GENEVA – Hackers from across Europe flocked to Geneva this weekend, not to play havoc with Swiss computers but to test their ethical hacking skills.
The sixth annual Insomni’hack ethical hacking competition, organized by IT security firm SCRT, drew over 300 hackers who battled for hours to solve a range of fiendish computer security challenges.
“This is essentially to have fun and learn,” 32-year-old Oriol Carreras from Barcelona told AFP. He hopes Seoul and Moscow — hotbeds of hacking on both sides of the law — might be the location for future competitions.
Attendees faced “about 30 tests in almost all security areas”, SCRT founder Paul Such told AFP.
“People have to try to connect to a website without the user’s name and password; enter a file without the decoding key; intercept communications and read the content of these communications.”
This year saw participants from Ukraine, Spain, Germany, France and other countries. Three of the best hacking teams in the world were present, including the winners of another famed competition, “Dragon Sector”, who are mostly from Poland.
The Geneva competition is held for fun, but many of the competitors make a living from their hobby.
“Our core business activity is ethical hacking, which means testing companies’ security lapses and using the same tricks that ill-intentioned hackers would use, with the difference that we work under contract,” said Such.
There is serious money to be earned from uncovering security gaps for major internet firms, said Frenchman Nicolas Gregoire, who has previously spotted vulnerabilities in the software of both Yahoo! and Oracle.
“If you are a company that markets software, opens a website and a hacker shows you a hole he found in your product, you will pay him,” added Such.
The revelations leaked by former US National Security Agency contractor Edward Snowden last year that governments were breaking into Internet companies on a massive scale has only boosted the demand for “ethical hackers” who can help build stronger protections.
“Governments have turned the Internet into a massive surveillance machine,” said Finland’s Mikko Hypponen, one of the world’s foremost experts on IT security. “We had a utopia and we lost this utopia.”
But Hypponen sees the real enemy elsewhere.
“What most occupies us in labs now is still the criminals,” he said, adding that phishing viruses are now infecting everything from mobile phones to television, cars and even refrigerators.
“For example, we’re receiving 1,500 new viruses for Android a day,” Axelle Apvrille, who analyses the viruses for Fortinet, a US company that specialises in network security appliances.
Given the scale of the challenge, and the ever-shifting threat, he encourages everyone to install anti-virus software rather than rely on the ability of police to keep up with cybercriminals.
“It’s hard to know where they are. My guess is most of them operate from Russia, Ukraine, and more generally speaking Asia, but they are always hard to locate, and hard to prove.
“Viruses generally are only active a very short period of time, between two weeks and three months.”