Disobey - Hackers welcome!
A gathering of hackers called Disobey took place in Helsinki 13.-14.1. 2017. Last year I couldn’t attend because the tickets were sold out, but this year I made sure that I got a ticket by solving the ticket puzzle, which allowed purchasing a ticket before they were officially available. Disobey can be summarized as an event organized by hackers to other hackers. But what is a hacker? Nerdy? Perhaps. Technically savvy? Usually. Interested in exploring and expanding the limits of technical systems and gaining more knowledge? Definitely.
Most of the people were adults working in IT sector, although not everyone. There were some well-known names presenting like Mikko Hyppönen from F-Secure and Mårten Mickos, CEO of HackerOne. And then there was a huge amount of other interesting people who know a lot about technology and were also willing to share their thoughts and knowledge. So it was a get-together and a learning event. And great fun.
This time around there were sponsors, and Solita was one of the Disobey sponsors. I think the deal worked quite well - the sponsors didn’t get stage time to give boring business pitches, but they got a chance to help the community and potentially recruit people and make contacts. The community is grateful, I think. From our perspective, we don’t work in the security business as such, but we certainly want to build good software and eliminate security flaws. And we will gladly hire “hackers” (in a wider sense of the word) if they decide to work for us. The best can’t be recruited directly, but they can be wooed.
As an example of the hacker spirit we value, my colleague Timo Mihaljov made a raytracer in MUMPS (yes, a very SPECIAL language..) just because we put up a non-serious developer challenge. No money involved, nothing to do with our core business, but everything to do with the hacker spirit.
As taking photos was not allowed in the event, I do not have much to share, but among the interesting topics I discussed with people among the weekend were things like:
- How PriveCall allows making fully encrypted phone calls, capable of resisting even state-level adversaries.
- How to break into a safe (I knew the theory, but for the first time I had a chance to try out it in practice).
- How to do real-time network traffic analysis.
- How Wifi networks are fundamentally insecure, and can be exploited using Wifi Pineapple.
- How Wifi Pineapple itself is not completely secure and the log files are exposed to other people, see WipeScanner.
Events like Disobey are perfect for expanding your knowledge on such topics, which may not be part of your everyday job. For people who are driven by things like money and business opportunities, Disobey might have been a disappointment.
The benefit of teaching security and hacking skills
There were two hacking workshops in the event - the other one was organized by Donnie Werner and the other one was organized by me and my colleagues. The workshops were beginner level stuff, which can be easily found on the internet. It is a good thing to consider who you teach lock picking or any other potentially harmful skills to, but criminals do not pick locks. They break the door or the window. And cyber criminals do not seek understanding, they seek money.
I believe that it’s a good thing if everyone involved in IT and software understands the fundamentals of information security as many attacks and problems are caused by lack of knowledge and very basic mistakes. Once you know the fundamentals, you are much better prepared to defend yourself against random wannabe-cybercriminals and script kiddies. Doing the actual hacking seems to be more efficient than just listening to lectures.
A security conscious developer
We have previously blogged about DevSec - about the need for developers to understand security. The Software security doesn’t improve by bringing some expert to the project just before deployment to do penetration testing. It has to be built in. And this is what it looks like when you are doing that.
If you found yourself in the middle of that, what better place to be during the weekend than Disobey? For the workdays we might have some open jobs for you.
