“We had NGOs for the press, medical personnel and mental health issues, but not for victims of cyberattacks”
MAINTENANCE A pioneering humanitarian group was launched last month as Russian troops massed on the Ukrainian border. The sequel made its existence all the more necessary.
Hackers Without Borders (HWB) is a Paris-based non-governmental organization (NGO) that provides emergency infosec assistance to other NGOs and critical service providers.
Like fellow French NGO and semi-homonym Médecins Sans Frontières (Doctors Without Borders), the group emphasizes its neutrality when helping victims of armed conflict.
Made up of volunteer hackers and computer security experts, the organization will help individuals or organizations free of charge to manage the fallout from cyberattacks, protect them from further attacks, and build cyber resilience.
“We have NGOs for the press, for medical personnel and mental health issues, but not to protect and help victims of cyberattacks,” the HWB co-founder said. Florent Courtet recount The daily sip.
“We hope to change that by creating an NGO led by cybersecurity experts who can provide security assistance to those who need it.”
Curtet, a web security specialist who has previously tested systems for Interpol, the UN and the French Ministry of the Armed Forces, is one of four co-founders with a range of expertise.
Others include Pierre-Marie Léoutre, a crypto-security expert and former threat intelligence specialist at the National Gendarmerie; Karim Lamouri, a multilingual IT manager from a Parisian suburb and CEO of a security consulting firm; and Clement Domingoethical hacker, founder of the capture-the-flag (CTF) contest and participantand digital privacy activist.
RELATED Clement Domingo, Bug Bounty Manager, on Cybersecurity in Africa, Hacking Events and Chaining Vulnerabilities for Maximum Impact
Red Cross Attack
The quartet decided to form HWB after being angered by the recent cyberattack on the International Committee of the Red Cross which exposed information belonging to more than half a million “highly vulnerable” people.
On February 4, just over two weeks later, HWB launched with the vision of “a task force that could be mobilized quickly” in similar situations.
CONTEXT Red Cross servers ‘have been hacked through an unpatched ManageEngine flaw’
Curtet, also CEO of IT security services provider NEO Cyber, points out that “most warfare is now digital – warfare is not just happening with an M16 but behind a keyboard and screen – and [often happens] Under the radar.
“The objective for us is to be vigilant when a [vulnerable] a person or an institution is under attack and cannot protect itself.
“We are here to be like firefighters for people, businesses, institutions that don’t have the money, skills or information to protect themselves from today’s digital threats.”
The Red Cross was hit by a cyberattack in January 2022
Pro bono coverage
HWB’s pro bono services are based on three pillars. First, the NGO will seek to prevent attacks against soft targets by identifying vulnerabilities, sharing intelligence related to attackers’ tactics, techniques and procedures (TTPs), and providing cybersecurity awareness training.
HWB will also aim to neutralize attackers’ infrastructure through forensic analysis, triage, website takedowns, and referrals to law enforcement and National Computer Emergency Response Teams (CERTs). ).
Finally, it will support them in managing domains and profiling networks, auditing and hardening networks, and strengthening cyber defenses.
An intelligence platform for sharing Indicators of Compromise (IoC) – dubbed “NGO CERT” by HWB – is also in the works.
Recipients of this support could include charities, healthcare organizations and frontline workers around the world – against whom cyberattacks can have particularly severe consequences.
However, HWB is apparently willing to help a wide range of people and organizations.
“Whatever your religion, culture or country you live in: we are here to help everyone,” says Curtet. “We want to push for transparency and universality.”
Learn about the latest information security industry news
With such broad ambitions, Hackers Without Borders can ill afford to waste scarce resources on lower priority cases. As such, it has already rejected a number of requests for help that did not meet its “reliability” criteria, says Curtet.
“We’re here to help people who can’t or don’t want to spend $10,000 on a penetration test or security remediation company,” says Curtet.
If the criteria for receiving help are met, cases will be triaged according to criticality – what Curtet calls an “emergency pyramid”.
“It’s complicated to tackle everything, but we have a list of priorities and we will first take care of [clients related to] health, poverty and – it’s a bit tricky, but we have to do it – cyberbullying and harassment,” he says.
HWB is already screening requests for help from a health organization and two humanitarian organizations in the Ukraine/Belarus area.
“The clearance process takes a bit of time for a theater of war or impending conflict because we need to be sure we’re not helping a government,” he says.
Curtet repeatedly insists on the political neutrality of the organization.
“We want cyber peace. We will not [launch offensive cyber weapons]help with intelligence on the ground or help one government more than another – we are there as firefighters.
He adds: “We are already performing many scans and scrapes of the dark and deep web for intelligence to protect non-legitimate military targets as defined by the Geneva Conventions. »
Hackers Without Borders (from left to right): Karim Lamouri, Florent Curtet and Clément Domingo
A small team of five to seven people combined with a strong commitment to making the organization ultra-secure means that “we got 2-3 hours of sleep a night,” says Curtet. “We have hardened [systems] Like crazy. We have a very tight access control list [ACL] [for instance]”.
Thankfully, HWB’s meager resources are now bolstered.
While Curtet’s initial requests for help from IT security contacts were mostly politely declined, when the website launched, “we had over 20 [people] saying ‘I’m sorry, I didn’t know it was such a good project. I would really like to be part of it”.
As of Monday (March 1), the organization had attracted 173 volunteers and others, whether from the infosec community or not, are also invited to join.
Curtet also says “big meetings with really big investors” are planned. “We have some very good things going on to help us technically and financially.”
“Limpid and transparent”
HWB is incorporated and has an official NGO designation in France, but also recently registered in Geneva with a view to becoming a UN-affiliated NGO in two years, subject to a full audit.
HWB says it will be funded exclusively by donations. “We want to be crystal clear and transparent and that’s why everything we do will be tracked on smart contracts and every donation will be traceable,” says Curtet.
“We are not going to make money – we four founders are losing money from now on. The aim is to get compensation, do good and have a strong NGO without pressure from governments » [affecting how we operate].”
YOU MIGHT ALSO LIKE Ukraine invasion: WordPress-hosted university websites hacked in ‘targeted attacks’