Cybersecurity, Hacking And Digital Evolution: Dinis Guarda Interviews Emily Crose, Former US Intelligence Officer And Author Of ‘Hack to the Future’

In the latest episode of the Dinis Guarda Podcast, Emily Crose, Cybersecurity Expert, Author of ‘Hack to the Future’ and Former US Intelligence Officer discusses the Hacking History project, cybersecurity challenges, cyberwars and the role of AI in digital security. The podcast is powered by Businessabc.net, Citiesabc.com, Wisdomia.ai, and Sportsabc.org.

Emily Crose is an expert in cybersecurity, and government security, with over ten years of experience. She spent seven years as an information security specialist in the U.S. intelligence community, working with the CIA, NSA, and United States Army INSCOM. 

She is also the co-founder of Hacking History, a project exploring the connections between the U.S. government and the hacking community. As a transgender woman and advocate for LGBT+ inclusion, she is committed to promoting diversity in the tech industry. In 2024, Emily published ‘Hack to the Future’, a book examining the influence of hacker culture on U.S. government policies. 

During the interview with Dinis Guarda, Emily Crose shares the origins of the Hacking History project:

"What made me interested in doing hacking history is a sort of related, sort of unrelated story. After I left the government, I took an interest in this history of how people end up in government service from the community that I come from."

"The Hacking History Project... involves us putting in Freedom of Information Act requests to various government agencies about individuals and actions, sometimes hacking tools, asking agencies like the FBI, CIA, and NSA to basically give us the documents that they have on these things."

‘Hack to the Future’: The evolution of hackers in a global context

Published by Wiley in October 2024, ‘Hack to the Future: How World Governments Relentlessly Pursue and Domesticate Hackers’ by Emily Crose explores the changing relationship between hackers and the U.S. government over the years. The book explains how hackers, once seen as outsiders, became important tools in shaping government policies and global strategies. 

Emily highlights key events, like the Morris worm and the Melissa virus, that changed how the world viewed hacking. She also shows how the U.S. turned hacker culture from a small hobby into a professional and strategic tool for national security. This book is perfect for readers interested in technology, hacking, or cybersecurity, offering a clear and fascinating look at the role of hackers in modern history.

As the interview continues Emily discusses her book's approach to hacking history and says:

"Every history that I've seen in the hacking community has been very US-centric—so what are American hackers doing and how has that impacted the world—and I think that's, you know, it's fine. But I knew before writing the book that there was more to the story."

She later explains about the global evolution of the hacking community and said:

"Trying to figure out how we built a global infrastructure for hackers to exist within, a global context for this sort of niche interest to grow within, and then ultimately become a party to geopolitics on a wide scale is something that I really wanted to learn more about.

It takes about 50 years for this sort of weird, misfit group of hackers to go from freelancing to becoming resources that the government actively seeks to recruit.

In the early 90s, hackers were seen as this sort of outlaw group that the law needed to do something about. By the mid-to-late 90s, governments started bringing hackers in to answer questions to Congress in the United States."

Cybersecurity: Threats, ethics, and evolution

Emily explains the dynamic nature of counter-extremism, operations and responsibilities of U.S. intelligence agencies, such as the FBI, NSA, and CIA, in fulfilling requirements for intelligence collection.

She explains the evolving threat of extremism:

"Things like counter-extremism are... an ever-evolving threat. It's not a thing that just exists in one form forever in the exact same way. There are markers that are similar between cases.

Emily discusses the roles of U.S. intelligence agencies:

"In the United States, we have three three-letter agencies: FBI, NSA, and CIA, and they all have requirements for intelligence collection. Most of those requirements come from either military sources or other U.S. legislative sources. For example, even the president can have requirements for intelligence collection.

Emily also explains the methods of intelligence collection:

“It’s up to the three-letter agencies, the intelligence community, to gather as much intelligence about those areas of interest as they can, using the techniques that they have available to them.

Whether that means talking to an individual, getting it through what we call human intelligence or HUMINT, or, hey, we think they may be transferring information over a signal-based device or a computer, send it to a different three-letter agency and then they go and get it.

Part of that, especially in the last, let’s say, 20 years, has been due to signals intelligence, or what we call SIGINT in the intelligence community.

A newer component of signals intelligence is what I do, which is computer security. Offensive computer security is one component of that. You try to grab intelligence off of computers.

Once you get the raw information, you have to send it to people who can piece the entire picture together as the analysts that work within the intelligence community."

Emily also discusses the difference between white hat, black hat, and grey hat hackers. 

"The most basic difference between white hat and black hat hackers is that one group—the white hat hackers—typically have a formal permission-based system that they use. They have a scope, sign contracts, and have goals in mind that benefit the folks that they sign the contract with.

Black hats, on the other hand, sort of make their own rules and they don’t ask for permission when they do their work.

Gray hats kind of live in the spaces in between... Maybe they do have permission, but the permission only goes so far, or maybe they didn’t get permission, but they have a very specific goal in mind."

During the interview, Emily Crose also talked about the complexities of ethical versus legal frameworks in cybersecurity, especially regarding nation-state hacking.

"Government-authorised hackers kind of fall outside of the normal framework that we use for white hat and black hat hackers, or at least in my opinion. I’m sure other people have different options on this.

Depending on whether you are being hacked or you are the hacker in the context of, like, a nation-state offence and defence, you probably would define an NSA computer operator differently based on your own context in the world.

A target of the NSA is probably going to feel that an NSA officer is probably a black hat, right? But in the context of American law, they would fall pretty squarely in the white hat hacker category because they've been authorised to do all of this.

That’s a legal framework... It’s a little bit different than a moral and ethical framework that you might otherwise use to judge these actions.

It’s really difficult to sort of unify those two principles or make a determination about who the good guys are and who the bad guys are. I don’t think it’s quite so simple."

Cyber War and data privacy: Defining security in a digital world

Emily explains the difficulty in defining cyber incidents as acts of war because they do not fit neatly into traditional ideas of warfare:

"Cyberwar is an interesting concept because... it’s a topic that is sort of in the eye of the beholder. Cyberwar is what you make of it.

There are incidents in recent history that we can look at and say, ‘Hey, that seems like it was an act of war,’ but we didn’t really respond to it in such a way that you would if it were truly considered an act of war.

Something like hacking is a bit more of a gray area... It’s a little bit harder to define. For example, the OPM breach... We could identify the country behind it, but we didn’t go to war with China over it.

What if a nation were to get access to the electric grid, like Russia did in Ukraine back in 2014–2015, and turn off the lights? Was that an act of war? Well, again, Russia and Ukraine didn’t go to war at that time over that action specifically.

I think that may be a result of an evolving definition of what war looks like in the modern age... It’s an interesting thing that we are actively defining right now as we speak."

Emily addresses the societal impact of data breaches, the frustrations faced by cybersecurity professionals, and the limited accountability of corporations in safeguarding sensitive information:

"Data privacy has always been a big issue, or at least it has since the turn of the millennium... It’s become very prevalent in the last 15–20 years when we start to see these major breaches of credit agencies.

There’s definitely a higher level of security awareness among people today than there was even 15 years ago... But the flip side is that people have also become very used to having their personal information leaked.

Often, the people who we entrust with that information mishandle it or don’t provide the same level of protective safeguards... It’s not really a major issue for them if they lose their entire customer database, but it certainly is a problem for all of us.

The way companies have seen fit to respond in past years is to give us all a free year of credit monitoring, which most see as not quite enough for the level of trouble that it causes."

Concluding the interview Emily discusses with Dinis, how the growing impact of AI on cybersecurity and the urgent need for increased digital literacy:

“Folks have to have some level of awareness of what is developing—at least a vague idea of what the cutting edge is—or at least know somebody who knows that, so we can all better understand what our security exposures are.

There is always going to be the compartment of technology and business that we can't control—like who provides our power, who generates our electricity and distributes it to us, for example.

What I see AI as being able to do is to sort of fill some of those gaps as an assistive technology, rather than something that can completely replace people.

Especially if we have a potential industrial accident or the conditions for that forming, I can see Artificial Intelligence being an assistive technology to avoid those types of outcomes or to investigate problems.

"AI can shorten the duration of an incident report in the aftermath of a breach, for example, and there are areas that I can definitely see that technology being applied.

I co-founded a small company called Neuralized AI, and what we are trying to do is parse tons and tons of logs generated by businesses—hundreds of gigabytes, terabytes of logs—to understand and manage them at scale.