Reporter: Ehsan Movahedian (ehsan [at] taliyanews.ir)

Tehran, May 22, Taliya News – Security is of topmost importance at virtual atmosphere; it should be regarded most painstakingly.
The above mentioned two messages were the most important message conveyed by Dubai IT Security Conference, HITB2007, held in early April, 2007.
You might initially argue that the matter is crystal clear, needless of reiteration at an international IT conference and enduring the hardships of taking a trip to a foreign country and paying the expenses of attending a two day gathering. Yet, the main point can be summarized in the saying “The taste of the pudding in its eating!”
Attendance among a large group of highly qualified IT technicians of the world and seeing and hearing about the actual threats at virtual atmosphere, with which we are entangled in our work and heeding our personal affairs every moment, helps us make sure that the threat is of significant and urgent importance in order to guarantee our own personal privacy, and occupational security.
Watching the tight competition among hackers trying to win the US $3,000 prize for hacking the vulnerable servers and lots of other observations at the gathering are all red alarms to familiarize anyone with the severances of the threats at virtual atmosphere.

More details about Dubai gathering
HITB is a Malaysian company, whose name is the abbreviation of the phrase “Hack in the Box”.
This company, whose only professional capability is organizing professional training courses and expert level IT security seminars, has since a few years ago sponsored several such gatherings in the Middle East.
Bahrain’s capital city, Manama, and the economic capital of UAE, Dubai, have been the cities that have so far hosted such gatherings, and of course, keeping in mind the strong IT infrastructure at Dubai and the appropriate facilities at disposal of the conference this year, the city would be the sponsor of HitB2008 Conference, as well.
HITB2007 had thee separate sections, namely the training workshops, held on April 2nd and 3rd, at which only those participants that had paid the high costs of attending the courses could attend.
You might be interested in knowing that the costs of attending those workshops was from 1,200 to 1,500 US Dollars and the four topics trained at them included how to hack the advanced web-based services and virtual programs, creating interferences and penetration into VOIP services, analyzing the current threats while installment and launching of networks, and finally, how to properly forward information packages within the networks.
The second section of the gathering was on competition among hackers aimed at winning a US $3,000 prize for hacking tough sites. The title of this ever since the year 2,000 every year is “Capture the Flag”.
This year’s competition at that section was subtitled “Attack Only.” It meant that the competitors were asked, rather than attacking the others and defending when encountered with attacks, to try to penetrate into a number of tough servers that were assigned to them as fast as possible, and before the other competitors, at any rate.
The specifications and programming of the servers to be hacked differed greatly with one another, some of which were even quite perfect from security point of the view.
The maximum number of participants at this section was 20 hackers, but only three teams, each comprised of three hackers, had applied for competing at the contest. Each team was called an “Eleet, NDMTEAM, Army Strong.”
Those three groups were affiliated to the US Army, Dubai Police Force, and a Bulgaria Entity. The interesting point is that none of those three groups managed proceed even from the first to the second stage of the contest, despite their arrogant claims on hacking!
Only the Bulgarian team gained some relative success. The defeat of these teams, particularly the US Army team’s defeat, was broadly reflected on Internet websites. This competition is scheduled to be held again at HITB’s Malaysia Security Conference near the end of the summer of 2007. The US Army hackers, too, have promised to take part at it again and to be successful this time! All in all, personal observation of the horrible creatures, called hackers, that have become the nightmare of many financial and sate organs, credit institutes, and major world trusts and cartels was rally fun.
On the sidelines of that contest I noticed that the Malaysian sponsor of it, the Scanit Company, has also in a bid to attract the intelligent and capable hackers, entered negotiations with the talented participants!
But beyond doubt, the most important section of the conference was the general lectures, attending which was of course in need of paying five hundred dollars, but we, as the special guests of the conference’s organizers, were allowed to attend them free of charge.
In addition to the reporters of a number of Middle East press and media, and journalists, experts from around the globe, such as technicians from such gigantic firms as the Microsoft, Cementech, Mozilla, F Secure, HP, Telesapce Systems, FMA-RMS, Pointsec, and half a dozen other conglomerates had participated at the international event.
Listening to the extremely interesting addresses by the representatives of such companies, and particularly having friendly chats with them in pursuit of their genuine ideas was a great asset for the eastern IT experts.

F-Secure's power on display
The Research & Development (R&D) Manager of the Finnish security firm F-Secure, Mikko Hyponnen who gave the keynote address at the opening ceremony of the conference had the broadest audience and gave the best lecture. Of course, before him the head of UEA Regulatory Organization, Mahmoud Nasser al-Qanim welcomed the participants at the event.
Hyponnen with his unmatched proficiency took advantage of the Power Point he had prepared in advance and put on display a small sample of F-Secure's capabilities, whose fame and reputation in Finland is as high as Nokia's.
He has been active in virus analysis filed as of 1991 and has offered consultation services to IT companies like Microsoft, and IBM, as well as state organs like the FBI, the CIA, and Scotland Yard, and international bodies like the Interpol.
At 35, Hyponnen is today the leader of a team that has in 2002 presented a strategy for warding off the threat of the "Slapper Worm", in 2003 decreased the threat of the "Sobig.F Worm", and in 2004 been the first person to warn about the threat of the destructive "Sasser Worm". He is a serious fan of the computer games and lives with his family at an island along with a large number of wild deer. He told me that one of his favorite and most exciting experiences and hobbies of his life is driving at 300 KM/H over the frozen waters that surround the island where he lives.
Hyponnen also feels lucky there is no sign of the city traffic along the route he paves form home to work and vice versa, since otherwise a little push on the brakes could mean serious disaster for this highly qualified security expert!
After so much beating around the bush, it is not inappropriate to inform you also that Hypponen knew absolutely nothing about Iran and his information on our country was limited to a few news reports and films broadcast on TV. He believes judging by the few conversations he has had with the Iranians he can say with a high degree of certainty that we are a highly civilized nation. The Iran-US tension was another issue about which he knew nothing!
It is interesting to note that in ICT field, his first question was the status of Internet filtering in Iran. He wished to know whether the Iranian officials, too, are as hardliner about the matter as the UAE officials are, or not. That was because noticing being blocked of a number of websites to which he wished to refer during his keynote address has seriously bothered him.
When I told him that the GPRS and MMS are new phenomena in Iran he gazed at me astonished for a few seconds and that made me stop informing him about the ICT status in our country furthermore.
One of the interesting characteristics of Hypponen is that he heeds his professional affairs round the clock using his laptop, that he is never detached from. I remember very well that during one of the lectures when everyone was silently listening, he suddenly began stoking on the keys of his laptop and the signs of excitement were easy to observe on his face.
At the end of the lecture we found out that he had detected a new virus and provided his colleagues in Finland with the necessary information to counter it.
And finally, let us also take a look at the highlights of Mikko Hypponen's lecture. After giving a brief background about the 24 hour activities of his colleagues and him at security field – form PCs to mobile devices – and that he has a collection of over three million various viruses, Hypponen reiterated, "The new second-by-second virus programs reach F-Secure Lab, and our work aimed at annulling their effects and destroying them begins then immediately."
He then put on display the virtual laboratory of his affiliated firm and its sections, elaborating on technical features of each virus on screen shots of the polluted computers. Scanning the processes of the work done and displaying the graphical pictures to make easier understanding the nature of the viruses' destructive power were among the other capabilities of F-Secure's virtual labs, that Hypponen put on display.
During his lecture Jypponen meanwhile cunningly pulled the legs of his firm's competitor companies, Symantec, Microsoft and MacAfee, whose representatives were present at the gathering.
In the next phase he talked about the 24 hour online report collecting system of F-Secure that has representatives around the globe. Another masterpiece achieved by that company is the establishment of a report collecting system based on the Google Earth software and identifying the destructive IP's through that system. That process helped F-Secure to collect further information on viruses from around the globe. He then classified the various objectives of creating destructive viruses by their makers, as follows:
1. Designing DOS attacks
2. Stealing credit card numbers
3. Stealing e-mail addresses
4. Stealing the passwords of such websites as the Paypal and the eBay
5. Stealing the passwords of online banking systems
6. Stealing the passwords of the shareholders

He then elaborated on the various natures of virtual robbery in comparison with physical theft and the toughness of combating the former type, particularly from the legal point of the view.
Hypponen meanwhile seriously criticized the users that buy goods through the sites of obscene sites, arguing, "Such people expose themselves to virus attacks and online robberies. Elaborating on the high profits sacked by obscene sites, he pointed out the interesting fact, "The organizer of an obscene site earns at least 100 US dollars per day, even if one 0.001% of the receiver of such sites would reply."
He continued his interesting address talking bout the dangerous phenomenon of "Phishing", that according to him, in order to launch such attacks usually very ordinary letters are forwarded to individuals, so that the receiver assumes that a bank, a reputable credit institute, a security firm, or a renowned company has sent them. In such letter the users are under a pretext requested to enter classified information in another internet page whose e-mail link is attached. The users thus expose themselves to the threat of losing their assets at banks because such pages are designed by Internet burglars. According to statistics, 24% of such sites are hosted in the United States, 14% of them in South Korea, 8% in India and the remaining 6% in China.
He suggested the only way to remain intact from the threat of such attacks is not to open suspicious the e-mails, disregarding the unknown attachments and not giving personal information at sites that are not reputable.
He said it is difficult to warn and train the public about such serious threats just as it is too hard to stop the functioning of such sites and to identify their owners. He referred to www.volt.hk site for instance, and opened it for the audience, at the time whose homepage shoed the "host locked" sign. But if you had opened the www.volt.hk/client.cfm yuowuld have seen a design exactly the same as that of the US Bank.
The organizers of that site had pretended to be the representatives of ten various US banks resorting to that trick.
He said there is and archive of various types of "Phishing" sites at F-Secure, the details of functions of each, their addresses, and the type of the frauds done suing the information collected by them were classified at that lab.
The Trojans that set ambush to rob the information of the users of the websites of the banks were the subject of another part of that lecture.
He also reiterated there are lots of people that are interested in buying such Trojans. Buying and selling the traffic of computers that are polluted with various types of viruses was another subject Hypponen focused on. He then decoded some Trojans written by a Russian youth. That cunning hacker had at the end of his code writing informed his friends about his robbery of tens of millions of US dollars, as well as an expensive car through the same method, even mentioning the plate number of his car.
The Finnish lecturer's other subject of discussion was the goal oriented attacks. According to Hypponenn, today the majority of viruses are created for home users and the viruses are made for the office users. Even the e-mails that are sent aimed at destroying are designed in a way that the users would assume they are sent by their own company's colleagues.
He said that China is the most active country is purchasing and robbing the classified information of the world companies, next to which stand Russia, the USA, and Brazil. Hypponen at the end of his lengthy, but very interesting address introduces a number of famous hackers and viruses to the audience, showing their photographs and elaborating on each. Stealing the people's share and selling them to others at much higher prices, online sales of stolen bank accounts, and… were among the activities of such people.
He at the end chanted the slogan that goodness would prevail over badness, although the security threats at virtual atmosphere are apparently rapidly increasing.

To be continued

Related: HITB Security Conference in Dubai website
Some conference videos: