Breaking News
More () »

Austin's Leading Local News: Weather, Traffic, Sports and more | Austin, Texas | KVUE.com

'We are the devil's advocate for security': Austin interns hacking into products for companies

IBM's X-Force Red team is made up of "ethical hackers" hired to break into companies' buildings, networks and products so they can fix their security issues.

AUSTIN, Texas — When was the last time you had to get a new credit card because someone hacked it? It's frustrating when criminals find a way to steal something you own. There are Austin interns who have been hacking into products this summer so criminals can't.

IBM has an office in Austin that includes the headquarters for the company's X-Force Red, which is made up of what some call "ethical hackers." IBM's hackers are hired by companies to break into their buildings and networks so they can find and fix their security issues before criminals are able to.

It's a program IBM decided to allow interns like Michael Mitchell – who is about to be a senior at the University of West Florida – to be a part of. As a cybersecurity major, working for IBM's X-Force Red team is exactly what he wanted to do.

"Putting papers into a filing cabinet, you can do that anywhere," Mitchell said. "Being able to leave a university that can only teach you so much and then go to the bleeding edge of an industry and get to experience that firsthand is a unique experience."

RELATED: ICE used facial recognition to search state driver's license databases, records show

This group will break into many types of things, ranging from actual safes to websites to business identification card readers. Daniel Crowley is the research baron for X-Force Red, assigning products and budgets for the other members. Figuring how things work and hacking into them started as a hobby for Crowley before he turned it into a career.

"It's about really getting your hands dirty," Crowley said. "It's about really coming to understand how things work. We can be there to find those problems and get them fixed before a crime can happen."

Anna Zeng is another intern who said her approach to fixing problems has changed since coming to IBM.

"What are the things that I can think of to create to solve problems?" Zeng said, speaking to how she used to think. "Now I think about what is already out there in the world right now that already exists. I want to know how I can understand it to see how it's being used incorrectly or to find places where I can potentially break in."

Charles Henderson is the global managing partner and head of X-Force Red. He said X-Force Red has grown into something much bigger than anticipated.

"This started three years ago with four people," Henderson said. "We now have 200 people globally. We are the devil's advocate for security. People hire us to make things break."

It's also not just about discovering problems; it's about finding answers as well.

"We don't want to tell the world, 'Hey, you're vulnerable to this attack and there's nothing you can do – goodbye, good luck,'" Henderson said. "We want them to be able to fix it."

RELATED: Facebook to make jobs, credit ads searchable

Joining the team is not as easy as Henderson said IBM has to make sure it is something they can trust to get the job done and use the gained information to help the companies.

"We know most of the people we bring in for a substantial amount of time before we bring them in," Henderson said. "Our entire industry is built on trust as well as capability."

Henderson also said there is a lot of pressure to get the job done since the next person to do so could have bad intentions.

"Criminals only care about the target itself," Henderson said. "If we service a client, miss something and then a criminal finds it, that's a very bad outcome."

IBM also publishes the issues its team finds in order to help people and companies who might have similar products or networks. Hannah Robbins is about to be a senior at the University of Tulsa, majoring in computer science. She actually interned with X-Force Red last summer and was able to write up a report on some security issues she found for a company.

"There's this feeling of realizing that you've made a company and a product more secure," Robbins said. "Being able to work with other people on your team really gives you the ability to find all the different vulnerabilities in a product."

Each of the interns had a vulnerability research project this summer that they will all present Wednesday to Henderson and the X-Force Red Team.


Two injured after shooting in Downtown Austin

TxDOT breaks ground on $50.4 million SH 71 project

Homeless sex offenders: How many are in Austin and how do police keep tabs on them?