South Africa’s white hat hacker who keeps companies safe

Orange Cyberdefense’s ethical hacking director and SA MD, Dominic White, was on the path to a career in cybersecurity the day he got his hands on a computer.

White is one of the best-known and most respected figures in South Africa’s information security space.

He started his career as a security consultant and auditor at Deloitte in 2006 before joining SensePost as chief technology officer in 2010.

SensePost was acquired by SecureData, which Orange bought in 2019 to increase its international reach and expertise in cybersecurity. It rebranded to Orange Cyberdefense in 2020.

White’s first computer was a second-hand machine his mother had bought. It was love at first sight. Although he had no idea what he was doing, he wanted to figure it out.

“As I figured out first how to use the new tech that was showing up all around us, then figured out how it worked… the natural next step was always to try make it work differently,” he said.

“Then, as I grew up, how to help prevent criminals from using it differently.”

White honed his skills with school and university friends through play.

He set up a firewall to block the school’s monitoring tools so he and his friends could play Quake during computer science classes.

“We even infected each other’s machines with BackOrifice to spy on their StarCraft strategies,” White said.

SensePost’s first office: cofounder Roelof Temmingh’s house in Centurion.

After school, White enrolled for a BSc in Computer Science at Rhodes University. Although he majored in computer science, he studied a mix of commerce, mathematics, history, and philosophy.

He later completed Honours and Master’s degrees in computer science. While at Rhodes, White and a few friends formed a club called Hack @ Kaos.

Their rules were simple: they could hack each other in any way possible but had to respect personal privacy and share how they did it with everyone.

“I remember hanging outside a friend’s bedroom window on the second floor as a gutter slowly cut into my arms, drawing some blood,” White said.

“I was waiting for him to go to the bathroom so I could trojan his SSH to capture a password, mail it to myself, then delete itself.”

It wasn’t until his post-graduate studies that White realised computer security could be an actual job.

That’s when he decided to specialise in computer security for his Master’s.

Orange Cyberdefense team on the famous Fremont Street in Las Vegas after delivering training at BlackHat and DEFCON (click to enlarge).

White’s first real hack was the shared “RUCUS” Unix server at Rhodes, which landed him in a heap of trouble.

“This earned me a useful lesson in getting permission first, which took me a few more mistakes to learn properly,” he joked.

I asked whether he still quietly “checks” systems for vulnerabilities, and White said it’s a fine line to walk.

“It’s a legitimate problem with this skill set — you have this hammer, and the world starts looking like a nail,” he reflected.

“Sometimes you’re just worried or interested in whether a service you’re using personally is secure.”

An ethical hacker must then find ways to check without exploiting and be prepared to engage in the sometimes long and frustrating disclosure process.

“Almost every hacker I know is sitting on flaws in public services they’ve just been unable to get the provider to take seriously,” he said.

“In short: Yes [I do still quietly check], but, in line with my ‘new’ jobs, far less than I used to and with significantly more savvy about what constitutes ‘just looking’ vs ‘crossing a line.’”

White said the moral imperative to help society rather than hurt it remains the guiding principle when they discuss what to do internally.

A slice of SensePost history: The launch of HackRack — a goth rave with burning barrels emblazoned with the words HACK, UV, and neon. Three of the founders can be seen if you look carefully: Charl van der Walt in bottom right, Jaco van Graan in the middle top, and Chris Erasmus on his right.

White explained that Orange Cyberdefense provides expertise to help customers understand problems and architect solutions.

They also implement and manage some of those solutions.

“Penetration testing, our core strength in the SensePost team — falls within the consultative side,” White explained.

His role comprises two main aspects. The first is managing director of the South African business.

“[This] is very much a business rather than technical role, forcing me into more meetings, PowerPoints, and spreadsheets than any self-respecting hacker should admit to,” he joked.

“But I get to work with many remarkable people doing remarkable things, making it all worth it.”

In his other role, White is the nominal leader of all Orange Cyberdefense’s hacking teams.

“We have an incredible number of hackers [here] — 170 across the various countries,” he said.

“The teams are organised around the countries they reside in — so my job is to bring them together to share and grow skills, as well as drive the hacker ethos we believe is vital to doing great work and developing great hackers who contribute back to the industry.”

SensePost team hyped up on pizza after BSides Cape Town in 2022.

White said they have noticed a strong overlap between what was traditionally penetration tester tradecraft and ransomware operator tradecraft.

“At one point, there was a risk that pentesters were finding and exploiting flaws that real attackers didn’t,” he said.

However, this is increasingly less the case. White said this is noteworthy for organisations, as they should scrutinise their penetration testing reports for the attack chain, not just individual findings.

This will allow them to disrupt the ability of attackers to move along that chain from initial compromise to their ransom objectives.

“To give a positive example of disrupting the attack chain: At one customer, the executives called us in to ask why, over the several years we had been testing a certain area, the number and severity of findings had increased.”

They asked whether there was a problem with the defence team that security appeared to be getting worse.

“[We explained] that the team had obsessively focused on disrupting attack chains — so while there were more findings, our ability to conduct an end-to-end attack got worse each year,” said White.

“Secondly, the more time we spend on a specific environment, the more understanding and skill we develop in it, allowing us to find more obscure or hard-to-exploit vulnerabilities,” he added.

“[This] can naturally lead to more findings, making our inability to chain them together even more impressive.”

Dominic White and Jaco van Graan presenting to internal teams in Germany, Switzerland, and South Africa from their Menlyn office.

Asked whether they had seen an increase in cyberattacks in South Africa this past year, White said they had seen higher numbers of ransomware incidents publicised.

“The complexity here is always to contextualise that within the scope of attacker trends and the wider trend,” he noted.

“What I mean by that… Is the increase in publicising of attacks against South African organisations against a backdrop of a general increase, in which case is our delta [percentage change] above or below that general trend?”

White also highlighted that although there was a sharp rise in Africa in general, the numbers were low compared to other developed countries.

“There has always been a steady drum beat of compromises of government departments, who have traditionally underspent on security compared to their private sector peers,” White said.

“However, historically those would be publicised as website defacements or not have been disclosed publicly.”

With the rise of ransomware, those attacks are now made public as part of the pressure the criminal group wants to put on the organisation to coerce payment.

“So are there more breaches or just more being made public?”

White also said they’ve seen significant combined law enforcement efforts in the US, Australia and the EU to counter ransomware operations aggressively.

“This may be moving the focus towards countries where they can operate with more impunity — such as Africa,” he said.

Crowd at DEFCON 2016 before Dominic White and Rogan Dawes delivered their USaBUSe presentation.
Dominic White and Michael Kruger before their presentation in 2018.

H̷̡̨̬̺̳͈̞̍̐͂̋͘͘a̴̧̢͍͔̯̎̋̐c̷̨̧̖̗̯̘̠̃k̴̡̖̣͈̮͔̑̓̌̾ ̴̬͋̊͂̀͂̍͜T̸͙̟̳̐̈́̃͒̍̿͊h̶̢͕̭̬̣͎͈̎̈́̇͌͗ê̷̛̻̈́͊̎̓͠ ̸̨͎͎͇̗͖͋͌̑͌͒̑P̶̱̥̙͍̞̓͌͆͜l̴̪̣̗͛a̴͇̱̯̹̲̿͝ͅn̵̗͓͖̮̈́͋ḛ̸̛̳̲̼͚͈̂̀́t̸̡̛͕̪̹̘͇̭̔̇̓̎!̸̣̱̩͊̾̄͑̓͠

Latest news

Partner Content

Show comments

Recommended

Share this article
South Africa’s white hat hacker who keeps companies safe