Two Middle East ethical hackers from Help AG, a regional information security consulting company, have qualified to participate in the World Finals of the Global CyberLympics, an EC-Council Foundation initiative supported by the United Nation’s International Telecommunications Union (ITU)
Being held on 19th September 2013 in Georgia, USA. Ali Hussein and Tudor Enache, the only Middle East participants, are part of a six person team that secured its place in the final by besting 73 other teams in the regional eliminations of the event. The Global CyberLympics is dedicated to finding the foremost IT experts to help address issues of global information security, and encourage further development of the field.
While Edward Snowden’s PRISM cyber surveillance revelations have cast new light on the issue of IT security, the Middle East has for a number of years now been a hotbed for cyber crime with organizations such as Anonymous and the Syrian Electronic Army operating in the region. Due to the magnitude of the threat, government and private organizations alike have been making significant investments in their IT infrastructures but Ali Hussein, a Security Analyst at Help AG, believes that the current level of awareness in the region is not sufficient.
He says: “It is wishful thinking to believe that simply deploying the latest IT security solutions will ensure an organization’s safety against cyber attacks. The unfortunate truth is that today, no IT system can be 100% secure. Uncovering vulnerabilities and identifying risks require organization to employ experts who can ‘think like hackers’. Competitions such as the Global CyberLympics aim to identify such professionals and we are extremely proud to be placed among the world’s best. By performing the various forensics and hacking challenges we broaden our knowledge and sharpen our skills. Ultimately, our customers benefit from the experience and insights we have gained.”
Ethical hacking and penetration testing involve simulating real world cyber attacks in order to identify security gaps in IT systems. Executing these requires a high degree of technical competence and these tests help organizations uncover IT vulnerabilities that can potentially be exploited by hackers to steal sensitive corporate data. As an example, Help AG, during a penetration test in a customer’s IT environment, recently uncovered a number of Common Vulnerabilities and Exposures (CVEs) which related to the Oracle E-Business Suite1 and Corporater EPM Suite. By informing the vendor and making the information publicly available, the company helped increase the robustness of a solution that is deployed by a large majority of organizations in the Middle East.
The Global CyberLympics aims to create an opportunity for ethical hacking to be accepted and practiced for the purpose of understanding what it takes to protect and secure critical information and assets. One key initiative for Global CyberLympics has been to foster an environment that creates child online protection through education.
Regional eliminations of the event consisted of three rounds which tested the team’s ability to identify and report evidence of an attack, conduct penetration testing to detect vulnerabilities and defend a network against a live hacking attempt. Mr. Ali Hussein’s team ranked first in each of these hotly contested rounds and will now go on to face the top two teams from each continent at the World Finals.
“The CyberLympics initiative is a great platform to raise awareness about ethical hacking. There is much to be done in the Middle East in this regard,” said Tudor Enache, Security Analyst at Help AG. “Help AG is a regional pioneer in the field and strives to create a work environment that encourages development and advancement of these skills. This support has played a big role in us being able to compete on a global stage at such a prestigious event.”