ve reached out to the news agencies to clarify as these were not our words.”
Just remember, the activities of this ex-NSA employee are always going to be very far away morally on the spectrum from “hacktivism.”