Log In

Reset Password

Cybersecurity tips at live hacking event

Cybersecurity focus: a live-hacking demonstration, hosted by (ISC)² Bermuda Chartering Chapter, attracted about 40 attendees (Photograph by Scott Neil)

A live hacking demonstration in Hamilton was well-attended, and could be followed by more public events to raise awareness about IT security.

Experts showed how easy it can be to launch a phishing e-mail campaign that tricks a recipients into clicking bogus website links, or open an attachment that contains a hidden code allowing a hacker to gain full access of a user’s computer.

Having gained controlled of a compromised computer, an attacker is in a position to monitor everything that goes on, operate inbuilt microphones, webcams, and record key strokes to capture username and password details. If it is a company workstation that is compromised that could lead to serious and costly damage to an internal network, and the loss of valuable corporate data.

The hacking event was hosted by (ISC)² Bermuda Chartering Chapter, and featured a demonstration by Mark Phillips and Mathew Sofiyani of Dionach, a global penetration testing and information security services company.

Mr Phillips, a senior technical consultant, explained the motives behind hacking attacks. These range from stealing intellectual property, identity theft, blackmail and ransom demands.

E-mail is a major avenue for hackers, with an estimated 156 million phishing e-mails sent every day. Of those, about 10 per cent evade security and junk mail filters, leading to an estimated eight million dangerous e-mails being opened, of which 10 per cent of users click onto a malicious link; of those, a further 10 per cent take the next step of inputting personal data — which goes straight to the hacker.

Mr Phillips demonstrated how this can be done and showed ways to avoid falling victim — these include “hovering” over links to uncover the true URL destination, being aware of destinations that use “http” rather than “https” [the final ‘s’ denotes secure], and spotting typos in bogus web addresses that are designed to make them almost indistinguishable from a genuine site.

Phishing e-mails are not the only tactic used, phone “vishing” is also used to get a person to divulge personal information that can be used in hacking attacks. While creating bogus webpages that look like a genuine, trusted site is another way hackers harvest passwords and other sensitive detail.

Mr Phillips explained how easy it is to gather personal information from social media sites — including the ability to track the daily activities of a person using a app such as Strava, which logs a person’s training sessions, such as running or cycling, and posts the details online. Knowing a person’s regular routine and when they are likely to be away from home would be useful information for a burglar, the audience was warned.

The demonstration was aimed at increasing awareness of the dangers presented by phishing attacks and hacking, and to offer tips on how to lessen the risk and avoid pitfalls.

Mr Phillips struck a note of optimism when he pointed out that from 2015 to 2017 successful breaches from ethical hacking test campaigns had fallen from 14 per cent to 10 per cent as a result of greater awareness and more robust security.

After the event at the Mariners’ Club, on Richmond Road, Sheriden Smith, president of (ISC)² Bermuda Chartering Chapter, expressed delight with the turnout. He said: “I was hoping to get 25 people, but we had 40.”

He said one aim of the group is to raise awareness among students and young people of potential careers in IT security. He pointed out that it is expected several million cybersecurity positions will need to be filled in the US alone by 2020.

“We are trying to encourage young people to consider this. We are going into schools and colleges,” Mr Smith said, adding that the cybersecurity field is well paid and job opportunities can be found around the world.

The (ISC)² Bermuda Chartering Chapter, which started in January, is preparing its final report that will go to the (ISC)² organisation’s headquarters. If the Chapter wins approval to continue chartering it aims to offer more public events, dealing with IT security for corporations and business, and also for personal users at home and at work.

The International Information System Security Certification Consortium (ISC)² is a non-profit organisation that specialises in training and certifications for cybersecurity professionals.

There is a (ISC)² Bermuda website at https://isc2chapter-bermuda.org/

Cybersecurity focus: a live-hacking demonstration, hosted by (ISC)² Bermuda Chartering Chapter, attracted about 40 attendees (Photograph by Scott Neil)