Wearing the White Hat

The year is 1995. The computer programming language Java has just been introduced by Sun Microsystems. Sony’s CD-ROM-based home gaming system, the PlayStation, has made its way to North America. The new Digital Video Disc (DVD) format has begun revolutionizing the film industry, pushing aside its clunky cassette tape predecessor. And a young Fred Frey ’98 has just written his first-ever computer virus.

“I was a freshman at MSJ, and I’d learned just enough programming to be dangerous,” he begins. “I crafted what would be my inaugural faux virus. This piece of code lay dormant on my father’s Windows 3.11 desktop, springing to life only on his birthday. Upon startup, it would feign a hard drive wiper virus (25 years before ransomware was popularized), demanding a password and initiating a heart-stopping 10-second countdown. At zero, instead of chaos, it unveiled a vibrant ASCII art message wishing him a ‘Happy Birthday.’”

Fred has always considered himself a “hacker.” “Hacker mentality is just constant curiosity about how things work,” he says. While the moniker has taken on a felonious connotation among the general public, Fred’s hacker mentality has led him down quite a different path. As a cybersecurity professional at Booz Allen Hamilton, he spent 22 years tracking down nation-state actors for the intelligence community. Much of his work is classified, but a few projects have been made public over the years, including his team’s investigation of the 2008 Agent.BTZ cyberattack.

In this incident, Russian entities had gained access to classified documents on secure U.S. military computers that were isolated from the internet. The counterintelligence team unearthed a sophisticated and novel malware technique that allowed the Agent.BTZ worm to spread undetected across 300,000 computers, scouring the hard drives for sensitive information, which it clandestinely exfiltrated via USB drives.

“The ingenuity of this technique lay in its ability to bridge the air-gap security measure, a strategy thought to be fail-safe until then,” he explains. “The impact of this breach was profound, signaling a devastating blow to national security protocols and exposing the vulnerability of even the most safeguarded systems to physical cyber espionage tactics.”

Five years later, Edward Snowden leaked highly classified NSA documents, leading to a brain drain from the U.S. government and its contractors as top talent sought higher paying positions in the commercial sector. To combat this, in 2016, Fred co-founded Booz Allen’s DarkLabs, an elite team of reverse engineers, penetration testers, and security researchers applying the same tools, techniques, and mindset as the most advanced criminal hackers to discover vulnerabilities in critical systems before they can be used for malicious purposes. These are what the industry calls “white hat hackers.” They’d been doing this for years at the classified level, but DarkLabs brought hacking out into the open to aid defenders.

As technical director, Fred led teams of offensive (“red team”) and defensive (“blue team”) hackers focused on critical new business areas. In one case, an elevator manufacturer hired DarkLabs to evaluate the risks of connecting their systems to the internet. With unfettered access to the company’s source code and chipsets, Fred and his team put on their “white hats” and hacked away, uncovering several zero-day exploits–or previously unknown and unpatched vulnerabilities. On retainer by a large auto company, they investigated cases of car hacking, as cars became increasingly digitized.

With more and more criminals donning “black hats” and creating chaos, Fred sought to make an even deeper impact in the cybersecurity world. In 2021, he co-founded SnapAttack to help organizations stop cyberattacks before they occur. “SnapAttack is snapshotting the hacker behavior, sharing it widely, and developing a platform to detect and combat it,” explains Fred. The program’s integrated suite of tools and patented threat emulation library allow users to visualize attacks from the hacker’s perspective to hunt and deploy real-time detections.

SnapAttack also provides a free community platform, creating a space for users to work together to collectively gather enough information to prevent attacks and stay on top of new ones. “We realized that all of the knowledge about hacking was very siloed,” explains Fred. “The talent was spread thin and didn’t have a web to communicate and collaborate on some of the world’s toughest problems.” The idea is to bridge the actions of red teams and blue teams to create a collaborative “purple team” on a community scale.

“I think a lot of cybersecurity experts want to share knowledge,” he says. “Collaboration has often been vendor specific and limited to blog posts and tweets, but to turn the tides on hackers we need to collaborate at adversary speeds. We didn’t invent sharing, but we revolutionized how to share.”

So, in the constantly evolving cyber landscape, what’s next? As Artificial Intelligence (AI) becomes more advanced and pervasive, Fred believes SnapAttack is going to play a vital role in developing AI enablement for cybersecurity defenses. “AI is only as good as the data training set,” he explains. “It hasn’t taken off in cybersecurity yet because there’s not an extensive amount of labeled data available. A lot of the hacking techniques are underground or not stored in any one place. So, we are collecting all the data, labeling it, and training AI models on it to build more robust detections to stop cyber threats.”

The Mount Saint Joseph freshman coding away on his dad’s primitive PC could scarcely have envisioned a future in which computers could write their own programs. But, as a true hacker with an insatiable curiosity, Fred’s knowledge and skills have progressed with technology, keeping him on pace to be at the forefront of AI-informed cybersecurity strategies.