We talked with Robert Cross, Founder of Hades Cyber. We discussed who should care about cyber security and having a philosophy that helps you run your business. Enjoy reading!
[eForensics Magazine]: You run a company that produces security software, but you are also launching Hades – a Crowd Hacking Platform. Can you tell us more about this project?
[Robert Cross]: Great question and absolutely! My current company, PSC, is primarily focused on software security forensics, offering an unprecedented level of power of understanding your software security risks through the combined solution of software and services.
Software is only one layer of many when considering a holistic cyber security strategy. Like the rest of the world I’m a victim of overstimulation from social and traditional media and the hourly stories of companies being compromised or “hacked”. At the same time you hear about companies launching new security products to thwart hackers but the hits just keep coming. This was a profound moment of realization that the rate of technology invention in the cyber domain is not keeping pace with the rate of human (hacker) innovation. The question we asked ourselves, “Is it possible the world’s cyber security challenge is more a sociological one than technological?” This is when we started discussing disruptive concepts to exploit this possibility, which was the beginning of HADES.
After doing some research we started piecing together some of the puzzle. Most of our research at the time suggested many in the black hat community if they had an opportunity would use their talents to make money legitimately. However, most were adverse to being part of “corporate America” and didn’t feel their backgrounds or credentials would land them the dream job, instead have to play office politics under the typical big company bureaucracy. In some sense this “crowd” likes being off the corporate grid and able to play by different rules or no rules. Their skepticism lies with corporate America not being okay with fostering a “no rules” environment where this crowd can legitimize their talents, nurture and grow their skill sets, be professionally respected, socially accepted and earn a great living and get paid their worth. By far, the majority prefer going to the bank rather than jail and have a passion for finding ways to exploit systems especially from big brands.
On the other side you have corporate America and our Governments who are clearly losing battle after battle in the current global cyber war happening 24x7x365. They are being out maneuvered and no matter how much money they spend or new technology they throw at the problem they still have to be right 100% of the time and the hackers only have to be right once. The odds are in favor of the opposition. Everyone of these companies if they had the opportunity to hire the “Iceman” (famed hacker) to protect their networks would do so in a heartbeat if assured the hired gun could be trusted with the crown jewels which is where it falls down. Everybody wants to touch the flame with assurance of not being burned.
We have strong relationships with C-Suite executives at PSC and we started socializing the concept of “hiring a hacker” for feedback. We started to construct a “strawman” concept of operations where HADES would provide a neutral and virtual platform for two diametrically opposed parties to engage in a mutually beneficial transaction. Both parties would have anonymity to protect concerns on both ends. Essentially, both parties have an opportunity to commercially engage in a protected and safe environment to put their best up against each other where anything goes or engagements can be designed to achieve specific results. The initial reaction from C-Suite executives was more enthusiastic than we ever anticipated, it was almost as if we tapped into their inner geek. We were finding our entire meeting would be spent talking about HADES and how disruptive the concept was towards current cyber security strategies.
[eFM]: In this arrangement will HADES work as a guarantor of trust and safety? Will anonymity do the trick alone?
[RC]: Anonymity is just one layer of protection. Certainly for the corporate side there will be lawyers involved and service agreements in place. Also, there will be controls in the operational environment that will also add layers of protection. Most importantly, corporations are not providing access within the HADES platform to their live actual network. I will refrain from disclosing all of the layers of protection.
For hackers the amount of information we will require will be kept to a minimum and payment mechanisms will be flexible including via bitcoin and other currencies not tied to identities.
[eFM]: We already have crowd sourcing, crowd funding – and thanks to you, soon we’ll have crowd hacking. Do you believe in the crowd?
[RC]: I believe crowd sourcing is an incredible way to increase the participation and leverage the global workforce in an unprecedented way. Everyone has their 9 to 5 job but crowd sourcing provides another way to contribute expertise to others outside of their normal day job. I also believe it is one of the purest forms of capitalism in human resource management. It creates a marketplace for individuals with unique skills to hang a shingle and compete for work globally and start building their personal brand. Perhaps some day companies will lease their employees daily based on a crowd sourcing model and gain tremendous flexibility in talent and access to labor markets once thought impossible. You never know…
[eFM]: Do you think it’s possible that the Internet can self-regulate when it comes to cybersecurity? Is the cooperation between actors – people and companies – enough, or will state-level intervention be necessary?
[RC]: The current answer is “no”, I don’t believe the internet can self regulate, but I also believe the internet hasn’t had a fair shot to do so. From our view the answer is more sociological than technical and the purpose of HADES in providing a crowd hacking platform is to engage the cyber underworld and create opportunities for hackers to engage in legitimate transactions. It will be interesting to see if a schism is created and the tide is turned based on viral adoption by both corporations and hackers. The fun part will be observing the social dynamics within the HADES environment between different individuals and groups.
Cyber security is everyone’s problem and the best solution is for the private sector and public sector to continue to collaborate. When a Government and its citizens are under attack than its inevitable for state level intervention, I believe that’s one of the reasons we pay taxes ;-) . It’s unfortunate there are gifted individuals that would rather take down a power grid than help contribute to society in another meaningful way. We are hoping HADES will upset the current balance of power in the cyber underworld and perhaps provide an alternate channel for those individuals to express themselves in a positive way.
[eFM]: So basically your vision is to have talented individuals who are incompatible with the system come out and in the cyber community. That’s an ambitious project! Do you think they will have to face some “bullying” for making compromises?
[RC]: Great question. I think one of the most exciting aspects of HADES will be having a front seat to witness exactly how the social dynamics play out. How will groups form, how will hackers rate each other and recruit one another. How will they split and share the bounty. Will they tilt up virtual businesses and carve out a niche. It truly will be a window into an underground world that someone will write a book about someday and provide insight into behavioral dynamics in such communities or subcultures. Very fascinating!
Regarding “bullying”, we will have some basic rules of engagement while within the HADES environment to maintain a professional decorum. We will reserve the right to suspend accounts based on out of bounds behavior interfering with commerce within the environment. We are hoping there will be some self-policing but we will have our own “hacker” staff to ensure such things when they occur are being monitored and dealt with appropriately. I think it will be a great learning experience for all involved. HADES in greek mythology brought order and balance to the underworld, we are hoping to provide that at least within our environment.
[eFM]: Your Credo says “HADES CROWD HACKING PLATFORM PROVIDES SOCIAL CYBER ENGAGEMENTS ALLOWING HACKERS AND CORPORATIONS TO LEGITIMATELY COLLABORATE”. What challenges do you predict when trying to organize it?
[RC]: Great question! The concept of HADES is very disruptive and some early feedback from C-Suite executives and potential investors is the world may not be ready for it, which is why I think it’s time. :-)
Conveying a message that engaging HADES either as an early adopter or as an investor is low risk will be a challenge but if we put in place the necessary controls I think we’ll have a great story to tell.
Another challenge is earning the trust of both communities (corporations and the hacker community) and to give them confidence their identities will be protected. We must be authentic in everything we do.
Marketing to two different audiences will also be a challenge but I think will be way too much fun. Certainly for the corporate side of the company there will need to be professional, conservative and clean branding and messaging. However the hacker facing side will need to be completely the opposite empowering these folks to feel like digital bad asses. We joke sometimes that some of these folks when they were in school used to get slammed into the lockers and their lunch money stolen by the bigger kids…now it’s their turn to do the slamming and make money doing it. I’m very excited about this challenge.
The ultimate challenge is capturing the interest of the hacker community. Early feedback suggests “if we build it they will come!” but I know to impress this crowd our platform will have to be nothing less than exceptional. My personal goal…I almost envision the scene from the movie Willie Wonka and the Chocolate Factory when they first enter the candy room with the chocolate waterfall and everyone can’t believe they can eat everything they see (my favorite scene). I want that same reaction when a hacker becomes a member of the HADES community, they can’t believe it’s real and there are no rules and they can destroy and exploit everything they see. I know it’s a big lofty goal but it would be a lot of fun to achieve that reaction out them. If we can make it as addictive as today’s video games then we will have achieved one substantial milestone.
One obvious challenge every start-up has is attracting like minded investors whom share your vision.
[eFM]: So it’s not just about ensuring trust between the engaging parties, it’s also about them trusting you. Do you think you will be able to balance your business reputation with your hacking cred?
[RC]: HADES isn’t about my hacker cred, it’s about theirs. They are the star of the show. My talent and credibility is being a broker of commerce and being able to bring two parties together to engage for mutual benefit. I advocate for both communities and my currency is making connections and driving successful results.
[eFM]: Who is your target market in PSC? Is it same as Hades?
[RC]: PSC’s target market is very broad. Essentially any company that produces a product which contains software or offers a service resulting from software capabilities is a potential client. Software is eating the world from our cars to…yes even our toothbrushes. Our lives are wrapped in code with more and more of our life experiences these days are a result of software.
HADES’ target market would be companies (F1000) having an interest in engaging an advanced platform to defend their networks or are producing a “connected” product.
[eFM]: It kind of sounds like there is something more behind it. In your opinion is cybersecurity perceived as “magical” by you or everyday users?
[RC]: The internet has been described to me by other experts as the Wild West and if you’re connected you’re not only a target but most likely have been compromised and you don’t even know it. Everyone carries around a connected super computer in their pocket these days which is constantly transmitting data about your life. When we download an application or install an upgrade of the latest OS we are served up a 25 page license agreement we are supposed to read and they conveniently put an “Accept” button and 99.9% of consumers will hit to bypass and install the latest version. We trust these companies to protect our data and identities blindly in a digital world described as the Wild West. As to your question, to a certain degree I believe most folks don’t want to think about the true risks of blasting their data to everyone. Most want to believe cybersecurity is “magical” and because their data is going to a company like Apple, Google or UBER with insane valuations we automatically trust they are spending the right amount of money and engaging in latest techniques to thwart hackers. The people who don’t believe it’s magical are the ones who still have beepers and flip phones…
[eFM]: Where can we find a healthy a compromise between being paranoid about cybersecurity and ignoring it, as everyday users and as enterprizes? Does a compromise like that even exist?
[RC]: There are several companies sponsoring bug bounty programs opened up to a crowd sourcing model. As one example, Google every year holds a contest for anyone who can break into Chrome wins a prize. Bounty programs while not mainstream yet are gaining popularity and probably the best example of a healthy compromise. HADES is leveraging the same paradigm with a goal of standardizing the approach of such testing using crowd sourcing as the model and tapping into a labor market best suited to be the testers and providing it 24×7 because the real threat is 24×7.
[eFM]: Do you have a business philosophy that stands behind your actions?
[RC]: I have many business philosophies, but the one behind HADES is a belief that there is inherent good in everyone. There is a whole community and subculture out there that is never heard or seen but wants to have a voice and a positive impact but has never been asked.
[eFM]: What do you think is the biggest challenge standing before the cybersecurity community right now?
[RC]: Bringing knives to a gun fight and being too conservative in their approach to securing their assets. Some would say we have already lost the war and it’s no longer about bullets and bombs but bits and bytes. If this is truly the case then a fundamental disruptive shift must happen in how we approach cybersecurity.
[eFM]: Which new cybersecurity trends would you pick as the most crucial?
[RC]: Social engineering. Most of the population have had technology thrusted upon them and forced to embrace it or become irrelevant and therefore might be easily fooled. On the other hand you have the younger millennial generation who from birth has been broadcasting and sharing their data in a digital world. Technology to this generation is like another appendage on their body. They are too trusting and believe a social contract exists with the keepers of their data and that these companies spare no expense to keep it out of harm’s way. I believe both generations are equally at risk for social engineering attacks.
[eFM]: Do you have anything you would like to share with our audience? Any thoughts, experiences?
[RC]: Sure. HADES is an exciting concept and one we hope will explore the sociological boundaries of building a disruptive model to engage new participants in the current raging war in the cyber domain. We firmly believe in our tagline “The Power of Black” and providing a community to actively participate in ways not possible up to this point and in doing so can help turn the tide in a war we are quickly losing.
I truly appreciate your magazine’s interest in what we’re trying to do and for extending us this platform to introduce a large audience our company. Lastly, if there are individuals reading this who want to participate please have them reach out to me by email firstname.lastname@example.org
[eFM]: Thanks for talking with us!
HADES is a start up technology company colliding CYBER | CLOUD | CROWD SOURCING | SOCIAL to disrupt the current Cyber Security marketplace.
HADES seeks to harness the power of Hacker innovation enabling a collaborative and anonymous engagement with corporations seeking to change their cyber security posture from the “Hail Mary Pass” to Pro-Active!