By Kuah Guan Oo
Pic by Marina Ismail
SERDANG, 30 April (UPM) – People say it takes a thief to catch a thief and probably by the same token, it will take a hacker to catch a hacker?
If that is true, then how do you teach your students how to hack (which is a cyber crime) without infringing the law, so that they can learn to detect and prevent hacking.
The answer lies in an ingenious web-based teaching platform developed by Dr. Ali Dehghantanha (http://fsktm.upm.edu.my/~alid/) a senior lecturer of Universiti Putra Malaysia (UPM) who has allowed his computer science students to hack away without fear or guilt.
Dr. Ali of the Faculty of Computer Science and Information Technology (FSCIT) said the teaching platform is a mock-up of the real world that was specifically designed for lecturers to teach their students about hacking and how to detect and prevent this cyber crime.
He said the “Pervasive Cyber-Security Education System” (PCSES) teaching platform “guides users on web security application materials in a unique way that utilises a fully controlled environment.”
“We teach the theories and principles but PCSES allow the students to experience them in a hands-on learning situation,” he said.
Dr Ali, 30, who hails from Mashhad, the 2nd largest city in Iran after the capital Teheran, obtained his Master and Ph.D degree in security in computing from UPM where he was offered the senior teaching position upon his graduation in 2011. He graduated with a Bachelor degree from Mashhad University, some 850 km east of Teheran.
At present, his research focus is on recent trends in digital forensics, penetration testing, and practical research in computer security.
He is also the founder of the annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)” as well as editor-in-chief of the “International Journal of Cyber-Security and Digital Forensics (IJCSDF)”.
He explained that what were helpful to lecturers were the hints embedded in the system which would prompt the students to hack a bank, newspaper or a school.
If a student fails to do so despite the hints, the system will link up directly to the lecturer who can then come over to the student concerned, to help him or her.
“We don’t leave the students to learn in the dark,” he said.
The system also allows the lecturers to know where the students are weak or where they have failed to grasp the principles so that the lecturers can spend more time to explain to the students in the lecture rooms.
The PCSES platform has different levels, from basic to the advance level for students to master the skill.
Yet, said Dr Ali, the hackers are always ahead of them all in the “Wild West” of the cyber world where billions of dollars are lost to cyber thieves.
More than US$1 trillion were lost to digital fraud, thefts of intellectual properties and damage to corporate networks in 2008 alone.
“What we also do is that we teach digital forensics where we use reverse engineering to verify products to detect hacking, malware, viruses and Trojans and so on,” he said.
Where a computer system is found to be hacked, say, in Malaysia, Dr Ali said they were duty-bound to report to the authorities. Where a malware, virus or Trojan is detected, they were to report to the content security companies like McAfee, Norton and Trend Media.
“In return, these companies would provide us with grants for more research,” he said, adding that UPM would need to have a specialised marketing team to talk to these antivirus and cyber security corporations which are making billions from the sales of their products.
“The legal framework is already there for UPM to sell our research findings on cyber breaches but what we lack is the marketing people to talk to these corporations,” he added.
Dr Ali said when UPM first started the web-based PCSES platform about two years ago; it had only 10 pages or so. To date, it has more than 10,000 pages from more than 1,000 cases of hacking reported and incorporated into PCSES.
Under the PCSES arrangement, Dr Ali and his fellow researchers would verify any report of hacking or cyber crime before the case is put into the PCSES platform to students to study.
Apart from UPM, the Asia Pacific Institute of Information Technology (APIIT) is also using PCSES for teaching its students.
Two other universities, a Malaysian and an Australian, are currently trying out PCSES for a six-month trial before they sign on the dotted line.
For all his hard work which had been patented, Dr Ali was awarded the Gold Medal at the Malaysian Technology Expo (MTE) 2013 last February, where the researchers and scientists showcased their inventions and creativity. – upm
For enquiries, plse contact
Dr Ali Dehghantanha
Tel: +603-8947 1655
43400 UPM Serdang
Selangor Darul Ehsan