DUBAI // The Facebook profile of Sara Gonzalaz shows an attractive young graduate who works for Starbucks Dubai and lists Harry Potter among her interests. But Sara is a man.
Her profile is kept up by David Michaux, a director of the Dubai security company Whispering Bell, and she was created for a corporate client who wanted to test the ability of employees to resist scams on social-networking sites.
"She's completely fictional," said Mr Michaux. "We pulled a couple of pictures off the internet. This was for a specific client who wanted to see how trusting their employees would be. We got an exceptional amount of information."
The scheme was part of a wider "penetration test"his company carries out regularly for large corporations across the country.
The test involves a variety of tactics, from spamming staff with extremely credible phishing sites to leaving USBs loaded with viruses around an office or a car park.
The purpose is to test a company's defences against cybercrime.
"Companies, especially pharmaceutical firms, spend billions of dollars on research and development," said Bassam Ghellal, who is also a director at the firm.
"If someone was to steal designs or formulae and patent them, they would stand to lose huge profits. We produce a detailed report on their security vulnerabilities which they then use for training."
Several security companies carry out penetration tests in the UAE. Ira Winkler, a security expert, has travelled to the Emirates several times for consulting work.
He said it was right for companies to be concerned that social-networking sites could be used to compromise their security, but he questioned penetration tests.
"There have been cases of criminals putting up fake profiles to gain information," said Mr Winkler, president of the Internet Security Advisors Group. "There are also intelligence agencies which do it, to see if there's a susceptibility for manipulation.
"But to carry out a penetration test, it's wholly unnecessary to go into this level of detail."
Mr Michaux said that although his company was not willing to conduct "honey traps", there was a need to explore security through social-networking sites.
"If you have an organised gang trying to break in, they aren't going to stick to etiquette rules," he said. But Mr Michaux said all methods the company used had to be approved by the client.
To carry out the exercise, Whispering Bell created six fake profiles: three men, and three women. According to Mr Michaux, females do better than males.
The next step was to make the profile look credible, which involved attracting a large number of friends. The fake Sara received dozens of friend requests when she left a message on a group saying she was new to Dubai.
"She's had marriage proposals and people offering to send her plane tickets to New York," said Mr Michaux. "It was absurd. People are somewhat gullible."
Once enough friends are on a profile to make it look genuine, the team starts to add employees from the target company.
"We got an exceptional amount of information," Mr Michaux said. "We wanted things that would help us guess user credentials for logging into a system.
"We could have talked to them about their mother's maiden name and about their favourite pet, which are all things that come up in security questions."
Other questions, such as which anti-virus a company uses, are also dropped casually into conversation. That kind of information could help the company tailor a virus to avoid detection.
Mr Michaux said the moral was not to believe everything you see on social-networking sites.
"There's nothing that brings the message of security awareness home more than showing a picture of Sara and then the picture of the geek behind the laptop who's controlling her - in this case, me."
mcroucher@thenational.ae
Company%20profile
%3Cp%3E%3Cstrong%3EName%3A%20%3C%2Fstrong%3EPurpl%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECo-founders%3A%20%3C%2Fstrong%3EKarl%20Naim%2C%20Wissam%20Ghorra%2C%20Jean-Marie%20Khoueir%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EHub71%20in%20Abu%20Dhabi%20and%20Beirut%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2021%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ENumber%20of%20employees%3A%20%3C%2Fstrong%3E12%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EFinTech%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFunding%3A%20%3C%2Fstrong%3E%242%20million%26nbsp%3B%3C%2Fp%3E%0A
The Sand Castle
Director: Matty Brown
Stars: Nadine Labaki, Ziad Bakri, Zain Al Rafeea, Riman Al Rafeea
Rating: 2.5/5
Essentials
The flights
Whether you trek after mountain gorillas in Rwanda, Uganda or the Congo, the most convenient international airport is in Rwanda’s capital city, Kigali. There are direct flights from Dubai a couple of days a week with RwandAir. Otherwise, an indirect route is available via Nairobi with Kenya Airways. Flydubai flies to Kinshasa in the Democratic Republic of Congo, via Entebbe in Uganda. Expect to pay from US$350 (Dh1,286) return, including taxes.
The tours
Superb ape-watching tours that take in all three gorilla countries mentioned above are run by Natural World Safaris. In September, the company will be operating a unique Ugandan ape safari guided by well-known primatologist Ben Garrod.
In the Democratic Republic of Congo, local operator Kivu Travel can organise pretty much any kind of safari throughout the Virunga National Park and elsewhere in eastern Congo.
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
KILLING OF QASSEM SULEIMANI
Killing of Qassem Suleimani
The smuggler
Eldarir had arrived at JFK in January 2020 with three suitcases, containing goods he valued at $300, when he was directed to a search area.
Officers found 41 gold artefacts among the bags, including amulets from a funerary set which prepared the deceased for the afterlife.
Also found was a cartouche of a Ptolemaic king on a relief that was originally part of a royal building or temple.
The largest single group of items found in Eldarir’s cases were 400 shabtis, or figurines.
Khouli conviction
Khouli smuggled items into the US by making false declarations to customs about the country of origin and value of the items.
According to Immigration and Customs Enforcement, he provided “false provenances which stated that [two] Egyptian antiquities were part of a collection assembled by Khouli's father in Israel in the 1960s” when in fact “Khouli acquired the Egyptian antiquities from other dealers”.
He was sentenced to one year of probation, six months of home confinement and 200 hours of community service in 2012 after admitting buying and smuggling Egyptian antiquities, including coffins, funerary boats and limestone figures.
For sale
A number of other items said to come from the collection of Ezeldeen Taha Eldarir are currently or recently for sale.
Their provenance is described in near identical terms as the British Museum shabti: bought from Salahaddin Sirmali, "authenticated and appraised" by Hossen Rashed, then imported to the US in 1948.
- An Egyptian Mummy mask dating from 700BC-30BC, is on offer for £11,807 ($15,275) online by a seller in Mexico
- A coffin lid dating back to 664BC-332BC was offered for sale by a Colorado-based art dealer, with a starting price of $65,000
- A shabti that was on sale through a Chicago-based coin dealer, dating from 1567BC-1085BC, is up for $1,950
The specs
Engine: Turbocharged four-cylinder 2.7-litre
Power: 325hp
Torque: 500Nm
Transmission: 10-speed automatic
Price: From Dh189,700
On sale: now
The rules on fostering in the UAE
A foster couple or family must:
- be Muslim, Emirati and be residing in the UAE
- not be younger than 25 years old
- not have been convicted of offences or crimes involving moral turpitude
- be free of infectious diseases or psychological and mental disorders
- have the ability to support its members and the foster child financially
- undertake to treat and raise the child in a proper manner and take care of his or her health and well-being
- A single, divorced or widowed Muslim Emirati female, residing in the UAE may apply to foster a child if she is at least 30 years old and able to support the child financially
The National's picks
4.35pm: Tilal Al Khalediah
5.10pm: Continous
5.45pm: Raging Torrent
6.20pm: West Acre
7pm: Flood Zone
7.40pm: Straight No Chaser
8.15pm: Romantic Warrior
8.50pm: Calandogan
9.30pm: Forever Young
A MINECRAFT MOVIE
Director: Jared Hess
Starring: Jack Black, Jennifer Coolidge, Jason Momoa
Rating: 3/5
The specs
Engine: 4.0-litre flat-six
Torque: 450Nm at 6,100rpm
Transmission: 7-speed PDK auto or 6-speed manual
Fuel economy, combined: 13.8L/100km
On sale: Available to order now
Command%20Z
%3Cp%3E%3Cstrong%3EDirector%3A%C2%A0%3C%2Fstrong%3ESteven%20Soderbergh%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%C2%A0%3C%2Fstrong%3EMichael%20Cera%2C%20Liev%20Schreiber%2C%20Chloe%20Radcliffe%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%C2%A03%2F5%3C%2Fp%3E%0A
