Interview with Nihad Hassan

Email interview held on 13th September 2017 – as follows between Alan Radley (questioner) and Nihad Hassan (relator):

What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?

Cybersecurity threats and incidents have increased lately, leading to significant economic and social consequences for business organizations and individuals. The recent cyber-attacks against giant companies like Yahoo! and the WannaCry ransomware -which heavily affect the National Health Service hospitals and facilities in the United Kingdom- draw organizations’ attention to the severe effects that cyber-attacks can have against their works.

Organizations begin to adopt more cybersecurity solutions to safeguard their data, for instance, many organizations begin to improve their cloud storage security and begin to incorporate their threat intelligence & analytical operations to the cloud, so they predict future cyber-attacks more efficiently.

Privacy also becomes a major concern for originations, as new data privacy requirements continue to emerge, corporates need to adjust their policies and data collection requirements to meet the new rules imposed by such regulations – like the EU General Data Protection Regulation which is going to be enforced at 25 May 2018 – all non-compliant organizations will face heavy fines.

In conclusion, we cannot say that all organizations are preparing well for cyber-attacks, the well-organized one with the good budget is more likely to survive than the unprepared one.

Consumer poor security awareness is still a major problem, unfortunately, few people appreciate the importance of securing computing devices to protect their digital life. Most consumers install mobile apps without investigating its source or developer, the majority post private details & pictures to social media that can be exploited by hackers. All these issues and more will continue to increase consumer exposition to cybercrimes.

The lack of cyber-security corporate training is still an issue, employees should be well educated about using social media sites, understand cyber risks and how malicious actors can attack them in addition to understanding how to maintain their digital privacy online. For example, any employee -with non-IT rule- can bring damage to corporate network inadvertently if he/she misuse using IT infrastructure at work (for example, plugging a USB to corporate network with a malicious malware).

What – in your estimation – are the reasons behind the many computer security breaches/failures that we see today?

I think there are three main reasons:

  1. The huge adoption of Internet of Things (IoT) devices worldwide without standardization the security mechanism of these devices to an appropriate security level.
  2. The lack of cyber-security awareness in many organizations -and for individuals also.
  3. Hackers and criminal organizations become more skilled in cyber-attacks, anonymity services like darknet and anonymous currency, enable criminals to conduct cyber-attacks and request electro-currency with no fear of being tracked back.

Where do you go to find your “science” of cybersecurity? 

I read tech news daily, reading a book about computer security & forensics each week is also good, follow major tech blogs for the latest threats/attacks, read computer security and forensics magazines. Finally, I recommend that cyber security experts to author books/guide and tutorials, I think our main role is to transfer our knowledge to the community, without such efforts, we cannot expect to see improvement in people cyber-security awareness, and I think your blog https://scienceofcybersecurity.com will help us achieve this.

Do you recommend a particular cybersecurity blog that our readers could follow?

They can check my blog: www.Darknessgate.com, this provides a set of tools in the attack / protection and some privacy tutorials for novice users. Other good blogs is https://www.schneier.com, https://www.darknet.org.uk, https://krebsonsecurity.com, https://www.csoonline.com and www.digitalforensicsmagazine.com. I also recommend reading my book titled” Digital Privacy and Security Using Windows: A Practical Guide” published by Apress. This book teaches you how to use a wide range of digital privacy methods as well as encryption and anonymity tools to protect your digital life.

What keeps you up at night in the context of the cyber environment that the world finds itself in?

I think the major risk comes now from the Internet of Things (IoT) devises side, IoT architecture is not yet standardized and large number of devises are manufactured in east countries, exploiting the vulnerabilities of IoT -both hardware and software- is still -as I think- among the greatest dangers of cyber risks that we may face in the future.


Thank you kindly Nihad Hassan for taking the time out of what must be a busy schedule to answer our questions in such a useful and purposeful and expansive way.

Interviewee: Nihad Hassan,

DarknessGate.com

Author | Cyber security Professional | Digital forensics investigator

Nihad Hassan – Biography

Degreed Cyber Security Specialist proficient in online security research, planning, execution and maintenance. Main responsibilities include conducting moderate to complex cases involving electronic forensic investigations and risk control analysis. Offers computer forensic consultation services, including digital evidence acquisition, preservation, analysis, data recovery, password recovery, electronic mail extraction.
I possess valuable skills in creating and conducting training sessions targeted for different students segments – from beginners to advance level in the field of computer security, computer forensic, networking (Cisco certificates) and other related IT topics.

Core Strength:

• In-depth knowledge of computer hardware, software, programming and applications,
• Able to work in diverse surrounding; alone and in group settings,
• Proficient with all versions of Windows Operating System,
• Solid knowledge of using different computer forensic tools and adopting it to different cases.

Technical Skills:

Attack Tools:
• Ophcrack
• Linux Backtrack
• Netcat
• Cain & Abel
• John the Ripper
• NirSoft Suite
• Sysinternals Suite
• WireShark
• Maltego Intelligence

Computer Forensic Tools:
• Access Data FTK Imager
• ProDiscover
• Autopsy
• Volatility Framework
• Memoryze
• bulk extractor
• Directory Snoop
• Win-UFO Suite
• Backup and Recovery tools

Encryption & Anti-Forensic:
• GnuPG key management system
• GpG4Win email encryption
• Image ,Video ,text Stego tools
• Metasploit Anti-Forensics Framework
• Data destruction
• Data hiding under Windows OS

OS & other Skills:
• Windows XP , 7 , 8 , Server 2003, IIS
• Linux
• C# Programming , ASP , PHP
• XML,XSLT,XML Schema ,DTD , XQuery
• HTML5 , CSS , JavaScript
• System analysis , UML Modelling
• Diagraming software (Smart Draw , UMLet)
• Hex Workshop
• TCP/IP
• IIS6 + IIS7
• MS SQL server 2012 , Visual Studio 2013,Dreamweaver
• MS Office 2010
• Altove XMLSpy 2010