By Tonderai Saharo
MASVINGO: A 21 year-old former Information Systems student at Great Zimbabwe University (GZU), Pardon Mukoyi, has turned into a professional bug bounty hunter and has developed a cyber system, which is a first in Zimbabwe.
In an interview with NewZimbabwe.com this week, Mukoyi said his anti-cyber attack system would help in improving the country’s cyber security.
In ethical hacking spheres, he is known as; @bugspiderlee or anonymously as Toplinks and obtained a total of 312 bugs last year.
“Bug hunting is an act or a job of finding security flows in systems of many biggest companies and institutions in the world have bug bounty programs,” Mukoyi said.
“This involves allowing or granting permission to hackers all over the world to hack your IT systems (white hat hackers) this helps improve lot of companies security.”
Since turning into a professional hacker, Mukoyi boasts of breaking into some of the biggest companies and organisations in the world including the United Nations, AT&T, Microsoft, Huawei, Apple and about 12 banks in Europe.
He is now ranked number five on the AT & T leader-board in bug bounty hunting, he said, he was motivated to develop security systems after hacking international companies in the bounty bug hunting business.
Mukoyi said his system called Eyewatch, is a free and open source cyber security intrusion prevention and detection system written in Python.
“It works on both Windows, Mac OS and Linux operating systems with big companies like internet service providers and financial institutions who are at risk of being hacked being encouraged to embrace the latest home grown security system solution,” he said.
“It protects computers against common and sophisticated network attacks like address resolution protocol (ARP) spoofing, poisoning or man in the middle attack, LMNR poisoning, windows registry scanning, Linux system audit, open source API, antivirus integration for advanced malware analysis.
“It has capabilities to integrate with a vast majority of open source antivirus API database making the malware detection capabilities to be stealthy. Thus a user will be using different antivirus at the same time without computer memory occupation,” he said.
He said most anti-viruses and anti malware soft-wares use database signatures and send boxing to detect malware which can be avoidable by using malware authors.
“Thus a system backdoor can last in a computer system for a long time without being detected. This infects a lot of organisations and institutions which rely on antivirus programmes.
“A lot of organisations might be hacked without even realising that they are hacked.
Advanced malware like meterpreter can hide its self inside a system process like notepad or explorer. This involves the use of dll injection technique making AV detection even more difficult.
“Eyewatch system then analyses memory occupation of computer processes to detect sophisticated malware which can be a backdoor giving an attacker full control of a system this can be delivered to employees in various formats e.g email and PDF.”
Examples of common types of attacks can be a remote keylogger — a software used to capture sensitive information typed on the keyboard by capturing key strokes and sending the information to the attacker automatically.
Eyewatch will then be able to support the task manager to analyse the amount of processes running on a computer and help notify a user if any software has been installed in the computer without the user knowing.