Former hackers protect NSW's critical infrastructure

Powered by SC Magazine
 
Page 1 of 2 | Single page

State government contractor turns black hats white.

In a fortified, bulletproof facility in North Sydney, security engineers who once skirted the limits of hacking laws now work to catch those attacking NSW’s state critical infrastructure.

The engineers were talented hackers from Brazil, India, Russia and the former Soviet states, some of whom breached networks while honing their security skills.

Now they spend hours on end pouring over monitors that collect data feeds from networks across all but a handful of the state’s utility companies.

Despite a lack of university degrees and formal security certificates, these young men were hired by managed service provider Earthwave, which counts government bodies as half its clients.

The former hackers -- experienced exploit writers and systems poppers -- are now charged with recruiting new blood for Earthwave, and seem to view education portfolios as padding.

Instead, Earthwave's recruitment process is designed to draw out technical prowess. In early rounds of hiring, hopefuls have to beat a live capture-the-flag hacking challenge to demonstrate their skills and progress to further challenges.

Recruiters appear to have looser restrictions than those publicised by some high-profile security firms. 

While it doesn't employ current black hats anywhere in the business, all job vacancies are open to former hackers without criminal records.

Convicted, former hackers are barred from the security operations centre (SOC), but may work in R&D, strategy or sales roles.

One Earthwave hire was a skilled security researcher from India, where he had scratched out a living by reselling his neighbour’s hacked wireless connection.

Another -- who works in the sales and strategy areas and not in the security operations centre (SOC) -- hacked the Australian Taxation Office in the early 90s and was later arrested and jailed.

The former hacker, who could not be named, said the security infrastructure protecting the ATO was then almost non-existent.

"It was just too easy ... We saw a few classified things, but we didn't break anything. It was just incredible to us to see how easy it was to get around."

Others working behind the bomb-proof walls of Earthwave’s multi-million-dollar SOC shared similar tales.

Many had learnt security the same way: as geeky school kids fascinated and obsessed with exploring the seemingly limitless freedom that the internet afforded.

At least two Earthwave staff members were former colleagues in hacking gangs of the 1990s.

"I learnt much more doing my own research in the dead of night than I did in university," said one, on the condition of anonymity. "I teach myself still rather than go to courses."   

According to Earthwave's chief executive officer Carlo Minassian the former hackers' experience in reverse engineering and writing malicious code helped them to identify complexity in what others may see as mundane attacks against customer networks.

"You need a hacker to catch a hacker," he said. “These guys from India and Brazil, they have to work damn hard to make money and they are really very good."

Minassian founded Earthwave more than 12 years ago with his brother and two friends who were qualified CISSPs at the time, after his family fled Iran during the Iraq invasion of the 1980s.

About half of the 40 SOC engineers were overseas hires who immigrated to Sydney to work for Earthwave. Minassian and another local engineer who runs the technical interviews said foreign hackers were generally more skilled and worked harder than their Australian counterparts.

Hacking laws may be more relaxed, or perhaps even non-existent where some staff were hired. But Minassian insisted that every effort was made to ensure candidates were not engaged in illegal hacking.

"It is very important that the people we are hiring are not active hackers. We suss them out over many meetings -- they are sometimes naive and will often easily give up what they are doing." 

Engineers working within the SOC must first pass “comprehensive” background checks by the Department of Defence and hold appropriate clearances that allow them to access sensitive government information. 

Earthwave also has several staff who perform research and development from their home countries and must pass what the company claimed were rigorous audits by staff.

They were denied direct access to sensitive customer SOC data and were instead fed sanitised feeds to help engineers correlate data sets and identify potential threats.

But candidates could not work within the SOC if they had criminal records or were found to have maintained blackhat activities. Minassian said those people were sniffed out during interviews.

Investigations

On a large monitor pinned to the front wall of the SOC, coloured lines envelop a map of the world linking dozens of countries to Sydney IT networks. Each line illustrates IP addresses that were attacking Earthwave customers.

Using intelligence gathered on the attacks, engineers could hone in on physical locations of the offending machines. That information could then be relayed to police.

Read on to page two for how Earthwave investigated attacks by staff and former staff of McDonald's and a Federal Government agency.

Copyright © SC Magazine, Australia


Former hackers protect NSW's critical infrastructure
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  23%
 
Westpac
  19%
TOTAL VOTES: 1515

Vote