Hackers from across Europe flocked to Geneva on Saturday, not to play havoc with Swiss computers, but to test their ethical hacking skills.
The sixth annual Insomni’hack ethical hacking competition, organized by information technology (IT) security firm SCRT, drew more than 300 hackers who battled for hours to solve a range of fiendish computer security challenges.
“This is essentially to have fun and learn,” Oriol Carreras, 32, from Barcelona said.
He hopes Seoul and Moscow — hotbeds of hacking on both sides of the law — might be the location for future competitions.
Attendees faced “about 30 tests in almost all security areas,” SCRT founder Paul Such said.
“People have to try to connect to a Web site without the user’s name and password; enter a file without the decoding key; intercept communications and read the content of these communications,” he said.
This year saw participants from Ukraine, Spain, Germany, France and other countries.
Three of the best hacking teams in the world were present, including the winners of another famed competition, “Dragon Sector,” who are mostly from Poland.
The Geneva competition is held for fun, but many of the competitors make a living from their hobby.
“Our core business activity is ethical hacking, which means testing companies’ security lapses and using the same tricks that ill-intentioned hackers would use, with the difference that we work under contract,” Such said.
There is serious money to be earned from uncovering security gaps for major Internet firms, said Frenchman Nicolas Gregoire, who has previously spotted vulnerabilities in the software of both Yahoo and Oracle.
The revelations leaked by former US National Security Agency contractor Edward Snowden last year that governments were breaking into Internet companies on a massive scale has only boosted the demand for “ethical hackers” who can help build stronger protections.
“Governments have turned the Internet into a massive surveillance machine,” said Finland’s Mikko Hypponen, one of the world’s foremost experts on IT security. “We had a utopia and we lost this utopia.”
However, Hypponen sees the real enemy elsewhere.
“What most occupies us in labs now is still the criminals,” he said, adding that phishing viruses are now infecting everything from mobile phones to television, cars and even refrigerators.
“For example, we’re receiving 1,500 new viruses for Android a day,” Axelle Apvrille, who analyses the viruses for Fortinet, a US company that specializes in network security appliances.
Given the scale of the challenge, and the ever-shifting threat, he encourages everyone to install anti-virus software rather than rely on the ability of police to keep up with cybercriminals.
“It is hard to know where they are. My guess is most of them operate from Russia, Ukraine and more generally speaking Asia, but they are always hard to locate, and hard to prove,” he said. “Viruses generally are only active a very short period of time, between two weeks and three months.”