Ethical hackers vs. cyberpirates

30 Jun 2015

Share this article

“The task of the ethical hacker is to tell us how well a system can withstand a potential attack” – Stanislas de Maupeou, Cybersecurity Consulting & Evaluation at Thales.

Highly valued by companies and organisations in the fight against cybercrime, ethical hackers are paid to track down every kind of security vulnerability in an information system. Thales employs several dozen of these specialists. Their job is to think like cyber criminals in order to beat them at their own game.

Each year, the SSTIC symposium on IT and communication security[1] attracts some of the country’s leading experts in this field to discuss the latest trends, learn about new threats and develop new ways to respond to incidents.

Prior to each year’s event, these experts are invited to take part in a special challenge devised by the organisers. This year, their task was to find an email address on a microSD card inserted into an unidentified USB device. For the third year in a row, Thales’s experts were in the top five for how quickly they solved the problem.

Thinking outside the box

Their excellent performance had a lot to do with the practical experience they have gained at the Information Technology Security Evaluation Facility (ITSEF) in Toulouse. This Thales centre of expertise[1] has around 40 leading specialists whose job includes tracking down vulnerabilities in information systems and applications — physical vulnerabilities, network flaws, web-based issues —using penetration testing and forensic tools. Their customers are major companies and organisations in fields as diverse as banking, aerospace, defence and consumer electronics.

The objective of these ethical hackers is to find solutions to counter attacks and/or repair the damage they cause. “It’s about thinking outside the box and finding ways to get around the security rules in place,” says Stanislas de Maupeou, Cybersecurity Consulting & Evaluation at Thales. “The task of the ethical hacker is to tell us how well a system can withstand a potential attack.”

Ethical hackers need to be innovative and creative, and at the same time the tasks they perform —and the kind of organisations they work for — call for a structured methodology and the highest levels of discipline. Thales’s ethical hackers form a unique community and play an absolutely crucial role in the fight against cybercrime.

More information:

Cybersecurity Consulting & Evaluation

Our film about E2 Lab – Expertise and Evaluation Laboratory in Toulouse, France

[1] Symposium sur la Sécurité des Technologies de l’Information et des Communications. This year’s event was held in Rennes, 3 to 5 June. For more information: www.sstic.org.

[2] The Thales ITSEF (known as CESTI in France) is licensed by ANSSI, France’s national agency for information system security, for the evaluation of security products integrating electronic and microelectronic components as well as embedded software.