I recently had the pleasure of taking part in a security conference organized by The Wired in ClubLounge39 in London . What can you learn from hackers? Is it worth attending another conference organized by The Wired? Read the report below.
Let us begin by presenting a view from the windows at ClubLounge39 and evidence that UFOs really do exist:
Thanks to a VIP pass, I could take part in a panel discussion with some of the conference speakers. This was a warm-up, which gave us a general insight into the things companies and services do to keep us all safe. What proved especially memorable was a statement made by vChain’s CEO, Irra Khi: Compared to Israel, Europe is still crawling and putting out fires when they break out. Israel remains a few steps ahead of the threats , because this belongs to their everyday life. The country's geographic location requires the people to protect themselves non-stop. Irra believes that we will keep spending more and more money on our security and that this inflow of funds will only boost the growth of the security services market.
After the breakfast, the main part of the conference followed.
The threat to enterprise - and how to build in resilienceAdrian Nish from BAE Systems presented the ways how hackers act as well as a number of facts that made it possible to link the 2014 attack on Sony Pictures with the attack on the Bangladesh Bank from February 2016 and attribute both two hackers from North Korea. Details of what Nish had to say can be found on WIRED's website, however here is a spoiler for the lazier of you:
The attack has been prepared perfectly. First traces of the hack came from May 2015. Hackers had been penetrating the bank's systems for half a year and waited for the perfect moment to launch their assault . That moment came on Thursday, 4 Feb 2016. Thursday marks the end of the working week in Bangladesh, while Monday was the Chinese New Year. This gave the hackers 4 days to act. Only thanks to the vigilance of the Federal Reserve (where the Bangladesh Bank held its assets), did the hackers steal no more than $81m (their plan was to order wire transfers for a total of $951m).
The talk was moderated by Sadie Cresse, a professor of cyber security at the University of Oxford. Creese discussed the issue of insider threats . An important point of her speech was noticing the fact that nowadays, in the times when everything is linked to one network, not even firewalls can guarantee safety . Everything lies inside and so every threat is now an inside threat. Read more: The cyber threat within: how knowing your staff will protect your business from attack
From predictive intelligence to artificial intelligence and beyondThe best talk in this part of the conference was given by Staffan Truve. He said that the safeguards we add to our systems are like a complicated maze . Each new safeguard proves a new challenge and provokes hackers to try and break them. Read more: Is cybersecurity broken? Building walls won't prevent hacks, predicting the future will
Cameron Colquhoun spoke about the dangers open-source data pose for companies and explained how the data can help in taking over them. He described the phenomenon of stock-doxxing . An unknown company compiles a financial report on a company, e.g. a startup. Newspapers start copying the report without having verified in the first place, and so a lie repeated a hundred times becomes the truth. Prices of the company's shares start dropping, and get sold at a reduced price. When everyone finally realizes they have become victims of a fraud, the prices of the shares witness a rapid growth and someone rejoices at the earned money. Read more: How 'doxing' can destroy your reputation and bring company stocks to their knees
Dave Palmer from Darktrace spoke about the threats posed by the Internet of Things as well as the way how to handle them. Innovations introduced by manufacturers, unfortunately, do not go hand in hand with proper security measures for their equipment. It may soon turn out that devices present in our households e.g. routers or network drives are parts of a botnet and take part in illicit activity, for instance, DNS attacks. Read more: AI will 'supercharge' cyberattacks. Meet the cyber defenders standing in its way
What we can learn from hackersThis was the panel I had waited for the most because of the reversed "black-hats". The discussion began with a talk delivered by probably the most colorful figure present at the conference. The guy I have in mind is Jamie Woodruff . Suffering from autism, dyslexia and dyspraxia, Jamie has been hacking ever since he turned 9. Now, that is a truly explosive mix. He is the one who hacked Kim Kardashian.
His talk discussed how he hacks without using a computer. I will not go on and summarize his talk right here, as I think it is more than worth it to read the summary prepared by WIRED: Jamie Woodruff 'hacked' Kim Kardashian and he'll hack your company for a fee .
The next speaker was Mustafa Al-Bassam, member of LulzSec (not the one, who turned out to be an FBI informant). When he was 16 (born in 1995!), he and his friends hacked the FBI's website . The subject of his talk was transparency and the ways companies should communicate hacks to the public . Al-Bassam emphasized that under no circumstances should hacks be concealed, just as it was done by Yahoo. Mustafa believes that it is worth to insure yourself against the effects of hacker attacks (I had no idea such insurances existed!). Read more: What Yahoo can learn from LulzSec: reformed hacker reveals why transparency is key
The last talk in this category was delivered by Alex Rice from HackerOne. He presented evidence on why companies should hire hackers . He tried to convince his audience that each company should use a "bug-bounty" program and pay hackers for security gaps they find in the company's systems. Interestingly enough, the US Department of Defense uses its own bug-bounty, thanks to which they reported 138 security gaps with the first one reported 13 minutes after the program had been launched. Read more: If you can't beat them, get them to join you: why all companies should hire hackers
Tackling cybercrime and criminal gangs Later the time had come for another interesting panel. This one was commenced by Moty Cristal, a professional negotiator. He showed the participants how to negotiate ransom hackers dem
