Google engineer Justin Schuh has been working in computer security long enough to witness some key changes to how the industry has evolved.
Before Google hired him as its very first full-time security engineer for its Chrome browser back in 2009, Schuh worked for IBM, the NSA, and, way back in in 1996, the US Marine Corps.
“There’s a lot of money behind hacking now,” Schuh told Business Insider in an interview. “And the attackers are getting better because there is money behind it — the motivation to succeed isn’t just personal gratification.”
Schuh says that when he first started working security — and even up until 2009 when he started working for Chrome — many more hacks could be blamed on “hacktivists,” people who wanted to use their exploits to make the news or prove a point. Those people still exist, but there are many more bigger fish.
“Now, a lot of computer crime is very big business,” Schuh says. “People are trying to build up large botnets so that they can either sell out access to them for denial of service attacks or use them to funnel spam. It really has become its own industry.”
Famed internet analyst Mary Meeker recently noted that cyber attacks are growing bigger and faster than ever, and the hacker-for-hire market is growing accordingly. It’s now easier than ever to find people offering their (often illicit) services online.
You can hire someone to hack a Gmail or Facebook account, or take down a website.
“Hackers are actually getting very clever in finding ways to monetise their attacks,” Schuh says.
“When I started, abuse wasn’t anywhere as big a concern as it is now. And when I say abuse, I mean the kind of thing where it’s like, ‘Hey, install this tool to see the pink ponies!’ And people say, ‘Sure, I want to see the pink ponies.’ And so they install the tool, and it turns out that it resets all your preferences and now every keystroke you type is getting monitored, and all your search requests are getting funneled through this third party… It’s the kind of stuff we just didn’t see before, and now you’re seeing it.”
Schuh warns people who use Chrome to beware of third-party plug-ins, because over the years he’s seen an increase in malicious third-parties tricking users into downloading things they shouldn’t (and even when the browser warns them not to).
Luckily, the increased cash behind cybercrime has been matched by increased cash in prevention.
Worldwide spending on information security was expected to reach $US71.1 billion in 2014, and will increase 8.2% to $US76.9 billion in 2014, according to Gartner research.
As one of Google’s tech lead managers for Chrome, Schuh is now responsible for making sure the browser stays secure from attackers through infrastructural preventative measures.
His job may be a lot of things, but it’s never boring.
“We’ve gotten a lot better, but the hackers have gotten better, too,” he says.
Overall, Google has about 30 full-time engineers plugging away on the Chrome security team.