by Lindsay Carroll,
Original Source : http://www.thenational.ae/uae/technology/uae-student-hackers-put-to-the-test
DUBAI // The task seemed malicious: to see which of 11 teams of student hackers could breach the security systems of a model town.
For many of the students, from universities across the UAE, it was their first attempt at ethical hacking, a crucial part of cybersecurity.
The event on Thursday was the first such competition in Dubai, held at the du Cyber Security Conference.
Students competed in teams from Zayed, Khalifa and Sharjah universities, as well as the American University of Dubai and the Higher Colleges of Technology. At stake was a Dh20,000 prize.
Any computer system could be hacked into, making the event very interesting for everyone involved, said Amna Al Shamsi, a 35-year-old participant from Sharjah and a doctoral student in robotics at Khalifa University.
Training in security was important for students of technological subjects, she said.
“Hacking is not a bad thing, as people might perceive it,” said Ms Al Shamsi. “They are trying to find the loopholes.”
Hackers were needed to identify vulnerabilities to make computer systems more secure, she said.
“There are certain steps that everyone has to follow,” she said.
“It’s all about finding access to the machine and what kind of attack to use.”
The student hackers set up their laptops on tables surrounding a model town with various infrastructural systems for them to attempt to breach. These included a transport system, wind turbines, power plants, an airport, a communications tower and a water treatment plant.
Behind those systems were micro-controllers for supervisory control and data acquisition, which industries use to control critical infrastructure.
The systems of the model town were equipped with different levels of security to make the competition more like a game, said Michael Benardis, a manager at Echothrust Solutions, a Greek company that worked with du to organise the hackathon.
Large screens provided real-time updates of the students’ attacks on the systems, showing the number of points they had earned, which varied by attacks and security levels. They could also earn points by discovering different city services.
Most major security conferences run similar competitions, but the conference in Dubai was only the second competition in the world that included a mock-up of the systems being attacked, said Mr Benardis. “We’re trying to educate the students about the security of smart cities,” he said.
A team of three computer-engineering students from Khalifa University won the grand prize, with other awards ranging from Dh5,000 to Dh15,000.
“It was all about collaboration,” said Hamad Al Hazami, 21, from Sharjah, who was on the winning team.
The students had to figure out who was connecting to the system, that each part of the city had a special online address, and then scrutinise each part of the city, said Mr Hazami.
Wael Bazzara, a 21-year-old teammate from Syria, said: “We had to scan for the weaknesses.”
Last year, the world faced 253 major cybersecurity breaches, up from 156 in 2012, resulting in the breaching of 552 million identities, according to the Internet Security Threat Report 2014.
The UAE had the second-highest number of malware detections in the region, after Saudi Arabia, in the first quarter of the year, said the National Electronic Security Authority.
The hackathon showcased technological talents and encouraged them to become an “antidote” rather than a threat, said Osman Sultan, the chief executive of du.