Hereford & Worcester

Malvern 'dirty lab' to tackle cyber crime

Malvern Cyber Security Group show the military adviser to UK Trade and Industry around the lab
Image caption The government's GCHQ unit has part funded the lab in Malvern

A research unit to test the vulnerability of computer security systems at small businesses has been set up in Worcestershire.

The so-called "dirty lab'" in Malvern has been part-funded by the government.

It is designed to simulate attacks from hackers and test measures against viruses in a secure environment.

The lab is run by the Malvern Cyber Security Group, a partnership of six local computer security companies.

And it would look like any ordinary office if it was not for the servers in the corner and the thick cables hanging from the ceiling.

The people working quietly at computers use the same tactics and techniques as criminals. But they do so with the permission of the authorities.

It's a place where anything goes, but it is secure and there is no danger of infection spreading outside.

Dibble Clark, the chairman of Malvern-based 3SDL, said: "My way of looking at it is that if you have a disease or virus that's dangerous to humans, you don't take it to a hospital ward to look at it.

Image caption Ruari Douglas and other staff use the same techniques used by hackers to test security systems

"You take it somewhere more secure. We don't want the malware and viruses, which we use against the system that we're testing, to leak out."

He said the lab would help small and medium sized businesses tackle the growing problem of cyber crime, which is estimated to cost the country £27bn a year.

According to a report published for the Office of Cyber Security and Information Assurance in the Cabinet Office, most of the money is stolen by organised criminal gangs.

'The dark side'

While bigger organisations and the security services have their own systems, smaller companies often do not have the same resources.

So-called "ethical hackers" use the same techniques used by hackers to test business systems.

One of those involved, Ruari Douglas, described an ethical hacker as someone "who performs actions that a malicious hacker would do, but with the permission of the corporation or organisation, and with the intention of outlining any vulnerabilities in their network or their system".

The 24-year-old said he did not do well at school, but showed an aptitude with computers and an ability to crack codes.

He said many others like him had been drawn to "the dark side" and turned computer skills into criminal activities.

Mr Douglas was recruited by Tony McDowell, who owns IT company Encription in Kidderminster.

He said interviews required prospective staff to crack codes.

According to Mr McDowell, many ethical hackers are social misfits and some are autistic.

Conservative MP for West Worcestershire Harriet Baldwin helped bring the six companies together.

Alongside Encription in Kidderminster, four of the companies are based in Malvern, including 3SDL, Borwell, C2B2 and Deep Secure.

The last of the six is Hereford-based Level Peaks.

The area between Cheltenham and Hereford is a growing centre for defence, IT and security-related businesses and has been dubbed "Cyber Valley".

The government announced its new cyber crime strategy last November in which it said that the Intelligence Agency GCHQ would work more closely with the private sector.

The Malvern Cyber Security Group said it hoped to secure further investment from the government unit.

Mr Clark said: "These are cyber criminals, people who can divert one in 20 of your transactions into someone else's bank account. The research and development budget for the bad guys is virtually limitless."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites