Corporate Security
How to see the cyber and disappear completely After 20 years of research, we have condensed our hacking experience into two innovative products: A cyber radar system that visualizes, measures and controls the whole cyberphysical space, and a moving target security solution that makes data traffic and networks invisible to the outside world
Technology to the core
By Nicolas Mayencourt CEO of Dreamlab Technologies Group
Over the last 20 years, I have attacked and penetrated my client’s networks and infrastructures. When I started my business as a professional hacker in the late 90s, the topic was a marginal one, followed only by a small, peculiar but very skilled community. We literally penetrated our customer’s infra¬struc-tures to the core – to the bits and bytes. During these years, IT developed into being the most central element of modern societies, from running banks, telecoms or governments to our very own pocket smart phones. Nothing works without it – we are completely dependent. “Cyber” has become “physical”. It is part of the world we live in: houses, doors, cars, planes, trains ... But the technology used to transfer data over networks is still the same, with all its weaknesses and vulnerabilities. It was envisioned forty years ago in a research project within trusted peers. With the effect that, as Verizon states in its 2016 Data Breach Investigations Report, “no locale, industry or organisation is bulletproof when it comes to the compromise of data” . Insecure by design This technology has been developed to reliably transfer data. It has not been designed to be secure, private, or confidential. Therefore, cyber-crime has become a very profitable business,
44 | Australian Security Magazine
reporting an average cost of AUD 5,2 Million per data breach in 2015 . Politics are influenced by state sponsored cyber-activities. While there are still very serious allegations on the US Presidential elections back last year, decision was made by Dutch authorities to roll back electronic voting on the march 2017 government elections. Media reported that there were concerns on Russian interfering those systems . And without being fully aware of it, we are already critically exposed to the danger of remote killings by cyber terrorists, as allegedly disclosed by WikiLeaks on their latest dump of CIA papers . Time for a change in cyber defense For 20 years, I fought cybercrime. I discovered malicious attacks and tricky frauds, web-based criminal organisations, disguised terrorists. While studying their methods and “business models”, I began to ask questions: “What if we could change the concept of our networks fundamentally? What would it need to prevent attacks and crime once and for good?” One possible reaction (and not the worst) is: Back to manual / pre-IT methods (i.e. counting votes by hand in the Netherlands). Disappear from cyber-physical space by not using it anymore. But, this means surrender. Another one is the common practice of bug fixes, patches, hardening. But, this is no active defense, just a reaction and always one step behind the aggressor, as proved by the continuous stream of