Posts Tagged With ‘hackers’


Hackers compete in global Cyberlympics Championship at Gitex

The first ever CyberLympics regional finals at Gitex Technology Week head towards the climax of the competition with some of the most skilful hackers from India and the Middle East taking part in a series of ethical challenges to attack and defend a number of software targets.

Covering web applications, OS compromise, exploit hunting, and lock picking, the event involves six teams from India, Jordan and the UAE pitted against each other to highlight the sophistication and speed of ICT security.

“It gives us great pleasure to be partnering with Gitex to host the region’s first CyberLympics finals,” said Leonard Chin, Vice Chair of the Global CyberLympics Organizing Committee. “CyberLympics involves a tremendous amount of skill and it’s a lot of fun, but it is also an excellent way to raise awareness of cybercrime. We have already seen a great attendance throughout the championship and I expect the audience will grow even more for the final day.”

Read more…


FierceFinanceIT: Banks turn to ethical hackers to enhance security

As reported in FierceFinanceIT, 2011 has seen major financial and commercial companies victimized by online breaches. In an effort to beef up security, many of these companies are now turning to certified professional hackers to test and enhance security systems.

Often referred to as “ethical hacking,” it’s a phenomenon that Jay Bavisi, co-founder of the International Council of Electronic Commerce Consultants (EC-Council), says has entered into the mainstream over the last 10 years.

“In five years it will almost become mandatory. You probably need to have an [ethical hacker] that’s on your job,” Bavisi told FierceFinanceIT. Formed in 2001, the EC-Council has trained over 80,000 individuals, certified more than 30,000 IT professionals and represents 87 countries, according to the organization’s website. Read more…


New Horizons sponsor on the most important hackers conference in Brazil: H2HC

Over the past 27 to November 28 was held at Hotel Novotel Morumbi in São Paulo | Brazil the 7th Edition H2HC (Hackers to Hackers Conference). A conference organized by people who work or who are directly involved with research and development in information security, whose main goal is to enable the dissemination, discussion and exchange of knowledge on information security among participants and also among the companies involved in event. With training and lectures presented by respected members of the corporate world, research groups and underground community. This year the conference has demonstrated techniques that have never been seen or discussed with the public before.

The New Horizons Brazil with his technical staff and consultants attended the event as sponsor, offering training and showing their networks training, information security training and the coveted EC-Council Certified Ethical Hacker training, which aims at qualifying professionals to implement testing non-destructive penetration in e-Commerce, e-Business, IT Security and other types of networks and systems.


This event was attended by over 400 guests from various fields and companies in Information Security.


EC-Council President to Lead Hacker’s Panel at Infosecurity Europe

ALBUQUERQUE, NM, Apr 15, 2010 – Infosecurity Europe, the leading cybersecurity event in Europe, has named Jay Bavisi, president and co-founder of EC-Council to lead its signature Hacker’s Panel at the London conference later this month. The panel, scheduled for April 29th, will focus on the subject of cyber warfare, from the perspective of both crime fighters and victims in order to better evaluate the threat and its financial impacts.

“I am gratified to have been named once again by Infosecurity Europe to lead this groundbreaking Hacker’s Panel,” Jay said. “This panel shall engage in one of the most interesting cybersecurity discussions to take place in Europe, and I look forward to sharing insights from the best minds in the industry on the latest threats facing the cyber community.”

Jay will serve as chairman of the Hacker’s Panel, which is to consists of several of the world’s leading hackers and cybersecurity experts. This marks the second time Jay has been chosen to lead the Hacker’s Panel at Infosecurity Europe. In addition to Jay, one participant on the Hacker’s Panel is Sean Hanna, EC-Council’s Certified Instructor, who is also the director of Nemstar Ltd. Hanna is an award-winning IT Security trainer and consultant who has served such clients as the Irish Army and international financial companies and public sector organizations in both the United Kingdom and the Republic of Ireland.

Due to the sensitivity of the subject, the remaining panel speakers will not be identified prior to the event.

Since founding EC-Council in 2002, Jay Bavisi has been a strong advocate for the adoption of better training and education standards within the IT security industries in the U.S., Europe and Asia. His organization has been instrumental in creating new industry standards for cyber security training, including Certified Ethical Hacker (CEH); Computer Hacking Forensic Investigator (CHFI); Security Analyst (ECSA); and Licensed Penetration Tester (LPT) certification. In February, EC-Council got the nod from the U.S. Department of Defense to incorporate Certified Ethical Hacker training as an option to the Pentagon’s formal training program for its information assurance workforce.

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

For more information about EC-Council, please visit the website: www.eccouncil.org

ABOUT INFOSECURITY EUROPE

Infosecurity Europe, celebrating 15 years at the heart of the industry in 2010, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of five Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 27th – 29th April 2010, in Earls Court, London. For further information please visit www.infosec.co.uk


TIME: To Battle Computer Hackers, the Pentagon Trains Its Own

Thursday, Mar. 18, 2010

After years of building firewalls and other defenses against relentless hacker attacks, the Pentagon is going over to the dark side of computer warfare. Only ethically, of course. The Defense Department, like most large organizations, has recognized that no wall is high enough to keep out skilled and determined hackers for keeps. Instead, it has decided that in order to anticipate and thwart those attacks, it needs to know what the hackers know.”More than 100 foreign intelligence organizations are trying to hack into U.S. systems,” Deputy Defense Secretary William Lynn warned last month. “Some governments already have the capacity to disrupt elements of the U.S. information infrastructure.” So the Pentagon recently modified its regulations to allow military computer experts to be trained in computer hacking, gaining designation as “certified ethical hackers.” They’ll join more than 20,000 such good-guy hackers around the world who have earned that recognition since 2003 from the private International Council of E-Commerce Consultants (also known as the EC-Council).”We are creating cyber-bodyguards,” says Sanjay Basivi, president of the council. “We’re not creating combat people.” But as the world becomes increasingly interconnected via the Internet, the stakes have become too high to rely on static defenses alone to protect the immense flows of vital information that operate the world’s financial, medical, governmental and infrastructure systems. “The bad guys already have the hacking technologies,” Bavisi says. “We can say, ‘Tough luck, the bad guys play by different rules and you can’t do anything about it, so just go lock your doors.’ Or we can tell the good guys, ‘We will arm you with the same knowledge as the bad guys, because to defeat the hacker you need to be able to think like one.'”Basivi and the Pentagon are sensitive to the possibility that the tactics taught could be used for other purposes. “We’re not training Department of Defense guys to become hackers and start hacking into China or any other countries,” he says. Week-long courses will train them in 150 different hacking techniques and technologies, ranging from viruses, worms, sniffers and phishing to cyber warfare. The cost of the course ranges from $450 to $2,500 depending on the training involved.Pentagon personnel “are not learning to hack,” insists Air Force Lieut. Col. Eric Butterbaugh. While the EC-Council calls it “Certified Ethical Hacker” training, the U.S. military also calls it “penetration testing training” or “red-teaming.” These are proven military techniques that have been used for decades to hone war-fighting skills. The Air Force and Navy, for example, maintain “aggressor squadrons” of F-5 and MiG warplanes to give U.S. military pilots practice against the tactics of potential foes. And the Army’s National Training Center at Fort Irwin, Calif., has long boasted a highly-trained “op-for” — opposition force — that regular U.S. Army units engage in realistic war games.The program will be no cure-all for the Pentagon, whose networks are hacked hundreds of times a day. Adriel Desautels, the chief technology officer at Netragard LLC., a Massachusetts-based anti-hacking outfit, says that while “it’s better than nothing,” there are simply too many vulnerabilities to protect the Pentagon’s estimated 10 million computers. Desautels likens it to 1,000 Dutch boys trying to stop water from flowing through a dike springing millions of leaks. “The threat is defined by the real black hats, and it’s impossible to know what the black hats are researching,” he says. “The number of vulnerabilities far exceeds what any white hats are going to discover.”

Both Butterbaugh and Bavisi say there are no concerns that military personnel trained as hackers might go rogue. “Computer network defense service providers,” Butterbaugh says, “are vetted and have security clearances.” Not only that, adds Bavisi: those trained as ethical hackers have to sign a legally binding pledge that they will not engage in malicious hacking. “So far,” he says, “we haven’t had a single case where someone became a real hacker.”


Good hackers meet to seek ways to stop the bad hackers

Ethical hackers gathered this week in Miami to talk about the latest cyber terrorism threats. The world of hackers is kind of like the Star Wars universe: There’s a light side and a dark side of cracking computers.

Hundreds of hackers on the side of good — or ethical hackers — gathered at the 14th Hacker Halted global conference this week, held for the first time in Miami, to talk about strategies to thwart cyber terrorists.

Ethical hackers understand how to hack a system in order to better protect against attacks, or to know where the vulnerabilities are in a program.

“A good defense is a good offense,” said Sean Arries, a security engineer at Terremark Worldwide. “If you understand your opponent and you understand how the attacker is going to attack you, then it makes it a lot easier for you to defend yourself.”

Arries gave a cautionary presentation detailing how hackers can take advantage of a vulnerability in Windows Vista and Windows Server 2008 — a gateway for hackers that Microsoft hasn’t yet patched.

Arries did a scan of 43,000 domains and found 110 of those sites were vulnerable to that exploit.

“Now 110 is quite a lot, because that becomes a staging process for an attacker to launch against other sites and internal networks,” he added.

Bloggers have been writing about this flaw for two weeks, so it wasn’t exactly news to the audience. But while going through slides filled with programming code, he warned attendees that hackers will likely launch a worm to take advantage of this flaw any day now.

“We are in a scramble state to secure our clients and customers and secure ourselves interally before this worm shows up — and it will be coming,” Arries said in an interview afterward.

Not everyone who comes to events like this is a good guy, so to speak. Talk to anyone at that conference and they believe at least some “black hat” hackers were among them in anonymity — or more likely, programmers who work in a morally gray area.

“The same techniques that you learn to protect a system are the same things people look at to break into systems,” said Howard A. Schmidt, president of the Information Security Forum. “You have the good guys trying to out-thwart the bad guys, and the bad guys going to learn from the good guys. ”

BLACK HATS

In the world of hacker conferences, Hacker Halted, which ended Friday, is pretty tame compared to the DefCon and Black Hat conferences in Las Vegas.

“That’s where you get more of the black hat subculture to learn what’s going on and extract information that maybe you should or shouldn’t be privy to,” said Solutient technical trainer Ernie Campbell, who flew in from Cleveland to attend. Malicious hackers are usually grouped into subsets.

There are the “script kiddies,” a derogatory term given to hackers who use programs to cause trouble because they don’t have the skills to write their own code. There’s also the typical movie stereotype of pale guys pounding down energy drinks in a basement full of computer screens as they wreak havoc.

“That certainly exists, but it is a small, small subculture,” said Erik Laykin, managing director of Duff & Phelps in Los Angeles and honorary chairman of the Electronic Commerce Council, which organized the conference.

The hackers that Laykin and other investigators focus on are the criminal hackers — many working out of the country — who keep coming up with ways to steal financial information.

CONSTANT JOB

And while these criminals work 24/7, it’s a constant job of playing catch up for the certified ethical hacker who is trying to stay on top of the latest exploits. And as people become more attached to mobile devices, cellphones will be the target down the road.

But it could be worse than that.

“Defibrillators that are implanted in people’s chests today have electronic remote sensors so they can be reprogrammed using wireless technology. That’s an early technology that’s potentially susceptible to hacking,” Laykin said.