Spy chiefs put hackers to test for chance to join real-life Q
IN THE Oscar-winning 2014 film The Imitation Game, Keira Knightley’s character demonstrated her aptitude for code breaking by completing a fiendishly difficult crossword puzzle.
Today’s equivalent of a Bletchley Park operative is just as likely to be a teenager with the aptitude for hacking into a bank or government department’s supposedly secure computer system.
To tap into this talent pool, the Government’s secret communications centre HMGCC is backing a series of hacking competitions designed to spot the recruits needed to strengthen the UK’s defences against external threats, from criminal gangs or foreign states.
Cyber tournaments are being staged around the country, inviting school pupils as young as 14 to hack into computer defence systems.
Backing the Cyber Security Challenge UK is Qinetiq, the former research arm of the Ministry of Defence – regarded as the real life version of the fictional department, headed by Q, that supplied the gadgets for James Bond.
The Sunday Telegraph was given exclusive access to the cyber security challenge at Qinetiq’s headquarters, near Farnborough Airport, last week.
Here two dozen school pupils and students, along with older people looking to change career, were split into teams and challenged to crack a fictional bank’s computer security system to access customer accounts. The teams were challenged to use coding skills to break through passwords and firewalls to access the accounts.
Dr Robert Nowill, chairman of Cyber Security Challenge UK, said: “It’s a very useful way of allowing organisations like Qinetiq and HMGCC to spot talent and recruit people with the aptitude for cyber defence.
“We see who can work as part of a team to crack computer defences and spot ways of improving them, coming up with answers to what is a very real life threat.”
Around 40 such challenges have been held since the scheme was launched eight years ago, with 60 per cent of those taking part going on to work in cyber security.
It is vitally necessary work, says James Willis, managing director of cyber information and training at Qinetiq. “I don’t think the public appreciates the extent of the threat,” he said. “People generally believe what’s put in front of them on social media. During World War Two and the Cold War there was a clear physical threat in front of you, a visible enemy, but now people don’t have that direct threat.
“The threats comes from every direction, from kids in their bedrooms to industrial espionage, criminal gangs and state sponsored attacks, with all the state actors you would expect: North Korea, Russia, China, Iran.
“State agencies not only aim to gather information and intelligence, but also manipulate that information on social media with fake news and propaganda. Look at what Russia has only recently being doing with fake news, manipulating people’s view of the world and what is happening.”
Recruiting so-called “white hats” – people with the ability to hack security system weaknesses – is one of the ways Government agencies and the private sector might strengthen their own defences against the all-too-likely threat of cyber attack.
One of the nightmare scenarios envisaged by Qinetiq is that of shipping position data being altered and planted to sabotage the arrival of perishable goods to manipulate commodity prices or create political crises.
Qinetiq works with shipping insurers such as Lloyds Register to anticipate and guard against this. With increasing automation the control of planes, ships and soon cars becomes more vulnerable to cyber attacks.
“God forbid, but an aircraft could be vulnerable to a cyber attack, creating what could potentially be a 9/11 flying bomb again,” said Mr Willis.
“A cyber attack could involve fake data being planted with business to manipulate the stock market, enabling the attackers to benefit from fluctuations in the market.”
Qinetiq warns that many sectors of the British economy remain vulnerable, with the recent attack on the NHS an example of what is likely to come.
“The pace of cyber change is relent- less and you need to keep up with that, but most countries are ill prepared,” said Mr Willis. “Some parts of the UK, such as the finance sector, are very resilient. Other sectors are less prepared, such as small businesses who are reluctant to spend money and big businesses with lots of people and points of attack through basic poor cyber security.
“The UK is one of the more advanced countries when it comes to preparing for cyber attacks, but no country is immune and never will be.”