'White hats' help websites by plugging security holes
Updated: 2014-05-29 07:06
By Cao Yin in Shantou, Guangdong (China Daily USA)
Unlike most Internet users, Jiang Kaida subconsciously starts to look for security gaps on websites after he surfs the Internet for a while.
"It's really like a sickness, but I'm interested in it," said Jiang, who works for the network and information center at Shanghai Jiao Tong University.
Jiang is one of six engineers at the university who specialize in finding online security gaps or risks. They are called "white hats" - a group of technology and computer zealots who share network problems they discover with government departments and enterprises.
"My major is materials, but I have a passion for the Internet. I can find online security risks in a short time, but I don't want to be a hacker," said Jiang, who has been a "white hat" for more than four years.
When the 35-year-old man discovers online problems or security risks on a website, he reports them to the National Computer Network Emergency Response Technical Team and Coordination Center, a network watchdog.
"I don't like solving the existing security risks because I think it's a waste of time," he said with a smile. "I prefer to be the information provider."
For example, when he finds a gap in the security of a company's mailbox database, he will first inform the center with e-mails, and the center will remind the company to fix the problem or help it eliminate it.
"In this way, users' privacy, such as names and passwords, in the mailbox system won't be released," he added.
By conservative estimates, China has at least 3,000 "white hats" helping the government and related security institutions, said He Shiping, who works at the center.
"The 'white hats' also share ideas with us in technology salons and report risk clues to us," He said.
The group of people has skills in finding security risks, as online attackers do, but the attackers "have awareness of the network security protections and make it the top priority," he said.
"I know being a hacker may get higher pay, but I can get money other ways," Jiang said.
Zhang Siyu, another "white hat" at the university, agreed, saying he helps the center find network problems in his spare time.
"I knew the group when I was a student and I decided to join them at that time," said Zhang, an information security major who is responsible for guarding the campus network.
"I hope my knowledge can take practice, providing more help for Web companies with security gaps," he added.
Currently, some technology and network enterprises, such as Qihoo 360 and Tencent, also pay the "white hats" as an award for their efforts, the center said.
"Maintaining Internet security is a long-term project that requires persistence and requires us to stay up several nights to study one issue," Jiang said, adding that most "white hats" are males.
(China Daily USA 05/29/2014 page5)