Mon, Jan 21: Terry Cutler CTO and Certified Ethical Hacker with Digital Locksmiths discusses a Student expelled from Dawson College for exposing security flaw in his school’s computer system.
MONTREAL – Most students don’t see any silver linings when they get expelled from school. Ahmed Al-Khabaz isn’t one of them.
He’s getting job offers from computer software companies — including one whose security flaw he found while rooting around in Dawson College’s system.
“I think I’ll move on,” Al-Khabaz said Tuesday, adding he enjoyed attending Dawson College until he was kicked out in November.
“I’ll take one of those job offers I’ve got and I’ll apply to another English (junior college) in September.”
Al-Khabaz says he has been offered employment by the president of Skytech Communications, which provides the software for Dawson’s system. Another 10 or so offers are also on the table.
A Skytech spokesman was not immediately available for comment.
Al-Khabaz, 20, became persona non grata at Dawson after discovering a major security flaw in the school’s computer system while working on a class project.
At a news conference on Tuesday, Dawson director-general Richard Filion acknowledged Al-Khabaz had found the flaw but said he was expelled after he repeatedly tried to gain access to areas of the college information system where he had no authorization.
Filion said the student was kicked out because he breached the college’s code of professional conduct.
“Dawson College has the responsibility to instil the principles of proper conduct in the workplace so that employers hiring our graduates know they are responsible citizens and qualified workers who understand how to behave in a professional environment,” Filion said.
Francois Paradis, the college’s director of information services, said Al-Khabaz was warned after being sighted twice in Dawson’s system before he reported the computer flaw. Paradis said Al-Khabaz was spotted again after being told about limitations on tests he could conduct after finding the flaw.
Dawson said it was speaking out because of what it called inaccuracies in a media barrage in the last 24 hours that has seen Al-Khabaz gain support from students beyond Montreal.
In Ottawa, Adam Awad, national chairperson of the Canadian Federation of Students, accused Dawson of being more interested in protecting its own image than guarding students’ personal data.
“The administration chose to punish the whistle-blower in hopes that the problem would quietly go away,” Awad said as he called for Al-Khabaz to be reinstated.
Filion said Dawson considered pushing for criminal charges against Al-Khabaz but the institution decided to deal with the matter on an academic level and leave any further action to Skytech.
Speaking to reporters after Dawson’s news conference, which he attended as a member of the audience, Al-Khabaz rejected the college’s version of events. He said it concentrated on “the negative stuff.”
“I was just scanning the software because I was scared for our data,” he said.
The student said he also asked for permission to do the later scan when he was told he was not authorized to carry out the task.
He said he had three meetings with college officials and explained what he was doing.
“I really wanted to help,” said Al-Khabaz.
He rejected the college’s characterization of his activity as an attack, calling the allegation “false.”
“A smart man would hide his identity if he was going to do that,” he said, pointing out he never tried to conceal who he was or cover his tracks.