高清福利片

Today, I鈥檓 sitting in the offices of , an Australian software company worth over $14 billion, and waiting to meet Alex Hope, Atlassian鈥檚 senior security analyst.

All I know about Alex is that he鈥檚 25, the organiser of (a cybersecurity conference) and studied computer science and pure mathematics at the University of Sydney.

Oh, and he鈥檚 a white-hat hacker: an IT specialist who breaks into protected systems to test and assess their security.

I expected dark and brooding but the moment Alex appears, it鈥檚 obvious he defies the easy stereotypes that surround hackers. With purple and indigo hair that looks like something out of a Japanese anime, the assumed uniform of black hoodie and jeans are supplanted by lavender shoes, rainbow patches and multicoloured nails. It鈥檚 a brilliantly complex realisation, especially once Alex announces, 鈥淚鈥檓 also a magician!鈥�

For Alex, cyber security has always been a passion.

鈥淚鈥檝e always been interested in鈥� I鈥檇 like to say hacking but that word is associated with crime, and I don鈥檛 want to say I鈥檓 interested in crime. I guess you could say that I've always been interested in learning how things get hacked. But I got started mostly by accident.

Picture a teenage Alex on holiday with his parents as they arrive at their hotel. Alex asks, 鈥淲hich WiFi is our one?鈥� To which they reply, 鈥淥h none of them. We don鈥檛 have internet.鈥�

Alex鈥檚 interests carried through to university where he studied Computer Science, Pure Mathematics, and Physics. What he discovered was that Computer Science was fun.

鈥淲hen I was in Year One, I told the class I wanted to be a scientist. That wasn鈥檛 cool. In Year One, it was cool to want to be a policeman because they had guns. But scientists always save the day in the movie with their secret science.

"Computer science feels like playing a game or building something with LEGO. There鈥檚 so much creativity in it. I was like, 'This is amazing. This is a job? You can get paid for this? I鈥檇 do it for free.'"

Alex tells me about a security course that he did during his Honours year. Although the course contained a lot of theoretical content such as cryptography, it also had a war games component. In a class about social engineering, Alex and his classmates were required to obtain the staff ID of the lecturer.

鈥淭hat was it, there was no further information. Basically, they said, 鈥榊ou can do anything you want in the world to get this ID; just don鈥檛 commit any crimes. If you can trick us into telling you - that counts. If you can trick someone else into telling you - that counts.鈥� I thought that was really cool because it let you be creative.

"We ended up finding out there was an admin portal which you logged into using your student number. The page had a part where it said, 鈥淚f you鈥檝e forgotten your Staff Number, call XXX鈥�, so we did. We called the number and pretended to be this lecturer who had forgotten their number.

"We were the first team to try this but then, unfortunately, the other teams started doing it too. And, at some point, the person at the admin office caught on and realised, 鈥楬old on鈥� you鈥檙e not who you say you are. And neither was that other person. Or that other person!鈥� Eventually, the lecturer told everyone to stop calling the number.

"It was pretty non-traditional for a uni course but it actually helped a lot because it was so practical.鈥�

After university, Alex tutored at the before getting a job at Atlassian where his first job was to 鈥渂uy the parts for a computer, build the computer on the floor, and use it to crack passwords.鈥� Currently, Alex鈥檚 job is to detect and simulate hackers for Atlassian, exposing any potential flaws in their system.

Considering the most recent data breach of (which includes clients such as Telstra, NAB, Coles, AusPost and more), I ask Alex if the average user should be concerned.

鈥淚 think it鈥檚 the same as physical security in the sense that you shouldn鈥檛 have to worry about it too much. Not everybody is a security expert but there are people like me who are here to protect you.

"However, the strongest thing a user has in their favour for not getting hacked is the fact that people don鈥檛 really care. They鈥檙e usually not interesting enough."

However, Alex reveals to me that users should be worried about credential or keyword stuffing. According to him, hackers know that we all basically use the same two or three passwords for everything, so all they have to do is wait for a website to get hacked.

鈥淩emember when LinkedIn got hacked in 2012? For some reason, the hack got published. It wasn鈥檛 on the Dark Web or anything like that - it was on the regular internet. You could just go and download anyone鈥檚 email and password.

"So the hackers get these lists of emails and passwords and they try them on other accounts. For example, they might try to use your LinkedIn password to get into your Facebook. The reason hackers do this is that they鈥檙e business people. They鈥檙e doing it for the money.

"A password by itself is not very valuable - it鈥檚 like $1 for thousand or something. But if you test them all out and find out that one works on Facebook, you鈥檙e not just selling an email password anymore. Now you鈥檙e selling a Facebook account, which is worth more money.鈥�

According to Alex, there are two main things users can do to protect themselves. The first is to implement two-step or two-factor authentication. This requires you to, when signing in, input an additional password that has been generated and sent to your phone or other physical devices. The second thing is to use a password manager which can randomly generate passwords for your accounts, store, and auto-fill them for you.

鈥淭he internet is great, it lets us do so many things that weren鈥檛 possible before. But sometimes, I feel like computers are held together by nothing more than hubris.

"The average person can choose to learn more about security if they want to though and that will make them safer.鈥�

Alex Hope will share his insights on cybersecruity during the Outside the Square discussion,聽Hackers, Breaches, Bots: How well do you understand the internet? on 11 October 2017 at The Old Rum Store, Chippendale. Book tickets here.

Article by Theodora Chan (BA, MECO 2010; BA, HONS 2012), Co-Founder and Content Director at聽.