On the sidelines of the Cyber Africa Forum 2023 held in Abidjan last April, Clément Domingo, co-founder of Hackers Without Borders discussed with We Are Tech Africa and Ecofin Agency the specificities of an ethical hacker and his vision for cybersecurity in Africa.
We Are Tech: What is an ethical hacker?
Clément Domingo: An ethical hacker is someone who already likes to tinker, who likes to discover things. Above all, in the digital age, we are now in 2023, it's someone who is going to help companies and governments better secure the data of citizens and users of banks, financial institutions, and large companies.
WAT: How did you become an ethical hacker?
CD: I have an atypical background. I didn’t study to become a hacker per se. I have a classical background. I discovered it bit by bit while studying and I started discussing it with people with good ethics. I can’t stress this part enough because I think that had I come across people who were to send me on the wrong path, maybe I would have become a cybercriminal, not the ones I track daily in my various missions.
WAT: How does Hackers Without Borders work?
CD: Hackers Without Borders was founded in January 2022. The idea stems from the fact that more and more international organizations, NGOs, and humanitarian associations have absolutely no means of ensuring the security of their information systems. Let me give you a concrete example. Presently, there is no one thinking about a specific mother in remote Africa who may be unable to afford even CFAF1000 or 5,000 to feed her children.
So, we asked ourselves how we, in cyberspace, people working in the digital and cybersecurity sectors can provide solutions so that that specific mother can get that money every week or month, through an association, without even realizing that there are complex things behind it. So we founded Hackers Without Borders to do humanitarian work in cyberspace just like Reporters Without Borders, and Doctors Without Borders. Hackers Without Borders helps any NGO, any humanitarian association, anywhere in the world, to better protect its data.
WAT: Do you ever take the initiative of testing the limits or data protection systems of certain organizations to draw their attention to their flaws?
CD: No, not at all. We don't intrude on systems; we intervene when called upon. We always respond to a need or a request. For example, when there are health or natural disasters involving victims, Doctors Without Borders is called in. The organization will never intervene on its own. It's much the same with Hackers Without Borders. We mainly respond to requests, and sometimes, in the course of certain conversations, certain NGO or humanitarian association managers say to us: "We'd still like to test the limits of our system, to find out whether we're secure or not...". Only then do we delegate some of our brilliant members all over the globe, including Africa, to do so.
WAT: In a world where every socioeconomic, and political… sector is connected to cyberspace, how would you sum up your organization's ultimate goal?
CD: The ultimate goal of Hackers Without Borders is to work for cybersecurity, which is not discussed quite often. Right now, things are happening that the general public and even some organizations, companies, and states have no idea about, and even more so in Africa.
Real cyber attacks are paralyzing entire countries. There are real groups of cybercriminals, hackers, what we call state-sponsored hackers, attacking strategic companies in certain countries, attacking states to destabilize them. We aim to talk a little about peace in cyberspace, and how to pacify this fourth dimension that cyberspace has become today. We're working on cybersecurity so that tomorrow we can live in a much more secure connected world. So that when you go to your bank's website or application, all your data is protected. When you download applications, they will be safe.
WAT: I'm assuming that Hackers Without Borders does not count every ethical hacker around the globe in its membership and that some of them take personal initiatives. As the co-founder of Hackers Without Borders, what do you think the role of an ethical hacker should be in society in general?
CD: To answer this question, I'd like to quote Elazraïe, a hacker residing in Israel. She said that today's hackers are the Internet's immune system. I think this formula pretty well represents the very spirit of hacking. We're here to prevent cyber-attacks, to inform the general public, to talk about subjects that are sometimes very complex, but which we simplify and disseminate to make them accessible. For example to my parents who know absolutely nothing about digital technology, to some of my friends, to our children. I think this is one of the main roles of hackers today. Some work in the shadows, others a little more to the forefront to explain all this to ensure our data is safe.
WAT: Can you give us a concrete example of a project or action you carried out as an organization?
CD: During the conflict in Ukraine, we carried out dozens of actions, but there was one that particularly impressed me and some of our members. It was at the very start of the conflict, in the month that followed, when there was a lot of talk about the displacement of populations from Ukraine to the rest of Europe, as I'm based in France, among other places. At the time, several associations and NGOs were also mobilizing to try and connect Ukrainian families with French families. But what many people didn't realize was that filling in a simple form meant providing a whole lot of information that was critical for French families wishing to host other Ukrainian families. On the Ukrainian side, some information also had to be provided. Imagine what would happen if these files and systems were hacked. We were able to help an NGO and two humanitarian associations that were planning to connect French families and Ukrainian families. That had a big impact on me, because we may have saved them the worst. Other ill-intentioned people could have used this data to exploit the digital misery of these families, or even to blackmail French families. It's an action that may speak to everyone, but the importance of which we don't directly realize.
WAT: During the Cyber Africa Forum, there were talks about attacks on banks, public institutions, and so on. How does your organization work with companies to improve their security?
CD: Hackers Without Borders doesn't work with companies at all. But we do have partnerships with them. We aim to help all the NGOs and humanitarian associations in the world, free of charge. But we don't step on the toes of other companies specializing in cybersecurity, because that's not our role. To do that, we have other channels. Hackers Without Borders is focused specifically on NGOs and associations. But, indeed, there's also a real need among banks and businesses. But that's not our job at Hackers Without Borders.
WAT: How does your organization train its members?
CD: First of all, anyone can help, or at least contribute to the cause. If only for a day, an hour, a week, a month, a year. But today, there's a real challenge. It's how to engage people, to ensure that these people are trustworthy. It's a real issue that we don't talk about much, but it is nevertheless a key issue. When we work for organizations, they open all their doors to us. We have access to everything.
So how can we be sure that the person we're working with will remain ethical from start to finish and won't steal data? That's why it's a bit slower to set up an organization like this, which, I'll remind you, is barely a year old. It's a lot more complex than we expected.
WAT: When Ethical Hackers join your organization, do you rely on their raw skills and talents, or do you try to upgrade them so that everyone has the same skills?
CD: First of all, let me remind you that anyone can join Hackers Without Borders but ethical hackers alone cannot run an NGO. Other skills are needed. For ethical hackers who join us, both those who know their way around and those who don't are mentored and coached by others. We have a Discord channel for that and we also hold private or small group exchanges. We have various profiles. Those who are more into attack and others into defense and others more into monitoring. There are a whole lot of jobs in cyber security. I've brought along a special guide to cyber-security professions to this event (Cyber Africa Forum, editor's note). Nowadays, when we say cybersecurity, we're talking about no less than 40 professions. Young people need to know that they can be a cybersecurity consultant. At Hackers Without Borders, we have a bit of everything.
WAT: What challenges are you facing today as co-founder of Hackers Without Borders?
CD: I'm going to take off my Hackers Without Borders co-founder's hat and put on my Ethical Hacker's hat instead. Two days ago, I was in Montreal. I returned to France and got on another plane to come here to Abidjan to talk about cybersecurity differently, because our companies, leaders, and governments don't understand at all what's going on. I'll take the case of ARTP [Senegal's telecom regulator] in Senegal, the West African Bank, which made headlines in Africa and Europe, but also other banks and financial institutions that continue to be attacked. Something is happening in Africa right now. If we don't react by the end of this decade, by 2030, it'll all be over. I may be an alarmist, but we're at a real turning point.
Cybercriminals, who used to concentrate much more on Europe and the Americas, are starting to attack Africa, where there is almost no protection. But we can still reverse the trend and change things.
My main challenge today is to make all our leaders, as well as small, medium, and large companies, aware of the need to arm themselves. Internationally, there's the alliance formed by the FBI, Europol, and Interpol to track down cybercriminals. Why not have similar cooperation with similar agencies in Africa? The realities of West Africa are different from those of Central Africa, the Maghreb, or Southern Africa. But I'm convinced that we can work together. I'm going to mention a reality that speaks to me a lot. The September 11, 2001 attacks in the United States could have been avoided because everyone had the information, except that no intelligence service or national agency in the United States shared the information, and we saw what happened. Similarly, in Africa, if we don't share information through strong partnerships, we will continue to be attacked again and again.
WAT: How do you see the future of cybersecurity and the role of ethical hackers with the advent of new technologies?
CD: First of all, I would like to say that the youth is the future of cybersecurity. It is another battle I care about. There's much talk about digital technologies, a lot of investment, and a lot of jobs, but what are we doing for young people? I'm trying, on a very modest but very concrete scale, to do things here for young people, and above all to encourage our politicians and government officials to join the movement and get things done.
Talking about the evolution of cybersecurity, I can't fail to mention artificial intelligence. It will profoundly change the way we consume digital content. If we don't raise our level of vigilance through training around artificial intelligence, we'll find ourselves 10-15 years behind. It's happening now. There's a profound digital transformation taking place, and we don't realize that, even if we're not in the digital business, we still have a very strong attraction, a very strong adherence to the digital world.
Concerning artificial intelligence, I have a little anecdote about a cybercriminal group I've been monitoring and infiltrating for a few months now. They've set up a new thread with a new topic where they disclose techniques to get around artificial intelligence, which is ChatGPT. For example, when you ask how to create a bomb or how to create a weapon, or how to organize a cyber attack from the ground up, they can easily get you answers to those questions. We need to be aware of this, and so do our politicians, and press for the necessary safeguards to be put in place.
Interview by Moutiou Adjibi Nourou and Muriel Edjo
