From: The Daily Star
BEIRUT: Clad in black converse emblazoned with the Batman emblem, jeans and a bracelet reading “HACKERS,” Jayson Street approached a Beirut bank last week. “I’m the IT guy from headquarters,” he told employees, in a thick American accent.Despite his manifest tech savvy, Street is not an IT guy, per se, and he wasn’t sent from headquarters.
“Once I fixed the computer, the manager was letting me behind the teller line,” he told The Daily Star. “I got an employee to give me his user ID, his password, and I got his smart card for his system.”
He stole a computer from another branch of the same bank in the same way and, in a third breach, worked his way into the bank’s computer room and logged onto their network.
Were Street a criminal, he could have committed a million dollar wire transfer with just a few clicks.
Fortunately for the bank, however, Street is an information security expert paid to test the vulnerability of companies’ networks and databases.
“People pay me to be the bad guy before the bad guy shows up,” Street explained.
“We create that moment saying, ‘This is how bad it could have been if we were the bad guys.’ I call it a high-threat, low-impact event.”
Nearly a year ago, Street and his colleague, Khalil Sehnaoui, established the Beirut offices of Krypton Security, an information security and risk management company.
While Krypton works to secure data for all different kinds of companies, large and small, Street lists financial institutions first in his business pitch.
The regional need for improved digital security is great, say Sehnaoui and Street.
“What has saved the Middle East so far,” Sehnaoui explained, “is that the cybercriminals of the world have not yet realized how easy it is to attack or compromise companies or targets in this region.”
“Once they do, I think there’s going to be a cyber-bloodbath,” he said, where the carnage will consist of “stolen data, downed servers, identity theft, credit card leaks” and more.
Banks in the region, like most companies, are shockingly out of touch with the realities of cybercriminality today, Sehnaoui said.