#535 Inside Tech Investigations & Cyber Legal Battles With IT Expert & Arbitrator Ahmed Bahgat

[00:00:00] From the heart of Dubai, where tomorrow is being built today to the world, welcome to the CTO Show. With meme here we redefine technology and reimagine possibilities with meme. Delve into the riveting realms of ai. Cybersecurity and digital technology. Experience the thrilling highs and lows of startups.

Immerse yourself in the spirit of entrepreneurship and witness the future of business innovation being written in real time now. Without further ado, let's tune in and explore the future.

Mehmet: Hello and welcome back to the episode of the CTO Show with Mead today. I'm very pleased and you see me guys. I get excited when I have someone from the region, actually from Dubai, uh, Ahmed Bahgat. He's the IT expert and arbitrator, uh, Ahmad, you know, [00:01:00] he is an expert actually in many domains. But today what we want to discuss more about, it's a topic which is very interesting.

It's a topic which is. In my opinion should be top of mind for any executive, whatever your level is. And we're gonna talk about, you know, for, uh, forensics and technology investigation. Ahmed, I don't like to steal the show from my guests. Usually what I do is I keep it to them. So tell us a little more about you, your journey, your background, and what you're currently up to.

And then we can, uh, start the discussion from there. So the floor is yours. 

Ahmed: Thank you Hammed, uh, for hosting me here. Uh, I, I, I, I'd like to be with you in your interesting and, uh, valuable channel. Uh, let me introduce myself. As you say. My name is Ahmed Bahgat. I'm working as an IT expert and the arbitrator in and addition in IT consultant.

I have been, I have been based in new. 2005. I'm originally from Alexandria. I have a bachelor [00:02:00] degree in telecom from Alexandria University, and I have master degree in IT service management from British Computer Society, and now I'm studying a master degree in AI from University of Católica de Murcia in Spain.

My vertical experience across it layers starting from network infrastructure, security, uh, cloud virtualization, ERP business application, like e-commerce, et cetera, et cetera. So I work vertically for all it layer. Uh, starting from, uh, technician till the head of the IT in a big organization. Uh, I reached to original director for Ma Kaur and, uh, middle East across Africa, Caucasusia.

And, um, middle East or in 18 country. Recently, I become a certified expert in a blockchain and I fill a chip from British Computer Society in the uk. BCS. I can summarize my [00:03:00] journey, uh, of work experience starting from oil and the gas in hospitality field when I was working in Egypt. Then working in Bahrain, five years for banking, security infrastructure, and finally in retail for 20 years across 18 countries.

Also, I have been assigned as an IT expert and arbitrator in more than 600 cases in front of, uh, all UE federal courts and some chamber of commerce in Bahrain and EE and all GCC. 

Mehmet: Ahmad, thank you very much again for being here with me today. You know, I love the way you, you also told us about your journey because, you know, when people ask me like, uh, tell us about you and say, guys, it's not a joke.

I started also my career and I joke with people, I tell them I was, uh, fixing cables and formatting PCs. Right? Yeah. But, but, but absolutely, you know, it's a great honor to have you here today. I think. You know, myself and, uh, my audience will learn a lot from you, so. [00:04:00] I want to start with the topic that we said we, we gonna talk about before, before 

Ahmed: ize.

Allow me before you jump to the second part. Okay. Uh, this, uh, journey from, uh, bottom to top is give me an experience of the hands on and the feeling of the job. How much it take, how long it takes, how much it cost. How would it be done? I, I, I know for example, the router configuration, how long it takes. I know, for example, the security policy, how long it takes to be deployed and because I did that by my hands and I'm still working on my hand on top of each and single case.

So this is give a confidence for me and my customer as well. 

Mehmet: Absolutely. And you know, we, we have a saying like once an engineer, always an engineer. So, uh, we, we like to do things by our hands and still I do it till, till date also myself. So, want to jump into today's discussion and as I was telling the audience, and we discussed this with you before, Ahmed, is, uh, the [00:05:00] topic very interesting.

And that actually it should be on top of mind of many executives and everyone, because we hear a lot about, um, cyber attacks. We hear a lot about things that happen. We hear that someone get a, um, cyber scam and people sometimes they don't know how complex. You know, the thing is, what I want to do with you today, Ahmed, is to try to talk about this topic.

For our audience to, to understand also, uh, how things are done and of course to get, uh, from, from your expertise. So one thing, when when, when something happens, when they breach, maybe someone get into the network, sometimes someone stole some data sensitive data, uh, there is a process behind it, right? So if you can tell us about how things start, like, uh, there's something called pre-research.

There's something. Verification caution. Uh, you can see in [00:06:00] that. So te tell me more about, about this. 

Ahmed: Uh, actually, and unfortunately, hammed people did not give enough attention to such kind of, uh, of, of cases or in, unless the incident happened. Uh, let me give you. Example here. Now everyone feel the impact of technology penetration in all of our aspect of our life and daily life.

It mean technology can help you to a lot to live a better life, but can also. Take you to the prison at the business level, I always advise organizations small, medium and large. Even as I, I board advisor as an external consultant to have an IT expert when they are going to sign a contract, especially the legal tech contract as any business contract for sure has a part of technology.

To be used. This part should not be hidden, [00:07:00] uh, from the business owner or senior management. You should consider, uh, the business you should, sorry, business should consider the it, the technology. Um, again, the importance of technical term, like. In, in, in sales, purchase and acquisition contract, like maintenance terms and conditions support, uh, IP source code, encryption method, business domain owner, et cetera, et cetera.

All of these should be known, well known for the people who are signing the contract because they think commercial, they think business, they think financial, but they did not. Think technical. What about this? What about our data? What about our, uh, domain? What about our license? So at all levels, people need a technical awareness and digital literacy to avoid some common mistake happen after you sign the contract.

This is in the pre, uh, pre-research and verification. Cosent, you should consider. 

Mehmet: [00:08:00] Right now, I know Ahmed, your company operates in four different countries, UAE, uh, kingdom of Saudi Arabia, Bahrain, and Canada. How do you find the technical research and investigation procedures for legal purposes among those four countries?

Like any, you know, tips you might, uh, uh, want to share with us? 

Ahmed: Yes, for sure. There is a common steps everywhere, uh, to be considered. As I said, people are going to sign a, a contract business contract, it should, and I advise them strongly, uh, advise to assign a legal tech expert team to review the contract.

This team will use the contract management software to track the change and put the liability and what is going on and set a clear deadline of the technical comment. This is in general, but there are international standard technique for the research. I'm, I'm using, let me emphasize this. [00:09:00] In, in, in this study, please, for example, uh, collected the digital evidence in a forensic manner.

This is need to be done. Extracting the data without compromise this data. This is the second one, analysis, the digital evidence. What you find and documented that in a step, I'll put it in a screenshot, protect the privacy or the confidentiality of this data. Observe the legality data acquisition and handling before I draft my report.

This is the main point on international, uh, standard technique, any IT expert or any advisor when we be assigned from the board members or CEO or business owner to take care. 

Mehmet: Just, you know, to make it also like, um, make some similarities if allow Ahmed. So like similar when you have a physical case and you, you call, you know, the police and you know, there's an investigator that comes.

So in the digital world, same thing happens. So we have what we call, you know, digital [00:10:00] fingerprints. We have. Uh, you have to also, I remember because I, I took a course actually when I was finishing my, uh, postgraduate, uh, studies, uh, that was, oh my god, like 10 more than 10 years now. So there was something also, uh, people, they, they, they think it doesn't exist in the digital world, which is like, you know, having an alibi and making sure, like who is the witness and all this.

So these are like really topics which are interesting, but. Ahad. Tell me more about like, what kind of software do you use for, for, uh, collecting, you know, these, um, you know, uh, what we were talking about. The evidence. Evidence, yes, exactly. Yeah, 

Ahmed: this, it, it mean, it mean here the incident happened and, uh, my message and my value is to protect the organization before the incident could happen and to be in a proactive mood.

Unfortunately, more than 95% from the cases or from the business I'm, I'm receiving now is after the incident. Because [00:11:00] people are not giving, uh, attention enough to this part. But consider the business, have an entity ask me or assign me either from the court or from the, the, the, the, the company itself to do investigation.

First of all, the tools. It depend on the setup and to configuration on what exactly I want to investigate. Exactly. Mm-hmm. Like in case there is a management axiom and FTK toolkit, uh, UFED, this is all, all, uh, forensic tool. And, and also there is an open source option. Uh, it, it is there and the FTK imager, uh, wire shark framework.

There are a lot of tool and depend, I'm selecting me and my team. The tool depend on the case, the setup, the configuration, I. 

Mehmet: Cool. And again, just for, to, to give some lights to, to the audience. So, so we collect these evidences because we want, uh, probably back to the verification and back to, to like, things happen right [00:12:00] now in case the technical incident already happens.

Ahmed, and you did the investigation, right? So what happens next? Like what's the post research and technical verification? 

Ahmed: Uh, first, the purpose of my investigation for the owner or business management is what to open a legal case to, to know what happened and do it and use it in internally because some, some, some organization doesn't like to announce this as a, to, to, to, to, to maintain their repetition and regarding to the confidentiality or business.

Partner, something like that. But in general, I should obtain the evidence in an authorization way, starting to start the investigation. So I am allowed to access this. They give me permission, they give me a letter to do that. Then the evidence, what I collect after my, my doing the in, uh, forensic, it must be clear.

Conclusively and documented with, uh, proof and figures and facts. The evidence must be mapped into the cyber [00:13:00] crime, federal crime here in ue, uh, law number 34. For 2021 year it is, uh, uh, federal law to be applied. So I have to map what I found. Into this low closure, then I advise to contact you authority through the proper channel like Dubai Police, aha, police, whatever he want to take, or he said, no, I don't want to, to to go legal.

I need to give you report for my reference. Then I advise the right for any party to present any, any new. Because I'm listening from one end only, so maybe another end. Have he or she have some proof? No. The manager told me verbal to copy the company file or the budget file into USP and give it to him or to send it to, to him over the WhatsApp.

Is that illegal? Is that not legal? We need to to, to reserve the right for the people [00:14:00] to listen. Finally, as an IT expert, I have to submit a comprehensive report, detailing report with the result and the technique, the investigation, what I did, review all the evidence based on figure facts, screenshot with proof of how it happened because if you do the prosecutor, they will ask how this happen.

Part of the crime. The The losses. Okay. And how it is happening. This is in general. 

Mehmet: So Ahmad, just as small comment also from my side. So as an arbitrator, as an expert, instance expert. So it's like, it's like, uh, how they call yeah, the prosecutor in the, in the, uh, physical ward, let's say. So, so you prepare the case and then it's, uh, up to someone to take it the next steps, like to go to the judge or to the authorities, right, and say, Hey, up to the.

Right, 

Ahmed: right. Okay. Because maybe, maybe the investigation come with, there is nothing happen or [00:15:00] there is no e crime. The guy has the right to do that, and he did so. Right. I cannot map this into the ECR law, so I advise, don't go legal, but you can do administration, you can terminate, you can give a warning letter to the employee, whatever.

But it, you cannot be considered as an ecr, and this has happened to me unfairly. I'm telling the customer, you cannot go legal here. 

Mehmet: Right. Can, can you give us like, some, some examples and case studies, Ahmed maybe, of course, without naming the companies, I understand that probably there would be some, uh, you know, some, some NDAs and something like this.

So, but you know, like just for the normal, I would say listener, uh, or if someone is watching us so they understand like how this goes in practice. 

Ahmed: Yes. Uh, thank you for this question because again and again, people did not consider the cybersecurity and the data privacy unless the incident happened.

Mm-hmm. I'll give you examples here for, for what, what I, I saw across hundreds of [00:16:00] cases. Some company companies don't have any security policy, any HR policy, and the staff didn't sign any NDA non-competition agreement. This level of operation sometimes allow even this. Stuff to bring their own device, plug it to the domain copy, and playing with the company, file company data without any monitoring, without any alerting system.

What did you think could happen for in term of data leakage for such kind of organization? They leave their asset in the street. Mm. Okay. Another company, and I'm always say, data today is a new oil. Data is a asset. Data is the most important asset for the organization. The organization have all server.

They don't, in Preem, they don't want to upgrade. They don't want to update. They don't have backup. They don't have DRC. How do you see asset of such company? They don't want to spend money in it and IT security. Maybe also they allow the [00:17:00] end user to use their personal WhatsApp link to the company PC to make their work process easier.

But this is a big back door for data leakage, even for the company. Have a security team and have a security in place. They have data warehouse, have a lot of security program, but they are not utilized it well. No monitoring. No pre-alert system. No action. No frequently penetration testing going. No auditing to check the compliant.

And the company don't know their enemy because there is a software. Now I can run in to know your enemy. Know who is talking about you in social media. Who is using your logo? Who is disturbing your reputation? This is need a visibility. It's part of security. Also in term of license management and domain renewal, most of the owner or senior management people did not know number of license utilized.

You could pay for thousand license [00:18:00] and you are utilizing only 50 or a hundred. You don't know. Your domain will be expired tomorrow, and all the business and your website and all communication will be down because domain is not renewal. Who that is very important point. Who is responsible for that? It should be clear till the senior management in all level.

And this is, uh, the three example I told you for the company which don't have anything and company have something and did utilize well and the company did not monitoring and the follow and the document, all of the above are the root cause for legal tech incident here. The problem happened. I 

Mehmet: I have a follow up question, which is just came to my mind now.

Um, I think, and because you, you, you were like also leading technology teams as well, so we see this happening and not only in this part of the world, we see it happening everywhere, like just couple of days ago. Like we hear about, like, they keep changing, you know, these [00:19:00] incidents and majority of the time we see it's like.

If you go deep in the root cause, I find, and correct me if I'm wrong, I'm taking European here. Two, two things. So the, I, I would not say lack of knowledge, but again, like lack of awareness, let's call it I, I mean, everyone. And the second one is, and I used to see it before, honestly, when you talk to someone, they tell you, you know what?

Like, yeah, they will not, nothing will happen to us. Yes, we are so small to be targeted, or, you know what, like I cannot convince my management to invest like in, in these technologies. So I, so what's your answer? Because you've been sitting in that chair also before Ahman 

Ahmed: actually, actually, you, you, you don't forget the incident or the attack could happen internally and externally as well.

You say we could be target from external hacker and run somewhere. For example, Fedia virus, whatever. This is from the external. You have to have a perimeter firewall. You have to have a monitoring. [00:20:00] You have to have double layer of security. That is important. Okay. If, especially if you are a public company, but also it's important to take care of that.

Internal data leakage. Your staff, not all your staff have their reality to you. You have to make a security awareness. You have to let the people sign a policy. You have to make test frequently. Test from time to time, and security manager of security team. Or it can send as time email for internal to see the people.

Can can can go in inside and go in this trap or not. And one of the famous cases. Come to me from courts here in ue. Uh, people are receiving an vague email. It seems, it is from the ca, the client or the customer, whatever the same, and transfer the money I'm doing for you some service. So third party hacker, come to spam between our traffic and know my name, send you an email [00:21:00] with my name or look like my name.

Okay. And asking you, uh, MeMed, instead of transfer my fees to my, uh, known bank account in, in Abu Zabi, please transfer it to this bank account in Russell Che, for example. Okay. You have to be careful of that. Why Ahmed do that? Can I call him to us? Unfortunately, some of financial team did not take care of that and go to the trap, direct and transfer to this hacker.

Immediately, the amount and this guy take the money and fly to his country, which is big amount. This is happening and frequently happen. So awareness is very important internally, uh, educated to the people to give education, to give session. About the cybersecurity from, for your internal stuff is IM is not less important, rather than to protect your perimeter and what he's saying about you outside and put your firewall, put your I-B-S-I-D-S, et cetera, et cetera.[00:22:00] 

Mehmet: Cool. Now, what kind of, um, you know, disputes are you seeing nowadays that typically escalate? Um. Or you see like assigned to you to do investigation from different courts, uh, as you are like authorized, listed, the IT expert in all the federal courts here in the ue. So what are we seeing more nowadays? 

Ahmed: Uh, I see the cryptocurrency cases, AI deployment disputes are on top at the top of such assigned cases to me.

In additional social media, people are abused the social media and they don't know. And data leak is definitely, which is either internally or external hacker. This is the four type of of cases. I'm, I'm, I'm, I'm receiving, or I be assigned from different courts across, uh, even Canada, Bahrain, and here. 

Mehmet: Uh, what about the AI Ahmed, are you seeing anything related to ai?

Of course. I can't, I can't have someone now. Yes, 

Ahmed: yes, yes. Uh, [00:23:00] see, MeMed AI now is a trend. People need AI on all level, and, and unfortunately they need ai, but they don't know what you will, they need from ai. AI have, um, procedures. You have to know what I need from ai. Okay. In my business level, in personal level, there are a lot.

AI can help you as your assistant, your personal assistant, to do a lot fast and multitask at the same time. I'm using that. AI can be used for the marketing for a lot of things, but for the business, number one, management should identify the pain area and the. What we need from AI then ask a specialist, people to consult.

And I'm working now, for example, with the construction companies. To use the ai to utilize the AI to let them deliver fast in cost effective way in very accurate, and give them them visibility into what is going on on the site, like, uh, safety and security, material [00:24:00] leakage, whatever the business must identify the pain area and what we need from ai.

Assign an IT expert or a IT expert to tell them to identify what they need, then we can assign the deployment or people to be enabler to do that because it need a lot of infrastructure to be ready. Like data warehouse, data cleaning data, organization integration, uh, API, a lot of things. The cases I'm, I'm facing now, people coming.

I can do for you ai. You don't know what you need from ai. Okay? We will sign contract million Derham. Okay? We sign after some while. What is ai? I pay money. You in Derham to you. You did not deliver any value. Yes sir. We'll see. We will. We are going because of your, are not ready enough. You read. Level is not enough.

We don't have data. Data is not clear. Data is not [00:25:00] structured well. A lot of things. AI is very important to improve the result and let the business grow. But I do advise all AI requester to identify their business need from the AI and the user and IT expert. To work with you as a consultant to guarantee the deliverables from the AI enablers companies who are now become a lot, especially I I, I'm managing three, four cases in Canada, in, in, in such the same level, asking for ai but don't know what exactly AI can do it.

Mehmet: Uh, Ahmad one thing which, you know, I was discussing with someone, especially, you know, like last week was t. We are, see, we are seeing more people putting data, sensitive data in these AI tools, right? What could do go wrong from also an expert perspective, an [00:26:00] arbitrator perspective, also. 

Ahmed: See you, you, you should know that your confidentiality from public ai, like deep seek chat, GBT and other uh, AI platform, your data is not secure enough.

Your data is not with you. But some organization, especially now I'm working with government, some government organization and semi-government, uh, companies as well, asking me. To create their private ai, especially for the local. Okay. For confidentiality for health sector as well, to make the AI data in-house to pro be protected, be used only by their staff, the employee, their client only.

Uh, your data over the AI. The security, the functionality, the, the access to that, it should be considered well, and there is no one size can fit everywhere. It depend into the case and the business case and the need. If you're a public [00:27:00] company, the, and these need to use the ai, definitely it would be a public, if you are a private company or legal affair, uh, department in some organization, some Emirates or country, definitely you need it internally.

It depends. 

Mehmet: That's interesting topic and I think we can discuss it for hours and our, we can, we can 

Ahmed: answer session for this because really, really, it is very excited. 

Mehmet: Yeah. So as we are almost coming to, to the end with you today, Ahmed, like, and before like any, what you would like to, to, to like advise, you know, people who are listening to us today, um, especially, you know, on the business side, on, on, on the technology side also as well.

And of course like my traditional question where people can get in touch, uh, with you. 

Ahmed: Uh, definitely I'm based in Dubai, my office in Dubai, my mobile, my email, you can share it with the audience, with my pleasure. And, um, always it is business. Business is it? Okay? And my advice, my world to the business people to [00:28:00] think technology and to the technology guy is to think business.

Mehmet: That's, uh, great Ahmed, uh, and of course like, uh, I will make sure that also, you know, I'll put links also in my, in my show notes so people maybe can reach out to you directly as well. Thank, I would like to thank you a lot for, you know, the, your contribution today. It's, uh, an honor again for, uh, having you with me.

And this is how I had my episode. This is for the audience. Uh, if you are, uh, just first time listener here, or first time you, you see us, thank you for passing by. I hope you enjoy it. If you did, so please give me a favor and sub, uh, you know, share it and uh, subscribe and if you are one of the people who keeps coming again and again, thank you so much for your support and uh, yeah, I would be looking forward to also have a new episode very soon.

Thank you. Bye-bye. 

Ahmed: Thank you. Bye.