Computer “hackers” are often viewed in popular culture as people intent on modern mischief. But that’s not always the case. Some are motivated by a desire to better understand computer technology.
This weekend, a National Day of Civic Hacking is behind held across the country, with events in Vermont too. The idea is to bring programmers together to solve problems, rather than create them.
Meanwhile, a cyber security start-up in Berlin, Vt., called “Pwnie Express” embraces hackers.
Dave Porcello is a 33 year-old self-described geek who moved to Vermont from Boston about six years ago.
“I do consider myself a hacker,” Porcello says. “Hacking to me is all about a passion for technology and learning about how things work at a very deep level.”
When he first came to Vermont, Porcello worked for an insurance company in Montpelier but he gave up his day job and started Pwnie Express, a company that makes hardware used to test the vulnerability of computer networks.
The name has its background in hacker culture. Because as any hacker worth his salt knows, to pwn a computer network means to own it or control it.
Pwnie Express has a dozen employees and many of them are hackers who’ve been active at Laboratory B in Burlington, which, like other hackerspaces, is a shared worskpace where tech enthusiasts share tools and expertise. Pwnie Express sales director Mark Hughes says the young company wouldn’t be where it is today if it weren’t for hackers.
“Just about every feature of the products that we currently have, a lot of the really cool whiz-bang stuff has been as a result of direct input from our friends in the hacker community, the security community,” Hughes says.
Those products range from a $900 tablet called the Pwn Pad to a desktop device that sells for nearly $4,000. All of this hardware does basically the same thing, something called penetration testing, which tries to determine how secure a network is.
“Why not test your network in the same way it would be attacked?”, Hughes asks. “And why not have the same technology that would be used to attack you to assess your own network?”
The first Pwnie Express product was called the Pwn Plug. In early 2011 Dave Porcello took a backpack full of them to an east coast hacker convention known as Shmoo Con and sold them all. After Shmoo Con sales of the Pwn Plug took off, in part because a lot of the hackers at the convention have day jobs in the cyber security field and started talking it up at work. In July 2011 Pwnie Express went to Def Con in Las Vegas, one of the oldest and largest hacker conventions. The company sold more than $75,000 worth of gear there.
At this point the devices have now been sold in 15 countries. Most of its customers are computer security professionals but Pwnie Express does a significant business with the federal government, including a lot of what it refers to as “three-letter agencies.”
Pwnie Express has become a business success for its founders. But the very products it makes are also a cause for concern among security professionals. Professor Peter Stephenson runs Norwich University’s Center for Advanced Computing and Digital Forensics.
“The thing that makes Pwnie Express different is that it can be brought in clandestinely, added to the network and then accessed externally,” Stephenson says. “So, if I sneak a Pwnie Express into the system and I have a way to connect to that Pwnie Express from the outside, then I’m inside. I have mixed emotions about it. From the standpoint of a penetration tester, I think it’s great. From the standpoint of the security guy who’s got to protect the network – that would make me a little nervous.”
Pwnie Express says it tries not to sell to people with criminal intent but there’s only so much it can do to vet its customers. Despite the potential for these products to end up in the wrong hands, Peter Stephenson is very keen on Pwnie Express.
“I wish there were a hundred Pwnie Expresses here in Vermont. I really do,” Stephenson says. “I hope there are other high tech industries, businesses, people who look at successes of companies like Pwnie Express and say, ‘Gosh, I could go do that in Vermont.’ Vermont is a place that very well could have a high-tech future. If we just look at companies like Pwnie Express, I’m hoping there will be other entrepreneurs who get good ideas and go out and try and do them.”
Pwnie Express is poised for expansion. The company is working to attract venture capitalist funding and expects to more than double its staff by the end of the year. The expansion could mean relocating its headquarters to Burlington and using the Berlin location for assembly and order fulfillment.
As CEO Dave Porcello says, “I moved up here for a reason. I love it up here. Being in the high tech career world, you know, there aren’t a lot of information security positions in central Vermont or Vermont as a whole. So it’s really a big win for all of us. You know, we get to do what we’re passionate about and still stay in the place that we love.”
