It took only two quiet minutes for Marshal Webb to hack the Dubai Police website and take it offline – a move that would normally be a criminal act.
Fortunately for him, he had permission from the senior officers.
The exercise was performed live on stage at the Gulf Information Security Expo and Conference (Gisec) as an example of how hackers can penetrate even the most secure institutions.
Mr Webb, from the United States, runs his own security consultancy called Path Network, which advises public and private entities on how to defend themselves against hackers, a problem he says will increase dramatically over the course of time. the next few years.
Hacking is really about finding mistakes, and the more assets an organization has, the more likely it is to have made a mistake somewhere.
Marshal Webb, hacker turned security consultant
Mr. Webb may be a force for good now, but he hasn’t always worked on the right side of the law.
Ten years ago, he was a world famous teenage hacker and a member of Lulz Security, a group of hackers who sought to breach commercial and government systems.
The group has claimed responsibility for several high-profile attacks, including a hack in 2011 when the personal data of around 100 million PlayStation users was stolen from Sony’s servers.
Where does the interest come from?
Mr Webb said he was 12 when he turned to hacking. He did this mainly out of boredom while growing up in a remote rural community in southwestern Ohio, he said.
âThe computers were interesting and it was a way to explore the outside world and to get out a bit – a chance to access things, to learn how things worked,â said Mr. Webb, 28.
Mr. Webb was a lot smarter than most kids his age, and he went to college when he was 12.
He quickly went from hacking simple websites to more complex projects, which he is willing to talk about little about, possibly for fear of legal action.
âMy first high profile hack that was documented was Eidos-Montreal, for a game that had been released called Deus Ex“, he said, describing an incident discovered in 2011.
Eidos-Montreal’s parent company, Japanese video game maker Square Enix, said 25,000 email addresses could have been stolen in the attack, along with the CVs of 350 potential employees.
Within months, Lulz Security collapsed in a very acrimonious manner, and some members denounced Mr. Webb for his role in the Deus Ex To hack.
âPiracy is a very competitive field,â he said.
“When hackers work in groups, there is always a lot of false flag attacks and highly competitive shenanigans and actions against each other.”
Mr. Webb found himself on global law enforcement radars and realized he had to go straight – or undertake what hackers call “white hat” activities.
The changing face of hacking
Since then, he has received a Network Security Medal for uncovering vulnerabilities for the US Air Force, Army, and Department of Defense and Control.
He also hacked into the Pentagon, which he said was easy.
“With the Pentagon and with any other organization, the bigger they are, the easier they are to hack,” he said.
“Hacking is really about finding mistakes, and the more assets an organization has, the more likely it is that it has made a mistake somewhere.”
Many hackers are criminals who commit deeply intrusive acts, often for nefarious purposes.
The Cybersecurity Ventures research group has predicted that cybercrime will inflict damage worth around $ 6 trillion in 2021.
He said costs could increase by 15% each year over the next five years, reaching $ 10.5 billion by 2025.
State-sponsored hackers and organized crime gangs now dominate the market, with the introduction of digital currencies making it easier to extort money without getting caught.
âPiracy has really matured over the years,â Mr. Webb said.
“A lot of what we did a long time ago wasn’t very destructive – it was very exploratory in nature.”
The growth of the industry is evident in the proliferation of articles on piracy in recent months.
In May, a group of hackers called DarkSide shut down the Colonial Pipeline, a critical US artery for transporting fuel. The company paid a ransom of nearly $ 5 million in cryptocurrency to regain control of its systems.
DarkSide has since announced its disbandment, but it has received more than $ 90 million in Bitcoin from 47 victims, although it has only been operational since August, blockchain analytics firm Elliptic said.
In 2019, another group of hackers struck tech company SolarWinds and gained access to the networks of several U.S. government agencies and around 18,000 other customers. Its malware went undetected for almost nine months.
Why your fridge could help a hacker
Cybersecurity Ventures predicted that there would be a ransomware attack on businesses every 11 seconds by 2021, up from every 40 seconds in 2016.
Mr. Webb said he agrees with this assessment because people have more web-enabled devices in their homes.
âIn terms of sophistication on the attacking side, I think it’s going to get worse before it gets better,â he said.
“We haven’t seen the security position harden on the manufacturing side, so a lot of these basic devices are just as insecure as they were 10 years ago.”
Cybercrime has certainly increased over the past 12 months, in part because millions of people are working from home because of the pandemic.
Dubai Police recorded 25,000 electronic crimes last year, up from 14,000 in 2019.
As habits change, many people may choose not to return to the office full time, leaving businesses to catch up on their remote cybersecurity efforts.
Some businesses might need to restrict their online activity in the future to stay safe, Mr. Webb said.
âBusinesses, governments and individuals can really help protect themselves by reducing the attack surface they have,â he said.
“The less material they have online, the smaller their websites, the less computers they have connected to the Internet, the less likely there is a way to get in.”