Are you an ethical hacker? Help Dubai battle e-crimes

Dubai - White hat hackers, or 'white hats', are individuals employed by organisations to find vulnerabilities and security holes/bugs.

Technology experts in the UAE have applauded a move by the Dubai Police, which will see them seek cooperation from white hat hackers to help combat cybercrimes and protect big data in the emirate.
Speaking to Khaleej Times, Col Saeed Al Hajri, director of the cybercrimes department of the Dubai Police, said it put a call-out to white hat hackers (ethical security researchers who find bugs in software and IT services and then work with the affected parties to fix the vulnerabilities), so as to utilise their expertise in helping ensure cyber security of companies functioning across the city.
The directives came from Major-General Abdulla Khalifa Al Marri, Commander-In-Chief of the Dubai Police. During an annual inspection visit to the cybercrime department, he instructed Col Al Hajri to cooperate with companies and white hat hackers to report illegal and suspicious activities. The department also launched an online platform to prevent e-crimes (ecrime.ae), where people or companies can send reports about such activities.
Why work with white hats?
White hat hackers, or 'white hats', are individuals employed by organisations to find vulnerabilities and security holes/bugs within the organisation's digital systems. 
Speaking to Khaleej Times, Bilal Baig, technical director for Middle East and North Africa, Trend Micro, said these findings are then used to "proactively protect the systems against potential attacks", which can translate into a long list of scenarios, including loss of revenue, brand recognition, and unavailability of critical services. 
"This public call-out from the Dubai Police is a brilliant approach to utilise the community to address the critical nature of today's sophisticated attack. This is effectively bringing the white hat community together to find the vulnerabilities in Dubai entities and get recognised."
The term "ethical hackers" is widely used to distinguish them from the black hat hackers, who are at the opposite end of the spectrum, using fraudulent means for financial gain or simply to disrupt businesses.
Last month, Lt-Col Al Hajri posted a message on his LinkedIn page thanking Solomon Jesudasan, a white hat, who used the ecrime.ae platform to report a security gap in one of the local government owned entities in Dubai. In the message, he reiterated that "white hat hackers who report any security breach (or bugs) through the mentioned platform will be rewarded a Certificate of Appreciation from the Dubai Police".
Speaking about the move, Jeff Ogden, general manager of Mimecast Middle East, said the idea to "reward responsible disclosure in the public sphere" may further encourage white hats to come forward and lead other private organisations in the UAE to adopt similar policies.
"The world's largest software companies realise that the complexity of IT means they can never identify all potential weaknesses themselves. Responsible disclosure schemes that reward white hats help reduce the time that vulnerabilities are left in the open."
Commenting on the kind of systems and data that are most at risk in somewhere like the UAE, Baig said protection of individuals' private data here is critical, especially considering that the UAE is number one in the region by the UN e-smart services index.
"Digital transformation has rapidly increased, which has put government systems like e-payment, critical services, and healthcare at risk. If we add the wider local economy, the risks are multiplied for private organisations."
On Ogden's part, he said all systems and data can be targeted, "but data in the cloud may be an easier attack vector for cyber criminals".
"Of course, more than 70 per cent of corporates' data is on email so this remains the number-one vector used to execute cyber attacks like malware delivery, phishing, protecting your cloud email should be your highest priority."
Describing the Dubai Police's public call-out as "very forward thinking", Mechelle Buys du Plessis, managing director of Dimension Data UAE, said very few governments around the globe are collaborating with 'white hats' like this.
"Recognising that cyber security is a necessity is a huge, especially given Dubai's fast approach to digitisation on a government level. This move proves that the Dubai Police are taking ownership and encouraging the community to get involved with prevention of e-crimes."
Just because policing authorities across the globe have e-crime departments, du Plessis said individuals within these specialist departments may not always know, or be aware of, certain breaches. And that's where white hats can be put to use. "Black hat hackers are always one step ahead. I think opening the prevention approach up to a broader community will give it broader coverage. The Dubai Police have specialists on the case, but they are also saying 'you can help too'. It spreads awareness."
With cyber security one of the biggest enemies in a world that is quickly moving towards digitisation, Ogden said a "defence-only security strategy alone" is not designed to protect against the level and volume of advanced attacks.
Real cyber resilience combines "prevention with a durability plan" to keep business operations running during an attack or failure.
But with ethical hacking now a global trend, more organisations are leveraging these specific talents to evoke positive change. And the Dubai Police is now one of them.
kelly@khaleejtimes.com, amira@khaleejtimes.com
 

• UAE
• Dubai