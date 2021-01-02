Casey Cammilleri spends a lot of his time breaking into computer systems, but he’s not a criminal. In fact, companies ask him to hack into their servers.
Cammilleri is a penetration specialist, meaning he knows how to break into systems and identify weak spots in cybersecurity. Using skills he learned through some schooling, as well as through past jobs in cybersecurity, Cammilleri founded Sprocket Security to help businesses consistently monitor their systems and find ways to patch the security holes they find.
Hacking into a company’s system is actually much easier than a lot of people think, Cammilleri said. Oftentimes, he’s just guessing passwords or taking advantage of systems that haven’t been updated. Then, once he’s broken in, he shows the companies all the damage an attacker might do.
“This rush that you get, it’s really exciting,” Cammilleri said. “It never gets old.”
Sprocket Security, based in Monona, is different than some other firms because its hackers will continually try to break into the companies throughout the year, rather than set windows of a couple of weeks that other consulting companies might provide.
“The benefit of that is there’s new threats that come out, and IT infrastructure changes,” Cammilleri said. “So we’re always there to test the new, latest threats.”
Many companies already had a few employees equipped to work remotely, but with most office workers working from home during the pandemic, multiple new points of entry for hackers opened up, Cammilleri said.
Hackers could attempt to find holes in the system caused by human error when trying to shift to remote work, Cammilleri said. They could also attempt more sophisticated phishing scams — email campaigns that attempt to get the reader to reveal personal information or download malicious software.
“I send a phishing email, they click on it, and basically I compromised their system,” Cammilleri said. “Now I’m logged onto their computer, which has corporate access, and game over.”
For individuals, stolen credit cards, online accounts or Social Security numbers can be in jeopardy, but for corporations, ransomware might be the biggest threat.
Hackers using ransomware break into computers or servers and encrypt mass amounts of data. When the data is encrypted, it can’t be read unless the computer knows the encryption key, so hackers hold that key — and therefore the data — hostage until a certain sum of money is paid.
“Ransomware is one way to make a lot of money really quick and easily,” Cammilleri said.
Sprocket is contracted by Fortune 500 companies, private companies and some municipal governments, Cammilleri said. One of its contracts is with the Milwaukee law firm von Briesen & Roper.
Chief information officer Bill Caraher said the confidential information kept by law firms such as von Briesen & Roper makes them a target for digital attacks.
“It’s not really a nice-to-have (service), it’s a must-have,” Caraher said.
The law firm already had a remote working protocol in place, Caraher said, and it just needed to be expanded to allow more people to work from home. Still, regular monitoring, even when from a firm that’s trying to break your systems, is a comfort. Because at least Sprocket won’t be stealing client data while identifying weak spots.
“You’re fighting a battle where the enemy is known, but the methods aren’t always known,” Caraher said.
