Cyber security is a buzz word these days, as the international media is littered with breaking news on exploits and malware affecting millions of PCs world wide. Mostly what we hear or see in this respect is through foreign news sources, but that is set to change, largely because of local initiatives such as Pak Con.

Pak Con is a non-profit research organisation raising security awareness in Pakistan. Like-minded experts teamed up with professionals and active members of the local security community to create a pool of resources, sharing their findings and knowledge and making them public through the annual convention.

Earlier held in 2004, this year’s Pak Con event opened to a packed hall with 200 attendees at a local hotel, with a mix of technical and at times riveting presentations plus a hacking competition. The event, held on December 12 and 13, 2005 was advertised through mailing lists, keeping in consideration that it was meant for professionals who were interested in the technological aspects of cyber security.

Faiz Ahmed Shuja, the organiser and president of Pak Con revealed the purpose and scope of the event, “We believe that the corporate sector has to start taking information security seriously. Since businesses in Pakistan have started going online, they are going to face various threats. That’s the reason we have selected highly technical in-depth topics about information security, so that organisations can be aware of such threats and ensure better protection”.

Jamil Valliani from Microsoft’s Secure Windows Initiative (SWI) team took the floor and talked about the Secure Development Lifecycle, whereas Ben Nagy, a representative from the eEye security organisation, presented a discourse on the attackers guide to anti-exploitation technology for Windows. Throughout the convention, talks were held covering issues such as Pakistan’s cyber laws, incident handling, security of Web applications, computer forensics, malware, software bugs and the Metasploit Framework. But one of the most important topics discussed at the convention was, banking. Honeynet Pakistan, a subsidiary of the Honeynet Project which is dedicated to improving the security of the internet by providing cutting-edge research for free, declared that it had been successful in netting a group that was attacking online banking applications. The audience was all praises for the team as the Pakistan Honeynet Project presentation were one of the best on offer, from the local speakers. They disclosed the profile of a local attacker group involved in credit card and bank frauds and also revealed details about their motives, tactics employed and how Pakistan Honeynet Project was able to track them down.

The other international speakers who were present, not only provided insightful information but also lauded the efforts of the young Pakistani professionals and enthusiasts working diligently to raise security awareness in Pakistan. Majority of them, nonetheless, were of the opinion that Pakistan was in need of updated information regarding security and training of dedicated teams to strengthen the defense strategies of the corporate and non-corporate sectors.

There was a great deal of audience participation as pertinent questions were raised and lively discussions ensued between the speakers and the audience. The sponsors of the event were very particular about their non-disclosure policy when it came to naming sources, which was observed religiously throughout the convention. On the down side, participants of the convention were not provided with a CD of all the presentations and lectures, as the organizers preferred to make the material available through their website.

Towards the end of the convention, a hacking competition was held in which revered local techies and IT students battled their hearts out. The purpose of the competition was not to highlight hacking skills but instead to draw attention to what kind of security lapses can allow hacking to occur and to uncover discrepancies and loopholes in cyber security measures. With initiatives such as these where hackers help to expose and rebuild the defense systems, it seems that the term ‘white-hat hacker’ might just defeat the negative connotations that have been associated with ‘hacking’ in the past.

Paving the way for yet another first, Pak Con is now gearing up to host SANS Stay Sharp trainings in Pakistan, early next year. The SANS Stay Sharp program aims to provide specialised training sessions on a specific area of expertise such as auditing, operations, legal, management and information security skills. SANS Stay Sharp has plans to tailor the training sessions to be held in Pakistan, depending on the kind of feedback, regarding the level of awareness, given by participants at Pak Con 2005.

 

	The Sites
	PAKCON – Pakistan’s Cyber Security Convention www.pakcon.org