By Ray Downs
By Lindsay Toler
By Lindsay Toler
By Chad Garrison
By Allison Babka
By Lindsay Toler
By Jake Rossen
By Lindsay Toler
Chronister has seen firsthand how well St. Louis companies have prepared themselves for potential cyber attacks. And the results ain't pretty.
Even if corporations have a functional security infrastructure, Chronister can crack many companies by simply calling up, pretending to be an IT guy and asking for a password. Yes, this works. It's called "social engineering" in ethical hacker jargon, and it doesn't take much super spy training to figure out.
Some ethical-hacking pros even refer to people as "wetware." It sounds condescending, but it's true. Humans are squishy, malleable and eager to come across as helpful. They're even more eager to spew their personal vitals all over social media. While most office drones imagine it's some unseen code monkey's responsibility to keep their company's data safe, it's the rank and file who are often the weakest links in the chain. They make it easy.
"Sometimes you step back out of this ethical-hacking world and think, 'My God, we are screwed,'" Chronister, 37, says. "It's really, really easy to break in. You forget how scary it is to someone outside of it."
Dave Chronister made his first hack at age eight while pecking away at his father's Tandy 1000 EX. For the early '80s, it was a gem of a computer: blazing 8MHz speed, 256KB of RAM and a 300-baud modem. Some 30 years later, Chronister reminisces about this machine the way some guys brag about their first car.
It was the height of the "war games" era, birthed by the 1983 Matthew Broderick film in which an enterprising young man hacks his way into nearly starting World War III. Just as Broderick's Ferris Bueller's Day Off would later inspire a generation of wannabe adolescent rebels, WarGames was a cultural touchstone for every computer geek who grew up around the time of its release. It's an irresistible power fantasy: sparking an international incident from the comfort of one's bedroom.
The movie also inspired the name of a little hacking trick called "war dialing," which Chronister was trying out for the first time. A war dialer was a straightforward program that would call a range of telephone numbers in succession via a computer's modem. The idea was to hopefully dial up a computer system that accepted incoming calls, which was a long shot at best.
But sure enough, Chronister hit pay dirt: He stumbled upon the portal for a St. Louis car dealership's mainframe. "Please enter username or 'guest' to continue," the screen instructed. Instead, Dave ran to confess what he had done to his father: a six-foot-two, 250-pound-plus cop.
"He told me to disconnect from that; you're not allowed to look at that," Chronister recalls. "Then he joked and said something along the lines of, 'I brought you into this world, and I can bring you out.'"
The law-and-order view of the world his father instilled in him has never really left Chronister. In a profession packed with self-styled antiheroes, he is an admitted "goody two-shoes."
Chronister and his wife, Renee, operate Parameter Security above a Celtic pub on St. Charles' historic Main Street. Inside, the vibe is a strange mix of Midwestern homeyness and Silicon Valley flair. The couple's two basset hounds amble aimlessly through the office space while Dave, dressed in a T-shirt and cargo shorts, fiddles on a keyboard. Between his goatee and sardonic sense of humor, he has an odd resemblance to a younger Louis C.K. Renee is redheaded, excitable and always appears to be mentally juggling three other projects while talking about another.
The two launched their cybersecurity business in 2007 after spending the previous Christmas Eve enjoying generous portions of Jack Daniel's (for him) and Budweiser (for her) while bitching about their jobs. David worked in IT at a bank in Troy. Renee was with a marketing firm. They decided to ditch both and start their own venture together.
From boozy beginnings came a company with a very sober grip on hacker morality. Borrowing a page from Dungeons & Dragons and its complex alignment system, Chronister describes his hacking philosophy as "lawful good."
According to the highly reputable D&D Wiki, a "lawful good" hero combines a commitment to oppose evil with the discipline to fight relentlessly. In other words: "She tells the truth, keeps her word, helps those in need and speaks out against injustice."
Even when he is breaking into a company's servers, or phishing its employees via a dummy webpage, or infiltrating its headquarters through a low-grade subterfuge ("Hey, I'm the bug guy. Where can I start spraying?"), there is little moral ambiguity in any of this for Chronister. This is purely transactional. A company comes to him looking to get its systems tested, they sign a contract (complete with non-disclosure agreement), and Chronister and his team set to work cracking their assigned target.
In the past six years, the Chronisters have surrounded themselves with a small group of similarly principled party members at Parameter. While it might make for a sexier story, there are no reformed bad-guy hackers in the bunch.
"Once a criminal, always a criminal, in my opinion," Chronister says. "If you break the law once, how do I know you're not going to do it with my client's information?"