Beat Hackers At Their Own Game

[Johannesburg, 2 May 2001] – Ernst & Young aims to teach corporate South Africa to break into Windows NT, Windows 2K and Unix systems and use Internet-facing systems/Web sites to gain unauthorised access to corporate systems (example defacing Web sites, cyber-shoplifting). This is in an effort to motivate organisations to initiate stricter security measures.

Launched as the first definitive anti-hacking course in South Africa, CounterHack has been designed to familiarise approved course participants with network-based attack and penetration techniques that hackers may use against corporate networks.

“We have aimed the course at senior IT staff (including administrators and hands-on technical experts) and IT managers with the intention of training them in the same techniques that hackers use. Once they know how hackers think and what they look for, IT staff can ‘hack’ their own networks and detect where there are security risks and then plug them. This course enables companies to be more proactive about their security,” Mark O’Flaherty, eSecurity Partner at Ernst & Young says.

The course which was first run in October last year in Johannesburg and Cape Town went extremely well, with reports indicating that every person on the course who went back to their office and utilised the course methodology to test their system, found security weaknesses or vulnerabilities. Many have started implementing higher-level security programmes to prevent a breach as a result of the course.

O’Flaherty stresses that while the course, being run by a team of four security specialists including reformed hackers such as Stieler van Eeden, who won a measure of notoriety by hacking into companies’ systems and leaving messages saying he was looking for a job, focuses on how to hack systems, it will also provide staff with solutions and advice about how to counter these threats.

“Applicants will need to have a strong understanding of TCP/IP, as well as familiarity with the Windows NT or 2K and Linux operating systems as they will spend a day using each of these operating systems, examining the threats to each, during the course. Applicants who are not employed by established companies, and do not have the company’s backing, will find it extremely difficult to get onto the course. We aren’t trying to train hackers, instead aiming for the flip-side of the coin – security specialists,” O’Flaherty says.

Recent surveys show that at least a quarter of companies, both in SA and globally have had breaches by hackers, and increasingly find e-mail intrusions the common entry point.

The CounterHack course, in SA was adapted, localised and updated from a similar course eXtreme hacking, which Ernst & Young has presented in the US for several years. The theme and the main aim of the course for both courses is that: “Hacking is not something that is easy to define, nor is it necessarily a skill that can be learnt. Hacking is a mindset, a way of approaching problems, and a way of life. All we can give you is some insight into the way a hacker works, how to make use of that, and what you will do to protect yourself is up to you.”

The Johannesburg course will take place at the First National Bank Conference Centre in Sandton on 18th, 19th, 20th and 21st June 2001.

For more information visit www.counterhackonline.com or contact:

Leonora Maclou, maclole@ey.co.za or (011) 498 1659

Don't miss