Inside one of the largest hacking conferences in Russia
Hundreds of aspiring hackers in Moscow faced off against one another earliest this week in different challenges.
The event, called Positive Hack Days, is organized by the cybersecurity firm Positive Technologies. More than 4,000 people attended the cybersecurity conference, one of the largest in Russia. It's part discussion forum and part competition.
It takes place in a convention center in downtown Moscow, in the same arena where President Vladimir Putin gives his annual end-of-year press conference. Many of the competitions are focused around potential real-world hacks involving systems that have increasingly attracted attention as being vulnerable to cyberattacks.
In the center of one hall, a miniature model city had been built, made up mostly of critical infrastructure -- a hydroelectric dam, a railway system, a power-station. One task for hackers is to mount cyberattacks on the city’s infrastructure, trying to cause meltdowns or to derail the model trains that zip around the track.
In another event, hackers must try to seize control of a real ATM so that it will give out money; in another they can alter digital thermostats, tricking them into showing reduced usage and lower bills. Another stand replicates the control towers of an atomic power-station.
The competition culminates in “drunk hacking,” essentially a drinking game in which players race one another to break into a system. The slower team has to take a shot of vodka for each losing round.
Russian hackers have acquired an almost mythic status recently, following Russia’s interference campaign in the United States’ 2016 presidential election, where hackers working for Russian intelligence targeted the Democratic National Committee and also probed election infrastructure. At the same time, Russia and former Soviet countries have long been prolific sources of cyber-crime.
The hackers at the Moscow conference are so-called “white-hat” hackers or “ethical hackers,” the white knights of the cyber world, who use their skills to defend against criminals. The purpose of breaking into the ATM, for example, is to test for vulnerabilities which can then be fixed. Some of the hacker teams taking part are from major consultancy companies, such as Deloitte, as well cybersecurity firms. The event is also a place for firms to scout talent.
And there is talent on both sides of the criminal divide in Russia, a result in part of the Soviet legacy of strong engineering and mathematics education.
A study published in February by the anti-virus company McAfee and the Center for Strategy and International Studies (CSIS) described Russia as being the world leader in cybercrime. That position reflects "the skill of its hacker community and its disdain for western law enforcement," the report read, which added "the complex and close relationship between the Russian state and Russian organized crime means that Russia provides a sanctuary for the most advanced cybercriminals, whose attention focuses on the financial sector."
Andrey Kozlov, a 20-year-old computer security student who had flown 1,300 miles from the Siberian city of Tyumen to take part in the event, told ABC News: “I believe that Russian specialists are very in demand around the world.”
Asked what he would like to do when he finishes his studies, Kozlov responded with a laugh, “Russian hacker,” before adding that he would like to work at an audit firm. “For the good of humanity,” he said.News - Inside one of the largest hacking conferences in Russia