Ethical cyber warfare

Ethical cyber warfare

cyber warfare and ethical hacking

Retired Royal Naval officer Kieren Lovell shows Jeremy Swinfen Green, TEISS Head of Training, how to run ethical hacking exercises.

How can you persuade employees who work outside IT that cyber security is their responsibility? Kieren Lovell, Head of Computer Emergency Response at the University of Cambridge, has the answer.

It suits his naval background (he has served with the Royal Navy for 9 years and the Royal Norwegian Navy for 4 years) that Kieren uses a military scenario to raise awareness of cyber security. Put simply, he pits two organisations against each other. “Train as you fight”, he says, “and fight as you train.”

Kieren has recently run a cyber security competition between two organisations, the University of Cambridge and Tallin University of Technology.

Also of interest: Shortage of in house cyber skills

Cyber attacks

He asked each to cyber-attack the other organisation’s live IT system and locate possible sources of compromise, using Open Source Intelligence (OSINT), entry-grade hacking tools, and hacking tools available to the public, in order to test each other’s infrastructure.

(Before you ask, Queensbury rules applied. All participants signed NDAs, both sides were invigilated to ensure nothing too nasty happened, and zero digital footprint was left after the engagement.)

So what happened? Both organisations selected teams. These included non-technical staff – Kieran recommends including financial, HR and admin staff in these teams as these are the people who are most likely to be targeted by cyber criminals. The teams were instructed to find and delete critical information.

The contest began. Using tools like Shodan (the Internet of Things search engine), scanning tools, open source hacking tools, and liberal amounts of open sources intelligence from places such as social media, the teams probed and tested their enemies’ defences.

Sadly for Cambridge (shades of Kim Philby here?) they were overwhelmed by the cyber-savvy Estonians. To be honest though there is little shame in this, given that Estonia probably leads the world in offensive and defensive cyber security. (You can find out more about Kieren’s exercise at here.)

Also of interest: Cyber training pitfalls

Learning from ethical hacking

What can we learn? That hacking needn’t be the domain of the specialist. Given a minimal amount of training and using our common sense and insight we can all do it. With the right publicly available tools, anyone can create first-rate and highly effective intelligence reports.

Using multidisciplinary teams for these hacking exercises is key. But don’t they ask “Why am I here?” I queried. “They do at first”, Kieren agrees. “But once they have been shown how easy it is to attack people they understand”.

Kieren will amuse and astonish us when he describes his approach to ethical hacking at the TEISS conference on Wednesday 21 February. Don’t miss it.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]