On the importance of information security - HackIT 2016 conference report

In the photo, Trojan horses live (yes, they are naked and they could be “tattered”)

HackIT is not just a call to action (hack it), but an annual event dedicated to all issues of information security, which is held in Kharkiv for the second time.

Everyone in this country must learn to program, because it will teach to think

- Steve Jobs
')
If you develop the idea of ​​the creator of Apple, then hacking will teach not only to think, but to think an order of magnitude higher than most programmers.

It so happened that Kharkiv is the historical abode of hackers, and Ukraine, in the opinion of foreign journalists, is cybercrime heaven in general.



Even the savex habraouser , which was engaged in the localization of NeverHood in the shaggy 2000s, knew this.

Our task as organizers is to develop the information security industry in Ukraine and increase people's awareness of the methods and consequences of information wars.

And the most important thing is to convey experience and understanding in a short time - 8 hours. Therefore, we tried to present aspects of such a complex and technical topic as information security, in a simple and understandable language, adding to our speech with illustrative shows and visual effects in order to convey an understanding of the relevance and proximity of the dangers in the current situation in the world.

Therefore, this post is not just a photo report, but a small tour.

In the hall for 500+ people, the first to take the microphone is the “Citizen Topinambur” band with the song “Enter Aichi”, which was not chosen by chance.



While the guys finished drinking the couplets:

We were told in the transfer:
“Live, they say, to surrender”,
Here is such a turn,
Impoverished people around.
And I want the opposite
To summer all year round,
To the white steamer,
And write your javakod.

a group of people in camouflage and machine guns entered the room, as sometimes happens with IT companies in Ukraine, and began to arrest persons acting as speakers.



I even got a call from a couple of friends asking “Is everything OK there?”. This received a slight response in the local media, in fact, like every search that took place in 2016 and 2015. But in fact, these were the guys from the local Paytball Ball Club, so they posed no danger. But the law enforcement agencies, we only want to bring one simple idea:

No need to "kill" the IT business, in which everyone wants to "enter", they work there with their head, not their hands.

Then, perhaps, there will be a dialogue between the authorities and business, as shown in the photo, in the form of a gesture of openness - a handshake.



And these are not pompous words, in this direction we managed to get closer to some of the results, evidenced by people in the form, which can be seen in the photo report, as well as an affirmative response to the invitation letter from the Ukrainian Cyberpolice .



Indeed, in neighboring countries, the cooperation of private companies with state-owned companies is the norm; Nick Belogorsky, one of the headliners of the conference who collaborates with the US government and is the creator of the new generation of antivirus, served as living proof.

Especially paranoid personalities, we said sarcastically: Comrade Major will also be present ...



The conference itself consisted of 3 streams of lectures and practical reports (workshop)

From foreign invited speakers were:

Andrew Auernheimer is a US hacker who spent 12 months in jail for breaking AT & T and Amazon with a Hacktivism report for fame and money.
Alfonso De Gregorio is an EU information security expert who revealed the ethical dilemma of selling zero-day vulnerabilities.
Andrei Avadanei is the founder of Defcamp, Romania, with interesting methods that make it possible not only to secure the system, but also to deanonymize the attacker on the honeypot principle.

In addition to the field of IT, there was a representative of the profession, which in the post-Soviet countries is heard only in jokes and ridicule, namely nuclear physicist Andrew Dodson , with an original theme: “Smart networks are a stupid idea”.



With other, no less interesting personalities, you can meet in absentia on the HackIT website, watch their presentations and video presentations.

Topics of Ukrainian speakers were topical and practical. The director of the cyber-lab uncovered every step made by hackers in breaking into the Transcarpathian power station, an engineer from CERT-UA told about the secret of making a flash drive from the TV series mrRobot, which can “ignite” your computer. In the next room, everybody saw where the miniature camera was hidden and saw firsthand how and where the special services were “drilled through” with their own induction microphones the size of a flea.

Also presented were fascinating studies of the adware shadow market on the Google Play Market, car hijacking vectors, and a backdoor backdoor analysis of the web shell market.



The voiced topics covered various areas of security that do not overlap among themselves, from networks, hardware and websites to power stations, cars and geopolitics.



The forum was not only informative, but also entertaining. Outside the halls where they shared knowledge, there were entertainment zones where everyone could remember their youth or learn history, play on the consoles Dandy and SEGA.

We brought Madagarskar cockroaches, especially for entertainment, the size of a thumb, which hissed threateningly at those who wanted to stroke them, but were tamed by baghunters, researchers of vulnerabilities who know how to find bugs in computer systems and gladly indulge in the excitement (without rates) of the competition of cockroaches on speed. The larger the "bug" was, the slower it was.



In general, who could not attend, can do it virtually. Turn on the video, sit back and twist the mouse in the direction you want to watch.

00:00 Offline CTF
26:50 Opening event
40:45 Andrew Auernheimer
1:02:00 Alfonso De Gregorio
1:23:00 Alexey Yasinsky

In addition to the forum and great speakers, we selected the top 10 best teams of hackers and researchers from 1062 registered teams in the qualifying round, each of which had from 2 to 5 people.


Final scoreboard

In total, more than 5,000 participants from 93 countries of the world participated. Top countries:

• USA, 886 participants
• Ukraine, 695 participants
• Russia, 682 participants

For all the time of the competition, only 458 teams were able to solve at least 1 problem. All teams successfully delivered 8096 FLAGS and 35,000 mistaken attempts to surrender.

It’s worthwhile to describe how we raised the server (64Gb RAM) with sticks and crutches during the first night, how we optimized the bottlenecks of the platform for CTF and other details. And of course there will be a little about the offline part of CTF.



And by the end of the forum, we rewarded everyone with valuable gifts and, so that the guys would not use their skills to the detriment, we would “isolate” them exactly how we would learn in the next article.

PS Not without a series of after-party, after-after-party, etc., but that's another story ...