Delegates are in Dundee today for Scotland’s largest cyber-security conference, hosted by Abertay University. Jennifer McLaren learns more about ‘ethical’ hacking’.
Many of us will spend a lot of time on the internet, whether it be browsing, buying, banking or communicating. A question we should always ask ourselves but perhaps rarely do is: how safe is our information?
While it’s important to be security conscious on a personal level, the organisations storing our details also have a duty to keep sensitive data safe which means keeping hackers out.
The term “hacking” is generally perceived to be a negative one from its context to violently chop or cut or to commit a foul in sport.
In computing terms, however, to hack means to skilfully manipulate a computer program. The only problem is most of the time the reason for doing this is to gain unauthorised access to another system.
So, by its very nature, ethical hacking is the reverse of this. Yes, ethical hackers must know how to gain unauthorised access to computer systems but only so they can put measures in place to prevent someone else doing the same, with the intention to harm.
From its humble beginnings three years ago, the Securi-Tay conference at Abertay University has come a long way.
Organised by a team of ethical hacking students, it will today bring together more than 100 delegates from education, industry and law enforcement to focus on issues surrounding cyber security.
There will be a series of talks and discussions by industry leaders, academics and students from Abertay’s ethical hacking degree courses, who have an opportunity to present their research.
The event has gained sponsorship and support from major internet security companies including NCC Group, Cigital and MWR InfoSec.
The university’s ethical hacking degree course was launched in 2006 by programme tutor Colin McLean and is the first of its kind in the UK. Since then it has built up a fine reputation for providing graduates with the attributes required by the leading security companies in the UK.
Colin explains: “Employability prospects for our students are huge. Currently, we can’t produce enough graduates for the jobs that are out there.”
Up until now, the majority of employers have come from south of the border but Colin says Scottish businesses are now starting to wake up to the need for security experts.
According to figures released by the Scottish Business Resilience Centre, the cost of computer crime in Scotland is estimated at £5 billion each year that is £160 every second.
“Because security is such a specialist topic for the department, it is now being introduced to other courses including web developing and computer games developers,” continues Colin.
“People are going to try to think of unique and novel ways to steal and so we have to try to imagine these or, if we spot them, try to do something about them.
“People think it’s quite strange, but actually it is natural because I don’t think you can secure anything without thinking like a criminal.”
Gavin Holt is a 4th year student at Abertay studying a BSc in ethical hacking and one of the people involved in running the conference. He says the event has more than doubled in size since it began in 2012.
The keynote speaker is Ollie Whitehouse from NCC, one of the largest internet security companies in Europe, who will be discussing physical security: “Hackers walking straight into companies and plugging into PCs,” Gavin explains.
“There are also talks about global internet security, personal security and even social engineering the concept that a hacker could spend all day trying to break a password, but if they called a person up and said they were from a helpdesk then they might get it over the phone.”
Gavin got into ethical hacking because he is passionate about writing computer code.
“I have always been fascinated with computers and how they work and all that ethical hacking is is understanding in very great detail how computers work.”
He says there are different kinds of hackers: “You’ve got people hacking for profit probably the biggest market.
“There are hackers in Eastern Europe who are running hundreds of thousands of computers, stealing passwords and buying details.
“The second type is those who do it for credit and reputation, so they can say, ‘I did this’, and your third type is political activists the group Anonymous, for example who do what they do to effect change.”
For example, on July 4, 2011, Fox News fell victim to hacking when its politics Twitter feed announced that President Barack Obama had been shot dead.
Meanwhile, on April 23 last year the Associated Press had its Twitter account compromised by ‘hacktivists’ when a post appeared stating Obama had been injured in an explosion at the White House. The announcement sent the US stock market into turmoil.
As a marketplace, cyber security and information security is growing at pace, and rarely a month passes without news a company has been hacked.
Gavin says: “For example, on New Year’s Day 4.6 million people’s details were stolen from Snapchat and the interesting thing about that is they were told in September 2013 by a set of researchers that they were vulnerable and they ignored it.
“In the last four years the biggest shift hasn’t been what attackers are doing but what there is to attack. As more and more things go on line, the more people are becoming vulnerable.”