Cyberattacks are a near-constant threat to businesses, government agencies, personal data and infrastructure, the latter including fuel distribution networks, other supply chains and medical centers. According to Homeland Security Secretary Alejandro Mayorkas, cyberattacks are more and more common, increasing by 300% in 2020, while organizations paid more than $350 million to ransomware groups.
Colonial Pipeline in Georgia was the victim of one such ransomware attack in early June. The fuel pipeline company’s computer system was hacked by ransomware group DarkSide, which installed malicious software to block the company’s access to its own system until a ransom of $4.4 million was paid. The attack forced a temporary shutdown of fuel operations across 17 states and Washington, D.C., affecting people from New York to Texas.
So, how can organizations defend themselves against such persistent and sophisticated attacks? One means is to hire a team to test their systems, both the cybersecurity of their computer networks and the physical security of their buildings.
Known in the industry as Red Teams, these hackers break into systems to expose weaknesses, helping organizations defend themselves before an actual attack occurs. Recently, University of Wisconsin-Stout computer networking and information technology graduate Brian Halbach spoke with ABC "Nightline News" about his methods and the importance of Red Teams as a line of defense.
“Being interviewed by Nightline was an exciting time,” Halbach said. “Normally, our team’s work is covered under NDAs (nondisclosure agreements), so we are not able to talk about it. There are times when we are doing really cool, unique things. Being able to actually show and explain what we do on television was a great opportunity.”
Professional hacker for hire
Halbach, a security consultant with RedTeam Security in St. Paul, became interested in CNIT as an undecided student his first year in college, working for Student Services’ Technical Help Desk.
Halbach was unsure of what he wanted to study. “But the other students I worked with were in CNIT,” he said. “I saw the stuff they got to do and thought it was really exciting. I really liked everything that related to computer networking.”
As a security consultant, Halbach does a wide variety of tasks, depending on a client’s wants and needs. His team at RedTeam Security has helped several hundred clients by attacking web applications, calling people on the phone trying to elicit information from them, or cracking into a company’s network, working through the systems to get all the access they can.
"In the industry we call each other hackers in the traditional sense, meaning one who is curious about things and takes time to understand something and hack away at it,” Halbach said. “We don’t use the term hacker to mean cybercriminal when we refer to each other as hackers.
“The real goal is not just getting in,” he added. “The real goal is being able to present something to the client that they can understand and will help make them more secure. My team and I are almost always successful in accomplishing our goal.”
“It is so exciting to see Brian shine in the cybersecurity field,” said UW-Stout’s CNIT Program Director Holly Yuan. “He possesses a strong set of cybersecurity and IT skillsets, is a great presenter and public speaker, always with a good sensor of humor.”
Red Teaming
“Red Teaming” has its roots in the cold war, Halbach explained. Originally, it was a team of people who would change their entire way of thinking to think like the enemy and provide feedback from that perspective.
“My team and I think like the enemy to help companies find weaknesses they did not know about,” he said. “It is also a really great way for companies to challenge hidden biases or assumptions they might have. Red Teaming can not only make a company more secure but can help make them more productive.”
RedTeam Security has team members across the United States. Halbach likes that each team member brings something different to the group. He also likes the mixture of high-pressure work, like being contracted to break into a building, and low-pressure work, like hacking a company from the comfort of his couch.
Halbach has learned the importance of clear communication, so his clients understand the security measures they recommend and the reasons why. “I hope that they take away how to be more secure, that there are threats out there that they should be aware of. But ultimately, that a little prevention when done right can really go a long way,” he said.
For individuals, there are a couple of best practices to protect their personal data, Halbach said.
- Use a password manager to help eliminate password reuse and create secure passwords.
- Enable multiple-factor authentication on all websites and applications that support it.
“The CNIT program did an excellent job of preparing me for my career,” Halbach said. “It laid the foundation for what I do on a technical level every day. It allowed me to have a strong understanding of computer networking and how systems talk to each other.”
Halbach also has a minor in computer science, which helps him to quickly look at computer code and analyze it for any security issues.
“There has never been a better time to be interested in cybersecurity,” he said. “Jobs are on the rise, and cybersecurity is becoming more and more important. It also is a really fun and rewarding career.”
Yuan added that UW-Stout is “uniquely positioned to become a leading educational institution in the upper Midwest for producing a cybersecurity workforce by leveraging the strength of its cybersecurity education and research programs and existing relationships with federal, state and local government organizations and the private sector.”
In November, 2017, UW-Stout was the first four-year university in Wisconsin to receive the designation of National Center of Academic Excellence in Cyber Defense Education by the National Security Agency, with the Department of Homeland Security.
UW-Stout’s Cybersecurity Research and Outreach Center is funded by research grants, leveraging expertise and training capabilities to deliver research, hands-on project-based learning and other widely available learning opportunities.
