Abdel Rahman Ahmed - Cairo
In recent years, many Egyptian researchers in the field of cyber security have been able to present strongly in the field of what is known as "moral penetration", as the lists of honor of the major sites are not devoid of Egyptian names, in recognition of their contribution to providing a safer Internet and technology.
According to the information security business report for 2019 issued by the "Hacker One" platform - the largest forum specializing in the management and follow-up of pirates or moral hackers - Egyptian hackers activity increased on the platform, and they ranked seventh in obtaining rewards during the past year, where they reaped about 750 thousand dollars .
And for many years, the term electronic penetration has been associated with criminal acts by evil hackers who infiltrate sites and systems, and spread viruses and malware that incur billions of dollars in losses for companies, organizations and individuals.
But contrary to the common stereotype, groups of security researchers known as moral "hackers" or white hats appeared, who make legal and authorized breaches to uncover weaknesses of systems and applications and inform their owners in secrecy to correct and fix them, and prevent their exploitation by criminal hackers known as " Black hats. "
Out of the limelight, a frenzied race between white and black hats revolves around who first discovers loopholes and system vulnerabilities.
Gaps and rewards
Because a single vulnerability could eliminate a well-known brand, or cost institutions and individuals millions and possibly billions of dollars, many major companies around the world offer tremendous rewards to those who discover and report gaps in their electronic systems.
While some companies employ researchers with skills to penetrate sites to conduct tests on their systems, other companies resort to ethical penetration platforms such as "Hacker One" and "Big Crowd", as well as "Crowd Quality", which runs penetration reward programs, and plays the role of intermediary between Companies and ethical hackers.
According to the Hacker One platform report, which includes more than 450,000 moral breaches, the number of security vulnerabilities and threats that have been reported and resolved through the platform has reached more than 123,000 vulnerabilities and security threats, and rewards have been paid in excess of $ 62 million.
Six hackers were able to get bonuses across the platform that exceeded the one million dollar barrier each.
And major companies - such as Google, Apple, Facebook and Microsoft - are creating reward programs for discovering gaps in their systems that in some cases amount to $ 1 million per loophole, and provide an appropriate way for security researchers to inform them of any problems they reach.
And last November, Google announced that since 2015 it had provided more than $ 4 million in bonuses to security researchers who were able to discover loopholes in its popular system for Android phones and smart devices.
Moral hackers or white hats are becoming more important, with reports estimated that the number of cyber attacks carried out by pirates per day is about 2422 attacks per day, an average of one attack every 39 seconds, according to a previous study by the University of Maryland.
A study by "Cyber Security Ventures" specialized in cyber crime research and cyber security market, also expected that the cost of cybercrime will rise annually to more than six trillion dollars by 2021, which means the need to fill more than 3.5 million new jobs in the field of information security.
Among the Egyptian names that have emerged in the field of ethical penetration and penetration testing is the young security researcher Mohamed Abdel-Baset El-Noubi, founder and director of cyber security at the Mexico-based Security Security firm.
Since the Nubian first discovered a vulnerability on Facebook in 2013, the annual list of honor issued by the social media giant has not been without its name.
Speaking to Al-Jazeera Net, Al-Nubi said that his trip with the discovery of the gaps included many sites and big names in the world of technology and electronics such as Google, Microsoft, Twitter, Yahoo, Sony, Apple and Samsung, and famous sites to host files such as Mediafire and forever, and even major antivirus companies such as Kaspersky, Symantec and Avast And McAfee.
And the cyber security expert considered that the most important and most dangerous holes he discovered were related to the American Airlines company "United Airlines", as the vulnerability enabled him to access the personal data of all passengers on the airline's lines.
Given the severity of the vulnerability, the American company awarded him a million-mile bonus for free travel.
On the methods used by the Nubian to find the gaps, Nubian explained that he is studying in depth the goal and knowing the technology used in its construction, and tracking the known gaps in this technology - the most important of which are the ones classified in the list of ten most dangerous holes issued by the organization "USB 10" whether for mobile phones or the web.
He added that he also depends on data leaked through previous breakthroughs, in addition to the "Fuzzing" method, which is a method that depends on sending many random inputs to any system or application, and following up his reaction to these inputs.
The Nubian indicated that he sometimes encountered difficulties in dealing with some large non-governmental institutions in Egypt and abroad when he discovered a serious gap in their systems, between questioning the gap or underestimating it despite its seriousness, or demanding exaggerated assurances regarding clear gaps.
This is due to the lack of professionalism among those responsible for cyber security in these institutions.
Passion and human value
On the motives for his continuation in this mission, Nubian says that it is multiple - and if it differs in its priorities - there is a passion for technology and proof of excellence, and the human value in protecting society and users from the risks that threaten their privacy, money and perhaps their lives, as well as the fact that moral penetration has become an important job with a large material income .
Nubian provides through its accounts on the communication sites the most important news and advice related to information security, with the aim of raising security awareness of the average user, and alerting him to the escalating electronic risks.
The security expert warned those wishing to enter the adventure of hunting the gaps and moral penetration, from being involved in the processes of examining any target (whether it is a site, a system or an application) without the owner’s permission, especially if the target does not provide rules for reporting the vulnerabilities (Responsible Disclosure Rules), or a program Bug Bounty Rewards, because this is a legal offense in most countries.
The Egyptian law against information technology crimes includes many penalties, including imprisonment and a fine for anyone who hacks any website, or accesses unauthorized data, whether intentional or unintended, and moral penetration is not exempt from these penalties.